From bf327db4ff4e5185f84df50678f488665a3d404e Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 7 Jan 2022 14:42:36 +0100
Subject: nftables/base: initial commit

---
 roles/network/nftables/base/handlers/main.yml |  5 +++++
 roles/network/nftables/base/tasks/main.yml    | 26 ++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 roles/network/nftables/base/handlers/main.yml
 create mode 100644 roles/network/nftables/base/tasks/main.yml

(limited to 'roles/network/nftables/base')

diff --git a/roles/network/nftables/base/handlers/main.yml b/roles/network/nftables/base/handlers/main.yml
new file mode 100644
index 00000000..bda10bdc
--- /dev/null
+++ b/roles/network/nftables/base/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload nftables
+  service:
+    name: nftables
+    state: reloaded
diff --git a/roles/network/nftables/base/tasks/main.yml b/roles/network/nftables/base/tasks/main.yml
new file mode 100644
index 00000000..46c7d0b5
--- /dev/null
+++ b/roles/network/nftables/base/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: install nftables
+  apt:
+    name: nftables
+
+- name: create include base directory
+  file:
+    path: /etc/nftables.d
+    state: directory
+
+- name: generate base nft script
+  copy:
+    content: |
+      #!/usr/sbin/nft -f
+
+      # Ansible managed
+      flush ruleset
+      include "/etc/nftables.d/*.nft"
+    dest: /etc/nftables.conf
+  notify: reload nftables
+
+- name: make sure nftables systemd service unit is enabled and started
+  systemd:
+    name: nftables.service
+    state: started
+    enabled: yes
-- 
cgit v1.2.3