Import firewall role from network repo

Move, actually.
2026-02-23 09:56:33 +01:00 · 2026-02-23 09:56:33 +01:00 · 754c3da31f
commit 754c3da31f
parent 88061d97b2
21 changed files with 801 additions and 1 deletions
--- a/roles/firewall/tasks/nftables.yml
+++ b/roles/firewall/tasks/nftables.yml
@ -0,0 +1,26 @@
+- name: Install nftables
+  package:
+    name: nftables
+
+- name: Copy nftables config
+  template:
+    dest: /etc/nftables.nft
+    src: nftables.nft.j2
+    mode: 0644
+  notify: reload nftables
+
+- name: Copy static nftables includes
+  template:
+    dest: '/etc/nftables.d/{{ item }}'
+    src: '{{ item }}.j2'
+    mode: 0644
+  loop:
+    - interfaces.nft
+    - networks.nft
+  notify: reload nftables
+
+- name: Enable nftables service
+  service:
+    name: nftables
+    enabled: yes
+    state: started