Extract nftables into its own role

This commit is contained in:
Wojciech Kozlowski 2022-12-18 19:01:04 +01:00
parent 9c528ce36d
commit 62d698325d
8 changed files with 24 additions and 20 deletions

View File

@ -25,6 +25,8 @@
- role: "mail" - role: "mail"
when: the_nine_worlds_production | bool when: the_nine_worlds_production | bool
tags: "system:mail" tags: "system:mail"
- role: "nftables"
tags: "system:nftables"
- role: "base" - role: "base"
vars: vars:
system_base_motd_dir: "files/base/motd" system_base_motd_dir: "files/base/motd"

View File

@ -1,3 +1 @@
system_base_additional_ssh_users: [] system_base_additional_ssh_users: []
system_base_additional_tcp_ports: []
system_base_udp_ports: []

View File

@ -14,14 +14,6 @@ argument_specs:
type: "list" type: "list"
elements: "str" elements: "str"
required: true required: true
system_base_additional_tcp_ports:
type: "list"
elements: "int"
required: true
system_base_udp_ports:
type: "list"
elements: "int"
required: true
system_base_fail2ban_ignoreip: system_base_fail2ban_ignoreip:
type: "str" type: "str"
required: true required: true

View File

@ -2,10 +2,6 @@
ansible.builtin.import_tasks: "include/sshd.yml" ansible.builtin.import_tasks: "include/sshd.yml"
tags: "system:base:sshd" tags: "system:base:sshd"
- name: "play:system : role:base : tasks:nftables"
ansible.builtin.import_tasks: "include/nftables.yml"
tags: "system:base:nftables"
- name: "play:system : role:base : tasks:ntp" - name: "play:system : role:base : tasks:ntp"
ansible.builtin.import_tasks: "include/ntp.yml" ansible.builtin.import_tasks: "include/ntp.yml"
tags: "system:base:ntp" tags: "system:base:ntp"

View File

@ -0,0 +1,2 @@
system_base_additional_tcp_ports: []
system_base_udp_ports: []

View File

@ -0,0 +1,14 @@
argument_specs:
main:
options:
ansible_port:
type: "int"
required: true
system_base_additional_tcp_ports:
type: "list"
elements: "int"
required: true
system_base_udp_ports:
type: "list"
elements: "int"
required: true

View File

@ -1,26 +1,26 @@
- name: "nftables : install nftables" - name: "install nftables"
ansible.builtin.apt: ansible.builtin.apt:
name: "nftables" name: "nftables"
- name: "nftables : configure nftables" - name: "configure nftables"
ansible.builtin.template: ansible.builtin.template:
src: "./nftables/nftables.conf.j2" src: "./nftables.conf.j2"
dest: "/etc/nftables.conf" dest: "/etc/nftables.conf"
mode: 0755 mode: 0755
register: system_base_nftables_conf register: system_base_nftables_conf
- name: "nftables : enable nftables" - name: "enable nftables"
ansible.builtin.systemd: ansible.builtin.systemd:
name: "nftables" name: "nftables"
enabled: true enabled: true
- name: "nftables : start nftables" - name: "start nftables"
ansible.builtin.systemd: ansible.builtin.systemd:
name: "nftables" name: "nftables"
state: "started" state: "started"
register: system_base_nftables_start register: system_base_nftables_start
- name: "nftables : reload nftables configuration" - name: "reload nftables configuration"
ansible.builtin.command: ansible.builtin.command:
cmd: "nft -f /etc/nftables.conf" cmd: "nft -f /etc/nftables.conf"
when: when: