diff --git a/firewalld/defaults.yaml b/firewalld/defaults.yaml index 5c00c0d..bbabd6e 100644 --- a/firewalld/defaults.yaml +++ b/firewalld/defaults.yaml @@ -1,19 +1,18 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- -default: - firewalld: - enabled: true - package: firewalld - service: firewalld - config: /etc/firewalld.conf +firewalld: + enabled: true + package: firewalld + service: firewalld + config: /etc/firewalld.conf - ipset: - manage: false - pkg: ipset + ipset: + manage: false + pkg: ipset - backend: - manage: false - pkg: nftables + backend: + manage: false + pkg: nftables - ipsets: {} + ipsets: {} diff --git a/firewalld/map.jinja b/firewalld/map.jinja index 4b952f6..f25fb36 100644 --- a/firewalld/map.jinja +++ b/firewalld/map.jinja @@ -3,18 +3,28 @@ {#- Start with defaults from defaults.yaml #} {% import_yaml "firewalld/defaults.yaml" as default_settings %} +{% import_yaml "firewalld/osarchmap.yaml" as osarchmap %} {% import_yaml "firewalld/osfamilymap.yaml" as osfamilymap %} +{% import_yaml "firewalld/osmap.yaml" as osmap %} +{% import_yaml "firewalld/osfingermap.yaml" as osfingermap %} -{% set platform_defaults = salt['grains.filter_by'](default_settings, - default='default', - merge=salt['grains.filter_by'](osfamilymap, grain='os_family', - merge=salt['pillar.get']('firewalld:lookup') +{% set _config = salt['config.get']('firewalld', default={}) %} + +{% set defaults = salt['grains.filter_by'](default_settings, + default='firewalld', + merge=salt['grains.filter_by'](osarchmap, grain='osarch', + merge=salt['grains.filter_by'](osfamilymap, grain='os_family', + merge=salt['grains.filter_by'](osmap, grain='os', + merge=salt['grains.filter_by'](osfingermap, grain='osfinger', + merge=salt['grains.filter_by'](_config, default='lookup') + ) + ) + ) ) ) %} -{#- Merge in salt:lookup pillar #} -{% set firewalld = salt['pillar.get']( - 'firewalld', - default=platform_defaults.firewalld, - merge=True) -%} +{% set firewalld = salt['grains.filter_by']( + {'defaults': defaults}, + default='defaults', + merge=_config +) %} diff --git a/firewalld/osarchmap.yaml b/firewalld/osarchmap.yaml new file mode 100644 index 0000000..ab3bc1f --- /dev/null +++ b/firewalld/osarchmap.yaml @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +# +# Setup variables using grains['osarch'] based logic. +# You just need to add the key:values for an `osarch` that differ +# from `defaults.yaml`. +# Only add an `osarch` which is/will be supported by the formula. +# +# If you do not need to provide defaults via the `osarch` grain, +# you will need to provide at least an empty dict in this file, e.g. +# osarch: {} +--- +amd64: + arch: amd64 + +x86_64: + arch: amd64 + +386: + arch: 386 + +arm64: + arch: arm64 + +armv6l: + arch: armv6l + +armv7l: + arch: armv7l + +ppc64le: + arch: ppc64le + +s390x: + arch: s390x diff --git a/firewalld/osfamilymap.yaml b/firewalld/osfamilymap.yaml index 810a01c..1c3c6ff 100644 --- a/firewalld/osfamilymap.yaml +++ b/firewalld/osfamilymap.yaml @@ -1,13 +1,33 @@ # -*- coding: utf-8 -*- -# # vim: ft=yaml -# os_family defaults -# only add key:values here that differ from whats in defaults.yaml +# vim: ft=yaml +# +# Setup variables using grains['os_family'] based logic. +# You just need to add the key:values for an `os_family` that differ +# from `defaults.yaml` + `osarch.yaml`. +# Only add an `os_family` which is/will be supported by the formula. +# +# If you do not need to provide defaults via the `os_family` grain, +# you will need to provide at least an empty dict in this file, e.g. +# osfamilymap: {} --- -Debian: - firewalld: {} -RedHat: - firewalld: {} -Arch: - firewalld: {} -Suse: - firewalld: {} +Debian: {} + +RedHat: {} + +Suse: {} + +Gentoo: {} + +Arch: {} + +Alpine: {} + +FreeBSD: {} + +OpenBSD: {} + +Solaris: {} + +Windows: {} + +MacOS: {} diff --git a/firewalld/osfingermap.yaml b/firewalld/osfingermap.yaml new file mode 100644 index 0000000..090e844 --- /dev/null +++ b/firewalld/osfingermap.yaml @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +# +# Setup variables using grains['osfinger'] based logic. +# You just need to add the key:values for an `osfinger` that differ +# from `defaults.yaml` + `osarch.yaml` + `os_family.yaml` + `osmap.yaml`. +# Only add an `osfinger` which is/will be supported by the formula. +# +# If you do not need to provide defaults via the `os_finger` grain, +# you will need to provide at least an empty dict in this file, e.g. +# osfingermap: {} +--- +# os: Debian +Debian-10: {} +Debian-9: {} +Debian-8: {} + +# os: Ubuntu +Ubuntu-18.04: {} +Ubuntu-16.04: {} + +# os: Fedora +Fedora-31: {} +Fedora-30: {} + +# os: CentOS +CentOS Linux-8: {} +CentOS Linux-7: {} +CentOS-6: {} + +# os: Amazon +Amazon Linux-2: {} +Amazon Linux AMI-2018: {} + +# os: SUSE +Leap-15: {} + +# os: FreeBSD +FreeBSD-12: {} + +# os: Windows +Windows-8.1: {} + +# os: Gentoo +Gentoo-2: {} diff --git a/firewalld/osmap.yaml b/firewalld/osmap.yaml new file mode 100644 index 0000000..de11a67 --- /dev/null +++ b/firewalld/osmap.yaml @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +# +# Setup variables using grains['os'] based logic. +# You just need to add the key:values for an `os` that differ +# from `defaults.yaml` + `osarch.yaml` + `os_family.yaml`. +# Only add an `os` which is/will be supported by the formula. +# +# If you do not need to provide defaults via the `os` grain, +# you will need to provide at least an empty dict in this file, e.g. +# osmap: {} +--- +# os_family: Debian +Ubuntu: {} +Raspbian: {} + +# os_family: RedHat +Fedora: {} +CentOS: {} +Amazon: {} + +# os_family: Suse +SUSE: {} +openSUSE: {} + +# os_family: Gentoo +Funtoo: {} + +# os_family: Arch +Manjaro: {} + +# os_family: Solaris +SmartOS: {}