ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

path: /roles/common/tasks/firewall-nftables.yml 2.05 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
---

- name: "[Alpine] Install Package: nftables"
  apk:
    name: nftables
    state: present
    update_cache: yes
  when: 
    - ansible_distribution == "Alpine"
    - network.nftables.enable is true 

- name: "[Archlinux] Install Package: nftables"
  pacman:
    name: nftables
    state: present
    update_cache: yes
  when:
    - ansible_distribution == "Archlinux"
    - network.nftables.enable is true

- name: "[Alpine] Create file: /etc/nftables.nft"
  copy:
    src: "{{ network.nftables.configFile | default('nftables-config.nft') }}"
    dest: /etc/nftables.nft
    mode: 0644
  register: nftablesConfig
  when:
    - ansible_distribution == "Alpine"
    - network.nftables.enable is true

- name: "[Archlinux] Create file: /etc/nftables.conf"
  copy:
    src: "{{ network.nftables.configFile | default('nftables-config.nft') }}"
    dest: /etc/nftables.conf
    mode: 0644
  register: nftablesConfig
  when:
    - ansible_distribution == "Archlinux"
    - network.nftables.enable is true

- name: "[Archlinux] Create directory: /etc/nftables.d"
  file:
    state: directory
    path: /etc/nftables.d
    mode: 0755
  when: 
    - ansible_distribution == "Archlinux"
    - network.nftables.enable is true


- name: "[OpenRC] Enable and start service: nftables"
  service:
    name: nftables
    enabled: yes
    state: started
  when: 
    - ansible_service_mgr == "openrc"
    - network.nftables.enable is true

- name: "[systemd] Enable and start service: nftables"
  systemd:
   name: nftables
   enabled: yes
   state: started
  when: 
    - ansible_service_mgr == "systemd"
    - network.nftables.enable is true 


- name: "[OpenRC] Restart service: nftables (to deploy new config)"
  service:
    name: nftables
    state: restarted
  when: 
    - ansible_service_mgr == "openrc"
    - network.nftables.enable is true
    - nftablesConfig.changed

- name: "[systemd] Restart service: nftables (to deploy new config)"
  systemd:
    name: nftables
    state: restarted
  when: 
    - ansible_service_mgr == "systemd"
    - network.nftables.enable is true
    - nftablesConfig.changed