From 3e2e68fbd023d22fd69a5a339425087e83eeeadd Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 24 Feb 2023 14:24:47 -0500
Subject: [PATCH] custom hostgroups in soc

---
 salt/firewall/{ => soc}/defaults_soc_firewall.yaml | 0
 salt/firewall/soc/init.sls                         | 5 +++++
 salt/firewall/soc/soc.map.jinja                    | 2 ++
 salt/firewall/soc/soc_firewall.yaml.jinja          | 1 +
 4 files changed, 8 insertions(+)
 rename salt/firewall/{ => soc}/defaults_soc_firewall.yaml (100%)
 create mode 100644 salt/firewall/soc/init.sls
 create mode 100644 salt/firewall/soc/soc.map.jinja
 create mode 100644 salt/firewall/soc/soc_firewall.yaml.jinja

diff --git a/salt/firewall/defaults_soc_firewall.yaml b/salt/firewall/soc/defaults_soc_firewall.yaml
similarity index 100%
rename from salt/firewall/defaults_soc_firewall.yaml
rename to salt/firewall/soc/defaults_soc_firewall.yaml
diff --git a/salt/firewall/soc/init.sls b/salt/firewall/soc/init.sls
new file mode 100644
index 000000000..2530606cc
--- /dev/null
+++ b/salt/firewall/soc/init.sls
@@ -0,0 +1,5 @@
+soc_firewall_yaml:
+  file.managed:
+    - name: /opt/so/saltstack/local/salt/firewall/soc_firewall.yaml
+    - source: salt://firewall/soc/soc_firewall.yaml.jinja
+    - template: jinja
diff --git a/salt/firewall/soc/soc.map.jinja b/salt/firewall/soc/soc.map.jinja
new file mode 100644
index 000000000..cd3fa0401
--- /dev/null
+++ b/salt/firewall/soc/soc.map.jinja
@@ -0,0 +1,2 @@
+{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
+{% set SOC_FIREWALL = salt['pillar.get'}('firewall:custom_groups:groups', DEFAULT_SOC_FIREWALL.firewall.hostgroups, merge=True) %}
diff --git a/salt/firewall/soc/soc_firewall.yaml.jinja b/salt/firewall/soc/soc_firewall.yaml.jinja
new file mode 100644
index 000000000..916fd83d1
--- /dev/null
+++ b/salt/firewall/soc/soc_firewall.yaml.jinja
@@ -0,0 +1 @@
+{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL %}