ansible.nftables/tasks/main.yml

111 lines
2.5 KiB
YAML
Raw Normal View History

2017-08-07 12:09:13 +02:00
---
# tasks file for nftables
- name: Load specific OS vars for nft
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
2017-08-07 13:48:54 +02:00
# package {{{
- name: INSTALL Manage nftables packages
2017-08-07 12:09:13 +02:00
package:
name: '{{ item }}'
state: '{{ nft_pkg_state }}'
with_items:
- '{{ nft_pkg_list }}'
when: nft_pkg_manage
- name: INSTALL Remove iptables packages
apt:
name: '{{ item }}'
state: '{{ nft_old_pkg_state }}'
with_items:
- '{{ nft_old_pkg_list }}'
when: nft_old_pkg_manage
2017-08-07 13:48:54 +02:00
# }}}
# conf {{{
- name: CONFIG create nftables.d dir
file:
path: "{{ nft_conf_dir_path }}"
state: directory
mode: 0755
- name: CONFIG generate main conf file
2017-08-07 13:48:54 +02:00
template:
src: "{{ nft_main_conf_content }}"
dest: "{{ nft_main_conf_path }}"
owner: root
group: root
mode: 0755
backup: yes
2018-02-06 16:58:18 +01:00
notify: ['restart nftables service']
2017-08-07 17:37:41 +02:00
- name: CONFIG generate input rules file
2017-08-07 17:37:41 +02:00
template:
src: "{{ nft_input_conf_content }}"
dest: "{{ nft_input_conf_path }}"
owner: root
group: root
mode: 0755
backup: yes
2018-02-06 16:58:18 +01:00
notify: ['restart nftables service']
2017-08-08 12:11:58 +02:00
- name: CONFIG generate output rules file
2017-08-08 15:35:05 +02:00
template:
src: "{{ nft_output_conf_content }}"
dest: "{{ nft_output_conf_path }}"
owner: root
group: root
mode: 0755
backup: yes
2018-02-06 16:58:18 +01:00
notify: ['restart nftables service']
2017-08-08 15:35:05 +02:00
- name: CONFIG generate vars definition file
2017-08-08 12:11:58 +02:00
template:
src: "{{ nft_define_conf_content }}"
dest: "{{ nft_define_conf_path }}"
owner: root
group: root
mode: 0755
backup: yes
2018-02-06 16:58:18 +01:00
notify: ['restart nftables service']
- name: CONFIG generate sets and maps file
template:
src: "{{ nft_set_conf_content }}"
dest: "{{ nft_set_conf_path }}"
owner: root
group: root
mode: 0755
backup: yes
2018-02-06 16:58:18 +01:00
notify: ['restart nftables service']
2017-08-07 13:48:54 +02:00
# }}}
2017-08-09 14:27:07 +02:00
# service {{{
2018-02-06 16:58:18 +01:00
- name: install Debian systemd service unit
template:
src: '{{ nft_service_unit_content }}'
dest: '{{ nft_service_unit_path }}'
owner: 'root'
group: 'root'
mode: '0644'
register: nftables__register_systemd_service
when: nft_service_manage
notify: ['restart nftables service']
- name: Reload systemd daemons
command: systemctl daemon-reload
notify: ['restart nftables service']
2017-08-09 14:27:07 +02:00
- name: SERVICE manage '{{ nft_service_name }}'
service:
name: '{{ nft_service_name }}'
state: started
enabled: '{{ nft_service_enabled }}'
when: nft_service_manage
# }}}