1.0.0 Release IaaS
This commit is contained in:
36
ansible/roles/common/tasks/node/set_nftables.yaml
Normal file
36
ansible/roles/common/tasks/node/set_nftables.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
---
|
||||
- name: Check nftables installation
|
||||
ansible.builtin.shell: |
|
||||
command -v nft
|
||||
become: true # nftables is located in /usr/sbin, which means root permission is needed.
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: "is_nftables_installed"
|
||||
ignore_errors: true
|
||||
|
||||
- name: Install nftables
|
||||
ansible.builtin.apt:
|
||||
name: "nftables"
|
||||
state: "present"
|
||||
become: true
|
||||
when: is_nftables_installed.rc != 0
|
||||
|
||||
- name: Enable nftables.service
|
||||
ansible.builtin.systemd:
|
||||
name: "nftables.service"
|
||||
state: "started"
|
||||
enabled: true
|
||||
become: true
|
||||
|
||||
- name: Deploy nftables.conf
|
||||
ansible.builtin.template:
|
||||
src: "{{ hostvars['console']['node']['config_path'] }}/node/{{ node['name'] }}/nftables.conf.j2"
|
||||
dest: "/etc/nftables.conf"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0700"
|
||||
validate: "/usr/sbin/nft -c -f %s"
|
||||
become: true
|
||||
notify:
|
||||
- "notification_update_nftables"
|
||||
- "notification_restart_crowdsec_bouncer"
|
||||
Reference in New Issue
Block a user