Extract nftables into its own role

This commit is contained in:
Wojciech Kozlowski 2022-12-18 19:01:04 +01:00
parent 9c528ce36d
commit 62d698325d
8 changed files with 24 additions and 20 deletions

View File

@ -25,6 +25,8 @@
- role: "mail"
when: the_nine_worlds_production | bool
tags: "system:mail"
- role: "nftables"
tags: "system:nftables"
- role: "base"
vars:
system_base_motd_dir: "files/base/motd"

View File

@ -1,3 +1 @@
system_base_additional_ssh_users: []
system_base_additional_tcp_ports: []
system_base_udp_ports: []

View File

@ -14,14 +14,6 @@ argument_specs:
type: "list"
elements: "str"
required: true
system_base_additional_tcp_ports:
type: "list"
elements: "int"
required: true
system_base_udp_ports:
type: "list"
elements: "int"
required: true
system_base_fail2ban_ignoreip:
type: "str"
required: true

View File

@ -2,10 +2,6 @@
ansible.builtin.import_tasks: "include/sshd.yml"
tags: "system:base:sshd"
- name: "play:system : role:base : tasks:nftables"
ansible.builtin.import_tasks: "include/nftables.yml"
tags: "system:base:nftables"
- name: "play:system : role:base : tasks:ntp"
ansible.builtin.import_tasks: "include/ntp.yml"
tags: "system:base:ntp"

View File

@ -0,0 +1,2 @@
system_base_additional_tcp_ports: []
system_base_udp_ports: []

View File

@ -0,0 +1,14 @@
argument_specs:
main:
options:
ansible_port:
type: "int"
required: true
system_base_additional_tcp_ports:
type: "list"
elements: "int"
required: true
system_base_udp_ports:
type: "list"
elements: "int"
required: true

View File

@ -1,26 +1,26 @@
- name: "nftables : install nftables"
- name: "install nftables"
ansible.builtin.apt:
name: "nftables"
- name: "nftables : configure nftables"
- name: "configure nftables"
ansible.builtin.template:
src: "./nftables/nftables.conf.j2"
src: "./nftables.conf.j2"
dest: "/etc/nftables.conf"
mode: 0755
register: system_base_nftables_conf
- name: "nftables : enable nftables"
- name: "enable nftables"
ansible.builtin.systemd:
name: "nftables"
enabled: true
- name: "nftables : start nftables"
- name: "start nftables"
ansible.builtin.systemd:
name: "nftables"
state: "started"
register: system_base_nftables_start
- name: "nftables : reload nftables configuration"
- name: "reload nftables configuration"
ansible.builtin.command:
cmd: "nft -f /etc/nftables.conf"
when: