63 lines
1.3 KiB
YAML
63 lines
1.3 KiB
YAML
---
|
|
# tasks file for nftables
|
|
|
|
- name: Load specific OS vars for nft
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
|
|
# package {{{
|
|
- name: Manage packages
|
|
package:
|
|
name: '{{ item }}'
|
|
state: '{{ nft_pkg_state }}'
|
|
with_items:
|
|
- '{{ nft_pkg_list }}'
|
|
when: nft_pkg_manage
|
|
|
|
# }}}
|
|
|
|
# conf {{{
|
|
- name: generate main conf file
|
|
template:
|
|
src: "{{ nft_main_conf_content }}"
|
|
dest: "{{ nft_main_conf_path }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
backup: yes
|
|
notify: restart nftables service
|
|
|
|
- name: generate input rules file
|
|
template:
|
|
src: "{{ nft_input_conf_content }}"
|
|
dest: "{{ nft_input_conf_path }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
backup: yes
|
|
notify: restart nftables service
|
|
|
|
- name: generate vars definition file
|
|
template:
|
|
src: "{{ nft_define_conf_content }}"
|
|
dest: "{{ nft_define_conf_path }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
backup: yes
|
|
notify: restart nftables service
|
|
|
|
- name: generate sets and maps file
|
|
template:
|
|
src: "{{ nft_set_conf_content }}"
|
|
dest: "{{ nft_set_conf_path }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
backup: yes
|
|
notify: restart nftables service
|
|
# }}}
|