Actually install the nftable template file.

Signed-off-by: James Antill <james@and.org>

handlers/restart_services.yml

@@ -26,6 +26,9 @@
 - name: Restart iptables
   action: service name=iptables state=restarted
 
+- name: Restart nftables
+  action: service name=nftables state=restarted
+
 - name: Restart ip6tables
   action: service name=ip6tables state=restarted
 

roles/base/handlers/main.yml

@@ -9,6 +9,9 @@
 - name: Restart iptables
   service: name=iptables state=restarted
 
+- name: Restart nftables
+  service: name=nftables state=restarted
+
 - name: Restart ip6tables
   service: name=ip6tables state=restarted
 

roles/base/tasks/main.yml

@@ -218,6 +218,29 @@
   - config
   - base
 
+- name: Nftables
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: /etc/sysconfig/nftables.conf
+    mode: '0600'
+    validate: "/sbin/nft --check --file %s"
+  with_first_found:
+    - nftables/nftables.{{ datacenter }}
+    - nftables/nftables.{{ inventory_hostname }}
+    - nftables/nftables.{{ host_group }}
+    - nftables/nftables.{{ env }}
+    - nftables/nftables
+  when:
+  - baseiptables|bool
+  - nftables
+  notify:
+  - Restart nftables
+  - Reload libvirtd
+  tags:
+  - iptables
+  - config
+  - base
+
 - name: Iptables service enabled
   service: name=iptables state=started enabled=true
   tags: