Manage nftables service at startup.

CHANGELOG.md

@@ -1,4 +1,9 @@
 
+## v1.x
+
+### Features
+* Manage nftables service at startup.
+
 ## v1.0
 
 ### Features

README.md

@@ -44,6 +44,7 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
 * **nft_define_host** : You can add or override existant vars.
 * **nft_service_manage** : If `nftables` service should be managed with this role [default : `true`].
 * **nft_service_name** : `nftables` service name [default : `nftables`].
+* **nft_service_enabled** : Set `nftables` service available at startup [default : `true`].
 
 ### OS Specific Variables
 
@@ -202,6 +203,7 @@ nft_input_group_rules:
 
 This role will :
 * Install `nftables` on the system.
+* Enable `nftables` service by default at startup.
 * Generate a default configuration file which include all following files and loaded by systemd unit.
 * Generate input and output rules files include called by the main configuration file.
 * Generate vars in a file and sets and maps in another file.

defaults/main.yml

@@ -5,7 +5,7 @@
 nft_pkg_manage: true
 nft_pkg_state: 'installed'
 
-# conf
+# files
 nft_main_conf_path: '/etc/nftables.conf'
 nft_main_conf_content: 'etc/nftables.conf.j2'
 nft_input_conf_path: '/etc/nftables.d/filter-input.nft'
@@ -74,3 +74,4 @@ nft_set_host: {}
 # service
 nft_service_manage: true
 nft_service_name: 'nftables'
+nft_service_enabled: true

tasks/main.yml

@@ -70,3 +70,12 @@
     backup: yes
   notify: restart nftables service
 # }}}
+
+# service {{{
+- name: SERVICE manage '{{ nft_service_name }}'
+  service:
+    name: '{{ nft_service_name }}'
+    state: started
+    enabled: '{{ nft_service_enabled }}'
+  when: nft_service_manage
+# }}}