Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Actually install the nftable template file.

Browse source 
Signed-off-by: James Antill <james@and.org>
This commit is contained in:
James Antill 2025-03-03 14:42:00 -05:00 committed by kevin
parent b322316be5
commit 4fac049b6a
3 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
handlers/restart_services.yml
View file

@ -26,6 +26,9 @@
- name: Restart iptables - name: Restart iptables
action: service name=iptables state=restarted action: service name=iptables state=restarted
- name: Restart nftables
action: service name=nftables state=restarted
- name: Restart ip6tables - name: Restart ip6tables
action: service name=ip6tables state=restarted action: service name=ip6tables state=restarted

3
roles/base/handlers/main.yml
View file

@ -9,6 +9,9 @@
- name: Restart iptables - name: Restart iptables
service: name=iptables state=restarted service: name=iptables state=restarted
- name: Restart nftables
service: name=nftables state=restarted
- name: Restart ip6tables - name: Restart ip6tables
service: name=ip6tables state=restarted service: name=ip6tables state=restarted

23
roles/base/tasks/main.yml
View file

@ -218,6 +218,29 @@
- config - config
- base - base
- name: Nftables
ansible.builtin.template:
src: "{{ item }}"
dest: /etc/sysconfig/nftables.conf
mode: '0600'
validate: "/sbin/nft --check --file %s"
with_first_found:
- nftables/nftables.{{ datacenter }}
- nftables/nftables.{{ inventory_hostname }}
- nftables/nftables.{{ host_group }}
- nftables/nftables.{{ env }}
- nftables/nftables
when:
- baseiptables|bool
- nftables
notify:
- Restart nftables
- Reload libvirtd
tags:
- iptables
- config
- base
- name: Iptables service enabled - name: Iptables service enabled
service: name=iptables state=started enabled=true service: name=iptables state=started enabled=true
tags: tags: