Timotej Lazar
ef69e31357
Also factor firewall setup into a separate task. There is no good way to distinguish Debian and Proxmox hosts in Ansible, so we rely on the cluster_type NetBox variable.
26 lines
508 B
YAML
26 lines
508 B
YAML
- name: Install nftables
|
|
package:
|
|
name: nftables
|
|
|
|
- name: Set up generic firewall rules
|
|
copy:
|
|
dest: /etc/nftables.conf
|
|
src: nftables.conf
|
|
notify: reload nftables
|
|
|
|
- name: Create nftables include directory
|
|
file:
|
|
path: /etc/nftables.d
|
|
state: directory
|
|
|
|
- name: Set up local firewall rules
|
|
template:
|
|
dest: /etc/nftables.d/services.nft
|
|
src: services.nft.j2
|
|
notify: reload nftables
|
|
|
|
- name: Enable firewall
|
|
service:
|
|
name: nftables
|
|
enabled: yes
|
|
state: started
|