Enable IPv6 nftables.

Signed-off-by: James Antill <james@and.org>

roles/base/tasks/main.yml

@@ -218,10 +218,10 @@
   - config
   - base
 
-- name: Nftables
+- name: Nftables ipv4
   ansible.builtin.template:
     src: "{{ item }}"
-    dest: /etc/sysconfig/nftables.conf
+    dest: /etc/nftables/fedora-infra-ipv4.nft
     mode: '0600'
     validate: "/sbin/nft --check --file %s"
   with_first_found:
@@ -290,6 +290,48 @@
   - config
   - base
 
+- name: Nftables ipv6
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: /etc/nftables/fedora-infra-ipv6.nft
+    mode: '0600'
+    validate: "/sbin/nft --check --file %s"
+  with_first_found:
+    - nftables/nftables-ipv6.{{ datacenter }}
+    - nftables/nftables-ipv6.{{ inventory_hostname }}
+    - nftables/nftables-ipv6.{{ host_group }}
+    - nftables/nftables-ipv6.{{ env }}
+    - nftables/nftables-ipv6
+  when:
+  - baseiptables|bool
+  - nftables
+  notify:
+  - Restart nftables
+  - Reload libvirtd
+  tags:
+  - ip6tables
+  - config
+  - base
+
+- name: Nftables sysconfig
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: /etc/sysconfig/nftables.conf
+    mode: '0600'
+    validate: "/sbin/nft --check --file %s"
+  with_first_found:
+    - nftables/sysconfig.conf
+  when:
+  - baseiptables|bool
+  - nftables
+  notify:
+  - Restart nftables
+  - Reload libvirtd
+  tags:
+  - iptables
+  - config
+  - base
+
 - name: Ip6tables service enabled
   service: name=ip6tables state=started enabled=true
   tags:

roles/base/templates/nftables/sysconfig.conf

@@ -0,0 +1,12 @@
+# Uncomment the include statement here to load the default config sample
+# in /etc/nftables for nftables service.
+
+#include "/etc/nftables/main.nft"
+
+include "/etc/nftables/fedora-infra-ipv4.nft"
+
+include "/etc/nftables/fedora-infra-ipv6.nft"
+
+# To customize, either edit the samples in /etc/nftables, append further
+# commands to the end of this file or overwrite it after first service
+# start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.