Changed name

2026-04-23 17:06:10 -07:00
parent 46eca701a5
commit aba01d883c
1 changed files with 0 additions and 0 deletions
--- a/playbooks/opensense_manage.yml
+++ b/playbooks/opensense_manage.yml
@@ -1,82 +0,0 @@
---
- name: OPNsense Advanced MSP Management
-  hosts: firewalls
-  gather_facts: false
-  vars:
-    # Managed via Semaphore Environment Variables or group_vars
-    admin_accounts:
-      - { name: "msp_admin", pwd: "{{ vault_msp_admin_password }}", groups: ["admins"], state: "present" }
-      - { name: "decommissioned_user", state: "absent" } # Auto-purges old accounts
-
-    critical_services: ["unbound", "dhcpd", "configd"]
-    expected_interfaces:
-      - { device: "wan", speed: "1000" }
-      - { device: "lan", speed: "1000" }
-
-  tasks:
-    # --- TASK: BACKUP ---
-    - name: Export configuration
-      ansibleguy.opnsense.system_backup:
-        destination: "./backups/{{ inventory_hostname }}.xml"
-      tags: backup
-
-    # --- TASK: UPDATES ---
-    - name: Check firmware status
-      ansibleguy.opnsense.firmware_info:
-      register: fw_info
-      tags: upgrade_check
-
-    - name: Apply updates if reboot is required
-      ansibleguy.opnsense.firmware:
-        upgrade: true
-        reboot: true
-      when: fw_info.needs_reboot | default(false)
-      tags: upgrade_apply
-
-    # --- TASK: MONITORING ---
-    - name: Audit critical services
-      ansibleguy.opnsense.service:
-        name: "{{ item }}"
-        state: started
-      loop: "{{ critical_services }}"
-      tags: monitoring
-
-    - name: Audit SSL certificates
-      ansibleguy.opnsense.certificate_info:
-      register: cert_info
-      tags: monitoring
-
-    - name: Alert on expiring certs
-      debug:
-        msg: "CERT WARNING: {{ item.descr }} expires in {{ item.enddate_days }} days"
-      loop: "{{ cert_info.certificates }}"
-      when: item.enddate_days | int < 30
-      tags: monitoring
-
-    # --- TASK: AUDIT ---
-    - name: Verify interface link state
-      ansibleguy.opnsense.interface_info:
-      register: int_info
-      tags: audit
-
-    - name: Fail if interface is DOWN
-      assert:
-        that: "int_info.interfaces[item.device].status == 'up'"
-        fail_msg: "ALERT: Interface {{ item.device }} is DOWN!"
-      loop: "{{ expected_interfaces }}"
-      tags: audit
-
-    # --- TASK: USER/SETTINGS MANAGEMENT ---
-    - name: Manage Admin Accounts
-      ansibleguy.opnsense.user:
-        name: "{{ item.name }}"
-        password: "{{ item.pwd | default(omit) }}"
-        groups: "{{ item.groups | default(omit) }}"
-        state: "{{ item.state | default('present') }}"
-      loop: "{{ admin_accounts }}"
-      tags: users
-
-    - name: Apply Granular Settings
-      ansibleguy.opnsense.system_settings:
-        settings: "{{ opnsense_custom_settings }}"
-      tags: settings