roles/common: rename firewall and packages task files

Don't use firewall_Debian.yml or packages_Debian.yml since I am not deploying Ubuntu anymore there is no need to distinguish.
roles/common: update task syntax in main play
2025-09-21 16:45:51 +03:00 · 2025-09-21 16:40:37 +03:00
4 changed files with 39 additions and 40 deletions
--- a/roles/common/tasks/firewall.yml
+++ b/roles/common/tasks/firewall.yml
@@ -1,10 +1,28 @@
 ---
- name: Configure firewall
+# Debian 11+ will use nftables directly, with no firewalld.
  when: ansible_distribution == 'Debian'
  ansible.builtin.include_tasks:
    file: firewall_Debian.yml
    apply:
      tags:
        - firewall
  tags: firewall
 - name: Install Debian firewall packages
  when: ansible_distribution_major_version is version('11', '>=')
  ansible.builtin.package:
    name:
      - libnet-ip-perl # for aggregate-cidr-addresses.pl
      - nftables
      - curl # for nftables update scripts
    state: present
    cache_valid_time: 3600
 - name: Remove iptables on newer Debian
  when: ansible_distribution_major_version is version('11', '>=')
  ansible.builtin.apt:
    pkg: iptables
    state: absent
 - name: Configure nftables
  ansible.builtin.include_tasks: nftables.yml
  when: ansible_distribution_version is version('11', '>=')
 - ansible.builtin.include_tasks: fail2ban.yml
  when:
    - ansible_distribution_major_version is version('9', '>=')
 # vim: set sw=2 ts=2:
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@@ -1,28 +0,0 @@
 ---
 # Debian 11+ will use nftables directly, with no firewalld.
 - name: Install Debian firewall packages
  when: ansible_distribution_major_version is version('11', '>=')
  ansible.builtin.package:
    name:
      - libnet-ip-perl # for aggregate-cidr-addresses.pl
      - nftables
      - curl # for nftables update scripts
    state: present
    cache_valid_time: 3600
 - name: Remove iptables on newer Debian
  when: ansible_distribution_major_version is version('11', '>=')
  ansible.builtin.apt:
    pkg: iptables
    state: absent
 - name: Configure nftables
  ansible.builtin.include_tasks: nftables.yml
  when: ansible_distribution_version is version('11', '>=')
 - ansible.builtin.include_tasks: fail2ban.yml
  when:
    - ansible_distribution_major_version is version('9', '>=')
 # vim: set sw=2 ts=2:
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -8,8 +8,7 @@
  tags: ntp
 - name: Install common packages
-  ansible.builtin.include_tasks: packages_Debian.yml
+  ansible.builtin.include_tasks: packages.yml
  when: ansible_distribution == 'Debian'
  tags: packages
 - name: Configure firewall
@@ -23,13 +22,23 @@
 # containers identify as virtualization hosts, which makes this tricky, because we have actual Debian VM hosts!
 - name: Reconfigure /etc/sysctl.conf
  when: ansible_virtualization_role != 'host'
-  ansible.builtin.template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
+  ansible.builtin.template:
    src: "sysctl_{{ ansible_distribution }}.j2"
    dest: /etc/sysctl.conf
    owner: root
    group: root
    mode: 0644
  notify:
    - reload sysctl
  tags: sysctl
 - name: Set I/O scheduler
-  ansible.builtin.template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
+  ansible.builtin.template:
    src: etc/udev/rules.d/60-scheduler.rules.j2
    dest: /etc/udev/rules.d/60-scheduler.rules
    owner: root
    group: root
    mode: 0644
  tags: udev
 - name: Copy admin SSH keys
--- a/roles/common/tasks/packages_Debian.yml
+++ b/roles/common/tasks/packages_Debian.yml
Author	SHA1	Message	Date
Alan Orth	2bb018a40c	roles/common: rename firewall and packages task files Don't use firewall_Debian.yml or packages_Debian.yml since I am not deploying Ubuntu anymore there is no need to distinguish.	2025-09-21 16:45:51 +03:00
Alan Orth	89a1e11b7a	roles/common: update task syntax in main play	2025-09-21 16:40:37 +03:00