From 0e5d83a32ea54b6f8e5d5c3635dac496ae5ac993 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o?= <theo@le-filament.com>
Date: Mon, 26 Sep 2022 18:30:01 +0200
Subject: [PATCH] fix all error when groups are missing

---
 templates/iptables.conf.j2 | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 086270f..2e2a1b6 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -3,14 +3,14 @@
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT DROP [0:0]
-{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %}
+{% if inventory_hostname in groups.docker_elk | default([]) %}
 :DOCKER-USER - [0:0]
 {% endif %}
 :LOGGING - [0:0]
-{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %}
+{% if inventory_hostname in groups.docker_elk | default([]) %}
 ## DOCKER-USER chain
 # Autoriser les logs entrants des serveurs en maintenance
-{% for host in groups.full_maintenance %}
+{% for host in groups.full_maintenance | default([]) %}
 -A DOCKER-USER -s {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endfor %}
 -A DOCKER-USER -p tcp -m tcp --dport {{ logstash_port }} -j LOGGING
@@ -22,29 +22,29 @@
 -A INPUT -i lo -j ACCEPT
 # ICMP (Ping)
 -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-{% if inventory_hostname in groups.docker_nagios %}
+{% if inventory_hostname in groups.docker_nagios | default([]) %}
 -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
 {% endif %}
 # SSH
 -A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
-{% if inventory_hostname in groups.gitlab %}
+{% if inventory_hostname in groups.gitlab | default([]) %}
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # REGISTRY
 -A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT
 {% endif %}
 # WEB
-{% if inventory_hostname in groups.odoo_server | union(groups.owncloud_server) | union(groups.gitlab) %}
+{% if inventory_hostname in groups.odoo_server | default([]) | union(groups.owncloud_server | default([])) | union(groups.gitlab | default([])) %}
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 {% endif %}
-{% if 'docker_gitlab' in groups and inventory_hostname in groups.docker_nagios %}
+{% if inventory_hostname in groups.docker_nagios | default([]) %}
 -A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endif %}
 # NRPE
-{% for host in groups.docker_nagios %}
+{% for host in groups.docker_nagios | default([]) %}
 -A INPUT -s {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endfor %}
-{% if inventory_hostname in groups.docker_nagios %}
+{% if inventory_hostname in groups.docker_nagios | default([]) %}
 -A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endif %}
 {% if inventory_hostname == "CGScop" %}
@@ -61,7 +61,7 @@
 -A OUTPUT -o lo -j ACCEPT
 # ICMP (Ping)
 -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
-{% if inventory_hostname in groups.docker_nagios %}
+{% if inventory_hostname in groups.docker_nagios | default([]) %}
 -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
 {% endif %}
 {% if inventory_hostname == "ICCFinance_Pilotage" %}
@@ -72,14 +72,14 @@
 -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
 {% endif %}
 -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
-{% for host in groups.gitlab | union(groups.docker_gitlab | default([])) %}
+{% for host in groups.gitlab | default([]) | union(groups.docker_gitlab | default([])) %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
 {% endfor %}
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-{% if inventory_hostname in groups.gitlab %}
+{% if inventory_hostname in groups.gitlab | default([]) %}
 # Plesk WebHooks
 -A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT
 {% endif %}
@@ -98,14 +98,14 @@
 -A OUTPUT -p udp -m udp --dport 67 -j ACCEPT
 # GPG
 -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
-{% if inventory_hostname in groups.full_maintenance %}
+{% if inventory_hostname in groups.full_maintenance | default([]) %}
 # Log Server
 {% for host in groups.docker_elk | default([]) %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endfor %}
 -A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endif %}
-{% if inventory_hostname in groups.odoo_server %}
+{% if inventory_hostname in groups.odoo_server | default([]) %}
 # IMAP
 -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
 {% endif %}
-- 
GitLab