crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[nftables] Install and enable nftables on routers

certbot_on_virtu
_benjamin 2020-08-19 17:49:07 +02:00
parent 68ce662296
commit b76d538ad6
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plays/firewall.yml
View File

@ -4,13 +4,14 @@
- hosts: crans_routeurs - hosts: crans_routeurs
roles: roles:
- sysctl-forwarding - sysctl-forwarding
- nftables
- hosts: routeur-sam.adm.crans.org - hosts: routeur-sam.adm.crans.org
roles: roles:
- arp-proxy - arp-proxy
# Deploy firewall # Deploy firewall
- hosts: crans_routeurs,gulp.adm.crans.org - hosts: crans_routeurs
vars: vars:
re2o: re2o:
server: re2o.adm.crans.org server: re2o.adm.crans.org
@ -20,7 +21,7 @@
- firewall - firewall
# Deploy BGP server configuration on IPv4 routers # Deploy BGP server configuration on IPv4 routers
- hosts: crans_routeurs,gulp.adm.crans.org - hosts: crans_routeurs
vars: vars:
zebra: zebra:
password: "{{ vault_zebra_password }}" password: "{{ vault_zebra_password }}"

15
roles/nftables/tasks/main.yml 100644
View File

@ -0,0 +1,15 @@
---
- name: Install nftables
apt:
name: nftables
state: present
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Enable and start nftables
systemd:
name: nftables
enabled: true
state: started