roles/common: Fix nftables in Debian firewall

The previous commit meant to move the service start, not the config copying task.
2021-07-29 10:10:04 +03:00 · 2021-07-29 10:10:04 +03:00 · cba2a7a996
commit cba2a7a996
parent 197bdf7666
1 changed files with 6 additions and 6 deletions
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@ -23,9 +23,11 @@
  - name: Install firewall packages
    apt: pkg={{ debian_firewall_packages }} state=present cache_valid_time=3600
-  - name: Start and enable nftables
+  - name: Copy nftables.conf
    when: ansible_distribution_major_version is version('11', '>=')
-    systemd: name=nftables state=started enabled=yes
+    template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
    notify:
      - reload nftables
  - name: Create /etc/nftables extra config directory
    when: ansible_distribution_major_version is version('11', '>=')
@ -125,11 +127,9 @@
    when: ansible_distribution_version is version('11', '>=')
    systemd: name=update-spamhaus-nftables.timer state=started enabled=yes
-  - name: Copy nftables.conf
+  - name: Start and enable nftables
    when: ansible_distribution_major_version is version('11', '>=')
-    template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
+    systemd: name=nftables state=started enabled=yes
    notify:
      - reload nftables
  - include_tasks: fail2ban.yml
    when: ansible_distribution_major_version is version('9', '>=')