debian: don’t set up firewall for proxmox hosts
Also factor firewall setup into a separate task. There is no good way to distinguish Debian and Proxmox hosts in Ansible, so we rely on the cluster_type NetBox variable.
This commit is contained in:
parent
45d3e6c4ec
commit
ef69e31357
2 changed files with 29 additions and 23 deletions
26
roles/debian/tasks/firewall.yml
Normal file
26
roles/debian/tasks/firewall.yml
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
- name: Install nftables
|
||||
package:
|
||||
name: nftables
|
||||
|
||||
- name: Set up generic firewall rules
|
||||
copy:
|
||||
dest: /etc/nftables.conf
|
||||
src: nftables.conf
|
||||
notify: reload nftables
|
||||
|
||||
- name: Create nftables include directory
|
||||
file:
|
||||
path: /etc/nftables.d
|
||||
state: directory
|
||||
|
||||
- name: Set up local firewall rules
|
||||
template:
|
||||
dest: /etc/nftables.d/services.nft
|
||||
src: services.nft.j2
|
||||
notify: reload nftables
|
||||
|
||||
- name: Enable firewall
|
||||
service:
|
||||
name: nftables
|
||||
enabled: yes
|
||||
state: started
|
||||
Loading…
Add table
Add a link
Reference in a new issue