From b76d538ad684edadaf479189dc590386c46055a2 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Wed, 19 Aug 2020 17:49:07 +0200
Subject: [PATCH] [nftables] Install and enable nftables on routers

---
 plays/firewall.yml            |  5 +++--
 roles/nftables/tasks/main.yml | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 roles/nftables/tasks/main.yml

diff --git a/plays/firewall.yml b/plays/firewall.yml
index 75a2f071..c2976feb 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -4,13 +4,14 @@
 - hosts: crans_routeurs
   roles:
     - sysctl-forwarding
+    - nftables
 
 - hosts: routeur-sam.adm.crans.org
   roles:
     - arp-proxy
 
 # Deploy firewall
-- hosts: crans_routeurs,gulp.adm.crans.org
+- hosts: crans_routeurs
   vars:
     re2o:
       server: re2o.adm.crans.org
@@ -20,7 +21,7 @@
     - firewall
 
 # Deploy BGP server configuration on IPv4 routers
-- hosts: crans_routeurs,gulp.adm.crans.org
+- hosts: crans_routeurs
   vars:
     zebra:
       password: "{{ vault_zebra_password }}"
diff --git a/roles/nftables/tasks/main.yml b/roles/nftables/tasks/main.yml
new file mode 100644
index 00000000..8a5506a5
--- /dev/null
+++ b/roles/nftables/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Install nftables
+  apt:
+    name: nftables
+    state: present
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Enable and start nftables
+  systemd:
+    name: nftables
+    enabled: true
+    state: started
-- 
GitLab