alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Compare commits

base: alanorth:602734accebc6971e6b1e346571dbfaee7161448
Branches Tags
alanorth:master alanorth:debian13 alanorth:alpine
..
compare: alanorth:afffd87201652339ff2e6d9e0c2ccc5daa4327de
Branches Tags
alanorth:debian13 alanorth:master alanorth:alpine

3 Commits
602734acce ... afffd87201

Author SHA1 Message Date
Alan Orth
afffd87201 roles/common: remove old firewall cleanup 2025-11-14 22:38:43 +03:00
Alan Orth
d21f3d9371 roles/common: remove loops with one item 2025-11-14 22:38:17 +03:00
Alan Orth
a6ef7a1c4e roles/common: don't notify fail2ban 
We set the fail2ban service as "PartOf" the nftables service, so it
receives stop and restart events already.
 2025-11-14 22:26:09 +03:00
1 changed files with 4 additions and 31 deletions
Expand all files Collapse all files

35
roles/common/tasks/nftables.yml
View File

@@ -9,7 +9,6 @@
mode: "0644"
notify:
- Restart nftables
- Restart fail2ban
- name: Create /etc/nftables extra config directory
ansible.builtin.file:
@@ -20,17 +19,14 @@
- name: Copy extra nftables configuration files
ansible.builtin.copy:
src: "{{ item.src }}"
dest: /etc/nftables/{{ item.src }}
src: firehol_level1-ipv4.nft
dest: /etc/nftables/firehol_level1-ipv4.nft
owner: root
group: root
mode: "0644"
force: "{{ item.force }}"
loop:
- { src: firehol_level1-ipv4.nft, force: false }
force: false
notify:
- Restart nftables
- Restart fail2ban
- name: Copy nftables update scripts
ansible.builtin.template:
@@ -40,27 +36,6 @@
owner: root
group: root
- name: Remove deprecated data and scripts
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /etc/nftables/spamhaus-ipv4.nft
- /etc/nftables/spamhaus-ipv6.nft
- /etc/nftables/abuseipdb-ipv4.nft
- /etc/nftables/abuseipdb-ipv6.nft
- /etc/nftables/abusech-ipv4.nft
- /usr/local/bin/update-abusech-nftables.sh
- /usr/local/bin/update-spamhaus-nftables.sh
- /etc/systemd/system/update-abusech-nftables.service
- /etc/systemd/system/update-abusech-nftables.timer
- /etc/systemd/system/update-spamhaus-nftables.service
- /etc/systemd/system/update-spamhaus-nftables.timer
- /usr/local/bin/aggregate-cidr-addresses.pl
notify:
- Restart nftables
- Restart fail2ban
- name: Copy nftables systemd units
ansible.builtin.copy:
src: "{{ item }}"
@@ -81,11 +56,9 @@
- name: Start and enable nftables update timers
ansible.builtin.systemd_service:
name: "{{ item }}"
name: update-firehol-nftables.timer
state: started
enabled: true
loop:
- update-firehol-nftables.timer
- name: Start and enable nftables
ansible.builtin.systemd_service: