ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit fde3a0eb45f700ab605658192b7161c1b40f9c4e
parent 13bb119f58080c179ff23930c793745250bdd8cb
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 21:14:35 +0100

misc changes
4 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/config-files/nftables/lollo.nft b/config-files/nftables/lollo.nft
@@ -23,8 +23,8 @@ table inet firewall {
         # to help prevent some types of flood attacks.
         ip protocol icmp limit rate 5/second accept
         ip protocol igmp limit rate 5/second accept
-        ip6 protocol ipv6-icmp icmpv6-type redirect drop
-        ip6 protocol ipv6-icmp icmpv6-type 139 drop
+        #ip6 protocol ipv6-icmp icmpv6-type redirect drop
+        #ip6 protocol ipv6-icmp icmpv6-type 139 drop
         ip6 nexthdr ipv6-icmp limit rate 5/second accept
 
         # Allow some ports

@@ -60,7 +60,7 @@ table inet firewall {
         ip protocol igmp limit rate 5/second accept
 
         #make public ips world accessible 
-        daddr 195.39.246.32/28 accept
+        ip daddr 195.39.246.32/28 accept
     }
 
     chain outbound {
diff --git a/configuration/lollo.yml b/configuration/lollo.yml
@@ -18,9 +18,9 @@ system:
 
 network:
   ipForwarding: true
-  ferm:
+  nftables:
     enable: true
-    configFile: config-files/ferm/lollo.conf
+    configFile: config-files/nftables/lollo.nft
 
 networkd:
   networkd_resolv_conf_content:
diff --git a/roles/hostapd/tasks/remove.yml b/roles/hostapd/tasks/remove.yml
@@ -1,5 +1,10 @@
 ---
 
+- name: Gather the package facts
+  package_facts:
+    manager: auto
+
+
 - name: "[OpenRC] Disable and stop service: hostapd"
   service:
     name: hostapd

@@ -15,6 +20,7 @@
     state: stopped
   when: 
     - ansible_service_mgr == "systemd"
+    - "'hostapd' in ansible_facts.packages"
 
 
 - name: "[Alpine] Remove package: hostapd" 
diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml
@@ -31,3 +31,5 @@
   when:
     - services.radicale.enable is defined
     - services.radicale.enable is false
+
+- meta: flush_handlers