From 50d04f6e95199849d6bd7bf0adff74c6afadd932 Mon Sep 17 00:00:00 2001
From: James Antill <james@and.org>
Date: Mon, 31 Mar 2025 09:44:44 -0400
Subject: [PATCH] Remove nftables cron and disable service, when using iptables
 (for backout).

Signed-off-by: James Antill <james@and.org>
---
 roles/base/tasks/main.yml         | 10 ++++++++++
 roles/koji_builder/tasks/main.yml |  7 +++++++
 2 files changed, 17 insertions(+)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 65f5ad9ba0..5c224e5787 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -271,6 +271,16 @@
   - baseiptables|bool
   - nftables
 
+- name: Nftables service disabled
+  service: name=nftables state=started enabled=false
+  tags:
+  - iptables
+  - service
+  - base
+  when:
+  - baseiptables|bool
+  - not nftables
+
 - name: Ip6tables
   ansible.builtin.template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
   with_first_found:
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index bae89e97da..05fdbb0e98 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -415,6 +415,13 @@
   - koji_builder
   - koji_builder/osbuildapi
 
+- name: Remove cron job to run osbuild api ip update script every minute. (nftables)
+  ansible.builtin.file: path=/etc/cron.d/osbuildapi-update-nft.cron state=absent
+  when: not nftables
+  tags:
+  - koji_builder
+  - koji_builder/osbuildapi
+
 - name: Create override dir for systemd-nspawn containers config
   ansible.builtin.file:
     state: directory