From df57dc8042cf35b9aec0b1115f092cd0c5b3468b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Mon, 7 Aug 2017 12:09:13 +0200
Subject: [PATCH] Install nftables.

---
 .travis.yml       | 29 +++++++++++++++++++++
 README.md         | 64 +++++++++++++++++++++++++++++++++++++++++++++++
 defaults/main.yml |  6 +++++
 meta/main.yml     | 24 ++++++++++++++++++
 tasks/main.yml    | 18 +++++++++++++
 vars/debian.yml   |  4 +++
 6 files changed, 145 insertions(+)
 create mode 100644 .travis.yml
 create mode 100644 README.md
 create mode 100644 defaults/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 vars/debian.yml

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..36bbf62
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..befecfc
--- /dev/null
+++ b/README.md
@@ -0,0 +1,64 @@
+# Nftables
+
+1. [Overview](#overview)
+2. [Role Variables](#role-variables)
+     * [OS Specific Variables](#os-specific-variables)
+3. [Example Playbook](#example-playbook)
+4. [Configuration](#configuration)
+5. [Development](#development)
+5. [License](#license)
+6. [Author Information](#author-information)
+
+## Overview
+
+A role to manage Nftables rules and packages.
+
+## Role Variables
+
+* **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
+* **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
+
+### OS Specific Variables
+
+Please see default value by Operating System file in [vars][vars directory] directory.
+
+* **nft_pkg_list** : The list of package(s) to provide `nftables`.
+
+## Example Playbook
+
+* Manage Nftables with defaults vars :
+
+``` yml
+- hosts: serverXYZ
+  roles:
+    - role: ipr-cnrs.nftables
+```
+
+## Configuration
+
+This role will :
+* Install `nftables` on the system.
+
+## Development
+
+This source code comes from our [Gogs instance][nftables source] and the [Github repo][nftables github] exist just to be able to send the role to Ansible Galaxy…
+
+But feel free to send issue/PR here :)
+
+Thanks to this [hook][gogs to github hook], Github automatically got updates from our [Gogs instance][nftables source] :)
+
+## License
+
+[WTFPL][wtfpl website]
+
+## Author Information
+
+Jérémy Gardais
+* Source : [on IPR's Gogs][nftables source]
+* [IPR][ipr website] (Institut de Physique de Rennes)
+
+[gogs to github hook]: https://stackoverflow.com/a/21998477
+[nftables source]: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.nftables
+[nftables github]: https://github.com/ipr-cnrs/nftables
+[wtfpl website]: http://www.wtfpl.net/about/
+[ipr website]: https://ipr.univ-rennes1.fr/
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..3f41661
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# defaults file for nftables
+
+# packages
+ nft_pkg_manage: true
+ nft_pkg_state: 'installed'
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..f31b3b9
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,24 @@
+galaxy_info:
+  author: "Jérémy Gardais"
+  description: "Manage Nftables rules and packages"
+  license: WTFPL
+  company: IPR
+  issue_tracker_url: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.nftables/issues
+  min_ansible_version: 2.2
+  platforms:
+  - name: Debian
+    versions:
+    - stretch
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  galaxy_tags:
+    - system
+    - nftables
+    - firewall
+    - security
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..1810ede
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+# tasks file for nftables
+
+- name: Load specific OS vars for nft
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
+    - "{{ ansible_distribution|lower }}.yml"
+    - "{{ ansible_os_family|lower }}.yml"
+
+- name: Manage packages
+  package:
+    name: '{{ item }}'
+    state: '{{ nft_pkg_state }}'
+  with_items:
+    - '{{ nft_pkg_list }}'
+  when: nft_pkg_manage
+
diff --git a/vars/debian.yml b/vars/debian.yml
new file mode 100644
index 0000000..04ec88b
--- /dev/null
+++ b/vars/debian.yml
@@ -0,0 +1,4 @@
+---
+# vars file for Debian-based distros
+nft_pkg_list:
+  - nftables