Commit Graph

40 Commits

Author SHA1 Message Date
Vladimir Timofeenko 542f562c41
Added molecule tests for Gentoo
This commit adds molecule tests for Gentoo.

Since the tests run inside docker and on systemd system, the host system
also needs to run systemd.

The tests create volumes in /srv/ so that artifacts that take a long
time to build and synchronize are reused between test runs.

This specific commit also fixes the error in ipr-cnrs/nftables#24
2021-08-20 16:50:28 -07:00
Jeremy Gardais 68c5d4e9f7
Remove recurse on fail2ban custom directory
Molecule idempotence test
2021-08-18 16:02:22 +02:00
Jeremy Gardais 34c2668912
Fix systemd directories permissions 2021-08-13 11:52:04 +02:00
Jeremy Gardais 1a5e044ebb
Move systemd "Protect" options to override file
Rebase after Gentoo related commits
2021-08-13 11:51:54 +02:00
Jeremy Gardais 477f4f722c
Ensure to disable nftables unit from old target 2021-08-13 11:50:41 +02:00
Jeremy Gardais ac61739f91
Automatically add overrides for fail2ban unit 2021-08-13 11:50:40 +02:00
Jeremy Gardais 28cf15ee42
Manage Fail2ban in the "systemd way"
Thanks to @FinweVI !

Rebase after Gentoo related commits
2021-08-13 11:48:27 +02:00
Paweł Krawczyk 3b55e70281
Remove empty lines (yamllint) 2021-08-07 23:35:43 +01:00
Paweł Krawczyk 06c594f11b
Debug os family detection in GitHub Actions 2021-08-07 13:32:43 +01:00
Paweł Krawczyk 6084cfce83
Add task names as required by ansible-lint 2021-08-07 12:18:09 +01:00
Paweł Krawczyk 8fad9d75fd
Update cache on package install 2021-08-07 11:47:32 +01:00
Jeremy Gardais 7639f2bbbf
Merge branch 'backup_toggle' of https://github.com/p-rintz/nftables into p-rintz-backup_toggle 2021-03-12 09:54:06 +01:00
Philipp Rintz ab5c105419
Make config backup configurable by using nft_backup_conf variable. 2021-03-12 09:28:45 +01:00
Jeremy Gardais 60b7d49555
Merge branch 'feature_forwarding' of https://github.com/p-rintz/nftables into p-rintz-feature_forwarding 2021-03-09 18:02:31 +01:00
Philipp Rintz e0658c0661
Added the option to manage the forwarding firewall table. 2021-03-03 13:57:36 +01:00
Jeremy Gardais 4576ec6ed4
Ansible-lint: Fix line longer than 160 chars 2021-01-05 15:58:43 +01:00
Philipp Rintz 19ee0ed2bc Change variable names + add debug toggle. 2020-12-30 17:15:14 +01:00
Philipp Rintz b3e26a435e Allow for undefined group variables for merged_groups. 2020-12-01 16:17:01 +01:00
Philipp Rintz 2b61973d1c Fix error when variables were empty 2020-11-11 15:27:08 +01:00
Philipp Rintz 290a86e906 Support merged firewall rules for multiple groups per host.
- Multiple groups for a single server will now lead to all firewall
    rules being merged instead of overwritten.
2020-11-10 21:17:11 +01:00
Jeremy Gardais 221de0cc89 Reload nftables service to apply new rules
Fix #3 Github
2020-04-21 09:53:57 +02:00
Julien Viard de Galbert 5394cedc2a Fix deprecation warning with ansible 2.7
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple
items and specifying `name: "{{ item }}"`, please use
`name: ['{{ nft_old_pkg_list }}']` and remove the loop.
This feature will be removed in version 2.11.

Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
2019-05-07 00:00:48 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais a5199dc0f2
Clean tasks name and comments in tasks/main.yml file 2019-04-16 14:10:11 +02:00
Jeremy Gardais 7ace36ed6e
Fix E405 Remote package tasks should have a retry 2019-02-27 13:31:25 +01:00
Jeremy Gardais 2dcf0ab10e
Use to_nice_json to manage packages list 2019-02-27 13:28:27 +01:00
Jeremy Gardais 485f7fa83d
Move two task in systemd handler (try to fix #1)
Try to fix the long delay at the first run.
2018-07-25 15:08:44 +02:00
Jeremy Gardais bf9080fcb3
Set a variable to enable/disable Nftables 2018-05-16 14:38:33 +02:00
Jeremy Gardais 0a909641b5 Reload systemd daemons only if unit file change. 2018-02-06 17:28:41 +01:00
Jeremy Gardais eb93ff65f9 Provide the systemd unit. 2018-02-06 17:17:48 +01:00
Jeremy Gardais f2d586c176 Ensure to remove old packages (iptables,…). 2017-08-18 09:25:28 +02:00
Jeremy Gardais e439f6ae5f Ensure to create the the directory to store the differents configuration files (/etc/nftables.d). 2017-08-18 09:18:43 +02:00
Jeremy Gardais f5f4b83a84 Manage nftables service at startup. 2017-08-09 14:27:07 +02:00
Jeremy Gardais c711ec53eb Move output rules to a specific file. 2017-08-08 15:35:05 +02:00
Jeremy Gardais 043bc55dcb Manage sets and maps definitions in a specific file. 2017-08-08 14:32:59 +02:00
Jeremy Gardais f1d2f6582f Add possibility to have nftables vars. 2017-08-08 12:11:58 +02:00
Jeremy Gardais 5ff44ffcfa Move input rules to a specific file. 2017-08-07 17:37:41 +02:00
Jeremy Gardais 1c1013067d Notify `nftables` service when configuration file is modified. 2017-08-07 14:14:14 +02:00
Jeremy Gardais bc6f69fc59 Generate main configuration file. 2017-08-07 13:48:54 +02:00
Jeremy Gardais df57dc8042 Install nftables. 2017-08-07 12:09:13 +02:00