feat(sys-ctl-hlth-csp): add support for ignoring network block domains

Introduced new variable HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM (list, default []) to suppress network block reports (e.g., ORB) from specific external domains. Updated script.py to accept and forward the flag, extended systemd exec command in tasks, added defaults, and documented usage in README. Ref: https://chatgpt.com/share/68dfc69b-7c94-800f-871b-3525deb8e374
2025-10-10 10:48:10 +02:00 · 2025-10-03 15:23:57 +02:00
parent a327adf8db
commit 59b652958f
4 changed files with 56 additions and 6 deletions
--- a/roles/sys-ctl-hlth-csp/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-csp/tasks/01_core.yml
@@ -18,6 +18,11 @@
    system_service_timer_enabled:         true
    system_service_tpl_on_failure:        "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_tpl_timeout_start_sec: "{{ CURRENT_PLAY_DOMAINS_ALL | timeout_start_sec_for_domains }}"
-    system_service_tpl_exec_start:        "{{ system_service_script_exec }} --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}"
+    system_service_tpl_exec_start: >-
+      {{ system_service_script_exec }}
+      --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}
+      {%- if HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM | length > 0 -%}
+      --ignore-network-blocks-from {{ HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM | join(' ') }}
+      {%- endif -%}

 - include_tasks: utils/run_once.yml