Extract nftables into its own role
This commit is contained in:
parent
9c528ce36d
commit
62d698325d
@ -25,6 +25,8 @@
|
|||||||
- role: "mail"
|
- role: "mail"
|
||||||
when: the_nine_worlds_production | bool
|
when: the_nine_worlds_production | bool
|
||||||
tags: "system:mail"
|
tags: "system:mail"
|
||||||
|
- role: "nftables"
|
||||||
|
tags: "system:nftables"
|
||||||
- role: "base"
|
- role: "base"
|
||||||
vars:
|
vars:
|
||||||
system_base_motd_dir: "files/base/motd"
|
system_base_motd_dir: "files/base/motd"
|
||||||
|
@ -1,3 +1 @@
|
|||||||
system_base_additional_ssh_users: []
|
system_base_additional_ssh_users: []
|
||||||
system_base_additional_tcp_ports: []
|
|
||||||
system_base_udp_ports: []
|
|
||||||
|
@ -14,14 +14,6 @@ argument_specs:
|
|||||||
type: "list"
|
type: "list"
|
||||||
elements: "str"
|
elements: "str"
|
||||||
required: true
|
required: true
|
||||||
system_base_additional_tcp_ports:
|
|
||||||
type: "list"
|
|
||||||
elements: "int"
|
|
||||||
required: true
|
|
||||||
system_base_udp_ports:
|
|
||||||
type: "list"
|
|
||||||
elements: "int"
|
|
||||||
required: true
|
|
||||||
system_base_fail2ban_ignoreip:
|
system_base_fail2ban_ignoreip:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
|
@ -2,10 +2,6 @@
|
|||||||
ansible.builtin.import_tasks: "include/sshd.yml"
|
ansible.builtin.import_tasks: "include/sshd.yml"
|
||||||
tags: "system:base:sshd"
|
tags: "system:base:sshd"
|
||||||
|
|
||||||
- name: "play:system : role:base : tasks:nftables"
|
|
||||||
ansible.builtin.import_tasks: "include/nftables.yml"
|
|
||||||
tags: "system:base:nftables"
|
|
||||||
|
|
||||||
- name: "play:system : role:base : tasks:ntp"
|
- name: "play:system : role:base : tasks:ntp"
|
||||||
ansible.builtin.import_tasks: "include/ntp.yml"
|
ansible.builtin.import_tasks: "include/ntp.yml"
|
||||||
tags: "system:base:ntp"
|
tags: "system:base:ntp"
|
||||||
|
2
playbooks/system/roles/nftables/defaults/main.yml
Normal file
2
playbooks/system/roles/nftables/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
system_base_additional_tcp_ports: []
|
||||||
|
system_base_udp_ports: []
|
14
playbooks/system/roles/nftables/meta/argument_specs.yml
Normal file
14
playbooks/system/roles/nftables/meta/argument_specs.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
argument_specs:
|
||||||
|
main:
|
||||||
|
options:
|
||||||
|
ansible_port:
|
||||||
|
type: "int"
|
||||||
|
required: true
|
||||||
|
system_base_additional_tcp_ports:
|
||||||
|
type: "list"
|
||||||
|
elements: "int"
|
||||||
|
required: true
|
||||||
|
system_base_udp_ports:
|
||||||
|
type: "list"
|
||||||
|
elements: "int"
|
||||||
|
required: true
|
@ -1,26 +1,26 @@
|
|||||||
- name: "nftables : install nftables"
|
- name: "install nftables"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "nftables"
|
name: "nftables"
|
||||||
|
|
||||||
- name: "nftables : configure nftables"
|
- name: "configure nftables"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./nftables/nftables.conf.j2"
|
src: "./nftables.conf.j2"
|
||||||
dest: "/etc/nftables.conf"
|
dest: "/etc/nftables.conf"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
register: system_base_nftables_conf
|
register: system_base_nftables_conf
|
||||||
|
|
||||||
- name: "nftables : enable nftables"
|
- name: "enable nftables"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: "nftables"
|
name: "nftables"
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: "nftables : start nftables"
|
- name: "start nftables"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: "nftables"
|
name: "nftables"
|
||||||
state: "started"
|
state: "started"
|
||||||
register: system_base_nftables_start
|
register: system_base_nftables_start
|
||||||
|
|
||||||
- name: "nftables : reload nftables configuration"
|
- name: "reload nftables configuration"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: "nft -f /etc/nftables.conf"
|
cmd: "nft -f /etc/nftables.conf"
|
||||||
when:
|
when:
|
Loading…
Reference in New Issue
Block a user