37 lines
954 B
YAML
37 lines
954 B
YAML
---
|
|
- name: Check nftables installation
|
|
ansible.builtin.shell: |
|
|
command -v nft
|
|
become: true # nftables is located in /usr/sbin, which means root permission is needed.
|
|
changed_when: false
|
|
failed_when: false
|
|
register: "is_nftables_installed"
|
|
ignore_errors: true
|
|
|
|
- name: Install nftables
|
|
ansible.builtin.apt:
|
|
name: "nftables"
|
|
state: "present"
|
|
become: true
|
|
when: is_nftables_installed.rc != 0
|
|
|
|
- name: Enable nftables.service
|
|
ansible.builtin.systemd:
|
|
name: "nftables.service"
|
|
state: "started"
|
|
enabled: true
|
|
become: true
|
|
|
|
- name: Deploy nftables.conf
|
|
ansible.builtin.template:
|
|
src: "{{ hostvars['console']['node']['config_path'] }}/node/{{ node['name'] }}/nftables.conf.j2"
|
|
dest: "/etc/nftables.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0700"
|
|
validate: "/usr/sbin/nft -c -f %s"
|
|
become: true
|
|
notify:
|
|
- "notification_update_nftables"
|
|
- "notification_restart_crowdsec_bouncer"
|