1.0.0 Release IaaS

ansible/roles/common/tasks/node/set_nftables.yaml

@@ -0,0 +1,36 @@
+---
+- name: Check nftables installation
+  ansible.builtin.shell: |
+    command -v nft
+  become: true # nftables is located in /usr/sbin, which means root permission is needed.
+  changed_when: false
+  failed_when: false
+  register: "is_nftables_installed"
+  ignore_errors: true
+
+- name: Install nftables
+  ansible.builtin.apt:
+    name: "nftables"
+    state: "present"
+  become: true
+  when: is_nftables_installed.rc != 0
+
+- name: Enable nftables.service
+  ansible.builtin.systemd:
+    name: "nftables.service"
+    state: "started"
+    enabled: true
+  become: true
+
+- name: Deploy nftables.conf
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/node/{{ node['name'] }}/nftables.conf.j2"
+    dest: "/etc/nftables.conf"
+    owner: "root"
+    group: "root"
+    mode: "0700"
+    validate: "/usr/sbin/nft -c -f %s"
+  become: true
+  notify:
+    - "notification_update_nftables"
+    - "notification_restart_crowdsec_bouncer"