Allow to disable "Protect" in systemd unit
This commit is contained in:
parent
7ace36ed6e
commit
83675dfe48
|
@ -1,3 +1,8 @@
|
||||||
|
## v1.X
|
||||||
|
|
||||||
|
### Enhancements
|
||||||
|
* Add a variable to disable "Protect" instructions in systemd unit.
|
||||||
|
|
||||||
## v1.4.1
|
## v1.4.1
|
||||||
|
|
||||||
### Fix
|
### Fix
|
||||||
|
|
|
@ -54,6 +54,7 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
|
||||||
* **nft_service_manage** : If `nftables` service should be managed with this role [default : `true`].
|
* **nft_service_manage** : If `nftables` service should be managed with this role [default : `true`].
|
||||||
* **nft_service_name** : `nftables` service name [default : `nftables`].
|
* **nft_service_name** : `nftables` service name [default : `nftables`].
|
||||||
* **nft_service_enabled** : Set `nftables` service available at startup [default : `true`].
|
* **nft_service_enabled** : Set `nftables` service available at startup [default : `true`].
|
||||||
|
* **nft__service_protect** : If systemd unit should protect system and home [default : `true`].
|
||||||
* **nft__fail2ban_service** : If the Nftables service should also restart the Fail2ban service [default : `False`].
|
* **nft__fail2ban_service** : If the Nftables service should also restart the Fail2ban service [default : `False`].
|
||||||
|
|
||||||
### OS Specific Variables
|
### OS Specific Variables
|
||||||
|
|
|
@ -128,4 +128,5 @@ nft_service_name: 'nftables'
|
||||||
nft_service_enabled: true
|
nft_service_enabled: true
|
||||||
nft_service_unit_path: '/lib/systemd/system/nftables.service'
|
nft_service_unit_path: '/lib/systemd/system/nftables.service'
|
||||||
nft_service_unit_content: 'lib/systemd/system/nftables.service.j2'
|
nft_service_unit_content: 'lib/systemd/system/nftables.service.j2'
|
||||||
|
nft__service_protect: true
|
||||||
nft__fail2ban_service: False
|
nft__fail2ban_service: False
|
||||||
|
|
|
@ -8,8 +8,10 @@ Documentation=man:nft(8) http://wiki.nftables.org
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=yes
|
RemainAfterExit=yes
|
||||||
StandardInput=null
|
StandardInput=null
|
||||||
|
{% if nft__service_protect %}
|
||||||
ProtectSystem=full
|
ProtectSystem=full
|
||||||
ProtectHome=true
|
ProtectHome=true
|
||||||
|
{% endif %}
|
||||||
{% if nft__fail2ban_service %}
|
{% if nft__fail2ban_service %}
|
||||||
ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
||||||
ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
||||||
|
|
Loading…
Reference in New Issue