You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
2 years ago
|
- set_fact:
|
||
|
group_identifier: "{{ item }}"
|
||
|
value: "{{ nftables.rules.raw[item] }}"
|
||
|
when: "item is defined"
|
||
|
|
||
|
#'<group_identifier>': '<content>'
|
||
|
- block:
|
||
|
- name: Create main rule file
|
||
|
copy:
|
||
|
content: "{{ value }}"
|
||
|
dest: "/etc/nftables/ansible-managed/{{ group_identifier }}.nft"
|
||
|
when: value is string
|
||
|
|
||
|
#'<group_identifier>':
|
||
|
# main: <content>
|
||
|
# '<identifier>': '<content>'
|
||
|
- block:
|
||
|
- set_fact:
|
||
|
items: "{{ nftables.rules.raw[item] }}"
|
||
|
|
||
|
- block:
|
||
|
- name: Create main rule file
|
||
|
copy:
|
||
|
content: "{{ items['main'] }}"
|
||
|
dest: "/etc/nftables/ansible-managed/{{ group_identifier }}.nft"
|
||
|
|
||
|
- name: Include rule files
|
||
|
lineinfile:
|
||
|
path: "/etc/nftables/ansible-managed/{{ group_identifier }}.nft"
|
||
|
regexp: "include\\s+(\"|')\\/etc\\/nftables\\/ansible-managed\\/{{ group_identifier }}\\/.*$"
|
||
|
line: 'include "/etc/nftables/ansible-managed/{{ group_identifier }}/*.nft"'
|
||
|
when: items['main'] is defined
|
||
|
|
||
|
- name: Create group folder
|
||
|
file:
|
||
|
path: "/etc/nftables/ansible-managed/{{ group_identifier }}/"
|
||
|
state: directory
|
||
|
when: items|length > 0
|
||
|
|
||
|
- name: Create included rule files
|
||
|
copy:
|
||
|
content: "{{ included_item.value }}"
|
||
|
dest: "/etc/nftables/ansible-managed/{{ group_identifier }}/{{ included_item.key }}.nft"
|
||
|
loop: "{{ items | dict2items | selectattr('key', 'ne', 'main') }}"
|
||
|
loop_control:
|
||
|
loop_var: included_item
|
||
|
|
||
|
when: value is mapping
|