From d0746b2f1b3140e92412fcc1f8ef56cff234ac7b Mon Sep 17 00:00:00 2001
From: "Ivo C.S. Wingelaar" <ivo@wingelaar.be>
Date: Sun, 13 Oct 2024 13:35:16 +0200
Subject: [PATCH] Rename `configure_firewall` role

---
 roles/configure_firewall/defaults/main.yml                  | 3 ---
 roles/firewall_nft/defaults/main.yml                        | 3 +++
 .../{configure_firewall => firewall_nft}/handlers/main.yml  | 2 +-
 roles/{configure_firewall => firewall_nft}/tasks/main.yml   | 6 +++---
 .../templates/nft.conf.j2                                   | 6 +++---
 .../templates/nft.service.j2                                | 6 +++---
 6 files changed, 13 insertions(+), 13 deletions(-)
 delete mode 100644 roles/configure_firewall/defaults/main.yml
 create mode 100644 roles/firewall_nft/defaults/main.yml
 rename roles/{configure_firewall => firewall_nft}/handlers/main.yml (77%)
 rename roles/{configure_firewall => firewall_nft}/tasks/main.yml (79%)
 rename roles/{configure_firewall => firewall_nft}/templates/nft.conf.j2 (83%)
 rename roles/{configure_firewall => firewall_nft}/templates/nft.service.j2 (66%)

diff --git a/roles/configure_firewall/defaults/main.yml b/roles/configure_firewall/defaults/main.yml
deleted file mode 100644
index 575ebe9..0000000
--- a/roles/configure_firewall/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-sce_nft_table_name: sce_table
-sce_nft_table_filename: sce-port-mapping
diff --git a/roles/firewall_nft/defaults/main.yml b/roles/firewall_nft/defaults/main.yml
new file mode 100644
index 0000000..ffd93c6
--- /dev/null
+++ b/roles/firewall_nft/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+firewall_nft_table_name: sce_table
+firewall_nft_table_filename: sce-port-mapping
diff --git a/roles/configure_firewall/handlers/main.yml b/roles/firewall_nft/handlers/main.yml
similarity index 77%
rename from roles/configure_firewall/handlers/main.yml
rename to roles/firewall_nft/handlers/main.yml
index e4c590d..03c0da7 100644
--- a/roles/configure_firewall/handlers/main.yml
+++ b/roles/firewall_nft/handlers/main.yml
@@ -5,5 +5,5 @@
 
 - name: Reload port mapping service
   ansible.builtin.systemd_service:
-    name: "{{ sce_nft_table_filename }}.service"
+    name: "{{ firewall_nft_table_filename }}.service"
     state: reloaded
diff --git a/roles/configure_firewall/tasks/main.yml b/roles/firewall_nft/tasks/main.yml
similarity index 79%
rename from roles/configure_firewall/tasks/main.yml
rename to roles/firewall_nft/tasks/main.yml
index 4c84f88..4d14a30 100644
--- a/roles/configure_firewall/tasks/main.yml
+++ b/roles/firewall_nft/tasks/main.yml
@@ -7,7 +7,7 @@
 - name: Install SCE port mapping rules
   ansible.builtin.template:
     src: nft.conf.j2
-    dest: /etc/{{ sce_nft_table_filename }}.conf
+    dest: /etc/{{ firewall_nft_table_filename }}.conf
     mode: "0755"
     validate: /usr/sbin/nft -cf %s
   notify: Reload port mapping service
@@ -15,7 +15,7 @@
 - name: Install SCE port mapping systemd service
   ansible.builtin.template:
     src: nft.service.j2
-    dest: /etc/systemd/system/{{ sce_nft_table_filename }}.service
+    dest: /etc/systemd/system/{{ firewall_nft_table_filename }}.service
     mode: "0644"
   notify: Reload systemd daemon
 
@@ -25,6 +25,6 @@
 
 - name: Ensure nft SCE port mapping service is started and enabled
   ansible.builtin.systemd_service:
-    name: "{{ sce_nft_table_filename }}.service"
+    name: "{{ firewall_nft_table_filename }}.service"
     state: started
     enabled: true
diff --git a/roles/configure_firewall/templates/nft.conf.j2 b/roles/firewall_nft/templates/nft.conf.j2
similarity index 83%
rename from roles/configure_firewall/templates/nft.conf.j2
rename to roles/firewall_nft/templates/nft.conf.j2
index a9fc910..c8b31a9 100644
--- a/roles/configure_firewall/templates/nft.conf.j2
+++ b/roles/firewall_nft/templates/nft.conf.j2
@@ -10,10 +10,10 @@
 
 # Flush and recreate the entire table
 # https://unix.stackexchange.com/questions/537030/nftables-flush-delete-when-changing-or-creating-new-table
-table inet {{ sce_nft_table_name }}
-flush table inet {{ sce_nft_table_name }}
+table inet {{ firewall_nft_table_name }}
+flush table inet {{ firewall_nft_table_name }}
 
-table inet {{ sce_nft_table_name }} {
+table inet {{ firewall_nft_table_name }} {
   chain sce_port_mapping {
     type nat hook prerouting priority filter + 1;
     policy accept;
diff --git a/roles/configure_firewall/templates/nft.service.j2 b/roles/firewall_nft/templates/nft.service.j2
similarity index 66%
rename from roles/configure_firewall/templates/nft.service.j2
rename to roles/firewall_nft/templates/nft.service.j2
index 0a12023..0d12c02 100644
--- a/roles/configure_firewall/templates/nft.service.j2
+++ b/roles/firewall_nft/templates/nft.service.j2
@@ -14,9 +14,9 @@ RemainAfterExit=yes
 StandardInput=null
 ProtectSystem=full
 ProtectHome=true
-ExecStart=/usr/sbin/nft -f /etc/{{ sce_nft_table_filename }}.conf
-ExecReload=/usr/sbin/nft -f /etc/{{ sce_nft_table_filename }}.conf
-ExecStop=/usr/sbin/nft delete table inet {{ sce_nft_table_name }}
+ExecStart=/usr/sbin/nft -f /etc/{{ firewall_nft_table_filename }}.conf
+ExecReload=/usr/sbin/nft -f /etc/{{ firewall_nft_table_filename }}.conf
+ExecStop=/usr/sbin/nft delete table inet {{ firewall_nft_table_name }}
 
 [Install]
 WantedBy=sysinit.target