Extract nftables into its own role
This commit is contained in:
parent
9c528ce36d
commit
62d698325d
@ -25,6 +25,8 @@
|
||||
- role: "mail"
|
||||
when: the_nine_worlds_production | bool
|
||||
tags: "system:mail"
|
||||
- role: "nftables"
|
||||
tags: "system:nftables"
|
||||
- role: "base"
|
||||
vars:
|
||||
system_base_motd_dir: "files/base/motd"
|
||||
|
@ -1,3 +1 @@
|
||||
system_base_additional_ssh_users: []
|
||||
system_base_additional_tcp_ports: []
|
||||
system_base_udp_ports: []
|
||||
|
@ -14,14 +14,6 @@ argument_specs:
|
||||
type: "list"
|
||||
elements: "str"
|
||||
required: true
|
||||
system_base_additional_tcp_ports:
|
||||
type: "list"
|
||||
elements: "int"
|
||||
required: true
|
||||
system_base_udp_ports:
|
||||
type: "list"
|
||||
elements: "int"
|
||||
required: true
|
||||
system_base_fail2ban_ignoreip:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -2,10 +2,6 @@
|
||||
ansible.builtin.import_tasks: "include/sshd.yml"
|
||||
tags: "system:base:sshd"
|
||||
|
||||
- name: "play:system : role:base : tasks:nftables"
|
||||
ansible.builtin.import_tasks: "include/nftables.yml"
|
||||
tags: "system:base:nftables"
|
||||
|
||||
- name: "play:system : role:base : tasks:ntp"
|
||||
ansible.builtin.import_tasks: "include/ntp.yml"
|
||||
tags: "system:base:ntp"
|
||||
|
2
playbooks/system/roles/nftables/defaults/main.yml
Normal file
2
playbooks/system/roles/nftables/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
system_base_additional_tcp_ports: []
|
||||
system_base_udp_ports: []
|
14
playbooks/system/roles/nftables/meta/argument_specs.yml
Normal file
14
playbooks/system/roles/nftables/meta/argument_specs.yml
Normal file
@ -0,0 +1,14 @@
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
ansible_port:
|
||||
type: "int"
|
||||
required: true
|
||||
system_base_additional_tcp_ports:
|
||||
type: "list"
|
||||
elements: "int"
|
||||
required: true
|
||||
system_base_udp_ports:
|
||||
type: "list"
|
||||
elements: "int"
|
||||
required: true
|
@ -1,26 +1,26 @@
|
||||
- name: "nftables : install nftables"
|
||||
- name: "install nftables"
|
||||
ansible.builtin.apt:
|
||||
name: "nftables"
|
||||
|
||||
- name: "nftables : configure nftables"
|
||||
- name: "configure nftables"
|
||||
ansible.builtin.template:
|
||||
src: "./nftables/nftables.conf.j2"
|
||||
src: "./nftables.conf.j2"
|
||||
dest: "/etc/nftables.conf"
|
||||
mode: 0755
|
||||
register: system_base_nftables_conf
|
||||
|
||||
- name: "nftables : enable nftables"
|
||||
- name: "enable nftables"
|
||||
ansible.builtin.systemd:
|
||||
name: "nftables"
|
||||
enabled: true
|
||||
|
||||
- name: "nftables : start nftables"
|
||||
- name: "start nftables"
|
||||
ansible.builtin.systemd:
|
||||
name: "nftables"
|
||||
state: "started"
|
||||
register: system_base_nftables_start
|
||||
|
||||
- name: "nftables : reload nftables configuration"
|
||||
- name: "reload nftables configuration"
|
||||
ansible.builtin.command:
|
||||
cmd: "nft -f /etc/nftables.conf"
|
||||
when:
|
Loading…
Reference in New Issue
Block a user