IDH - Initial firewall support

salt/firewall/assigned_hostgroups.map.yaml

@@ -660,6 +660,10 @@ role:
           anywhere:
             portgroups:
               - {{ portgroups.ssh }}
+            {% set idh_services = salt['pillar.get']('idh:services', []) %}
+            {% for service in idh_services %}
+              - {{ portgroups.service }}
+            {% endfor %}
           dockernet:
             portgroups:
               - {{ portgroups.all }}

salt/firewall/portgroups.yaml

@@ -48,6 +48,15 @@ firewall:
       fleet_webui:
         tcp:
           - 443
+      ftp:
+        tcp:
+          - 21
+      git:
+        tcp:
+          - 9418
+      http:
+        tcp:
+          - 80
       influxdb:
         tcp:
           - 8086

salt/idh/defaults/http.defaults.yaml

@@ -2,7 +2,7 @@ idh:
   opencanary:
     config:
       http.banner: Apache/2.2.22 (Ubuntu)
-      http.enabled: false
+      http.enabled: true
       http.port: 80
       http.skin: nasLogin
       http.skin.list:

salt/idh/opencanary_config.map.jinja

@@ -1,2 +1,9 @@
-{% import_yaml 'idh/defaults.yml' as OPENCANARYCONFIG with context %}
+{% set idh_services = salt['pillar.get']('idh:services', []) %}
+
+{% import_yaml "idh/defaults/defaults.yaml" as OPENCANARYCONFIG with context %}
+{% for service in idh_services %}
+      {% import_yaml "idh/defaults/" ~ service ~ ".defaults.yaml" as SERVICECONFIG with context %}
+      {% do salt['defaults.merge'](OPENCANARYCONFIG, SERVICECONFIG, in_place=True) %}
+{% endfor %}
+
 {% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=OPENCANARYCONFIG.idh.opencanary.config, merge=True) %}