Rename configure_firewall role

2024-10-13 13:35:16 +02:00 · 2024-10-13 13:35:16 +02:00 · d0746b2f1b
commit d0746b2f1b
parent 5542a21301
6 changed files with 13 additions and 13 deletions
--- a/roles/configure_firewall/defaults/main.yml
+++ b/roles/configure_firewall/defaults/main.yml
@ -1,3 +0,0 @@
---
-sce_nft_table_name: sce_table
-sce_nft_table_filename: sce-port-mapping
--- a/roles/firewall_nft/defaults/main.yml
+++ b/roles/firewall_nft/defaults/main.yml
@ -0,0 +1,3 @@
+---
+firewall_nft_table_name: sce_table
+firewall_nft_table_filename: sce-port-mapping
--- a/roles/configure_firewall/handlers/main.yml
+++ b/roles/configure_firewall/handlers/main.yml
@ -5,5 +5,5 @@

 - name: Reload port mapping service
  ansible.builtin.systemd_service:
-    name: "{{ sce_nft_table_filename }}.service"
+    name: "{{ firewall_nft_table_filename }}.service"
    state: reloaded
--- a/roles/configure_firewall/tasks/main.yml
+++ b/roles/configure_firewall/tasks/main.yml
@ -7,7 +7,7 @@
 - name: Install SCE port mapping rules
  ansible.builtin.template:
    src: nft.conf.j2
-    dest: /etc/{{ sce_nft_table_filename }}.conf
+    dest: /etc/{{ firewall_nft_table_filename }}.conf
    mode: "0755"
    validate: /usr/sbin/nft -cf %s
  notify: Reload port mapping service
@ -15,7 +15,7 @@
 - name: Install SCE port mapping systemd service
  ansible.builtin.template:
    src: nft.service.j2
-    dest: /etc/systemd/system/{{ sce_nft_table_filename }}.service
+    dest: /etc/systemd/system/{{ firewall_nft_table_filename }}.service
    mode: "0644"
  notify: Reload systemd daemon

@ -25,6 +25,6 @@

 - name: Ensure nft SCE port mapping service is started and enabled
  ansible.builtin.systemd_service:
-    name: "{{ sce_nft_table_filename }}.service"
+    name: "{{ firewall_nft_table_filename }}.service"
    state: started
    enabled: true
--- a/roles/configure_firewall/templates/nft.conf.j2
+++ b/roles/configure_firewall/templates/nft.conf.j2
@ -10,10 +10,10 @@

 # Flush and recreate the entire table
 # https://unix.stackexchange.com/questions/537030/nftables-flush-delete-when-changing-or-creating-new-table
-table inet {{ sce_nft_table_name }}
-flush table inet {{ sce_nft_table_name }}
+table inet {{ firewall_nft_table_name }}
+flush table inet {{ firewall_nft_table_name }}

-table inet {{ sce_nft_table_name }} {
+table inet {{ firewall_nft_table_name }} {
  chain sce_port_mapping {
    type nat hook prerouting priority filter + 1;
    policy accept;
--- a/roles/configure_firewall/templates/nft.service.j2
+++ b/roles/configure_firewall/templates/nft.service.j2
@ -14,9 +14,9 @@ RemainAfterExit=yes
 StandardInput=null
 ProtectSystem=full
 ProtectHome=true
-ExecStart=/usr/sbin/nft -f /etc/{{ sce_nft_table_filename }}.conf
-ExecReload=/usr/sbin/nft -f /etc/{{ sce_nft_table_filename }}.conf
-ExecStop=/usr/sbin/nft delete table inet {{ sce_nft_table_name }}
+ExecStart=/usr/sbin/nft -f /etc/{{ firewall_nft_table_filename }}.conf
+ExecReload=/usr/sbin/nft -f /etc/{{ firewall_nft_table_filename }}.conf
+ExecStop=/usr/sbin/nft delete table inet {{ firewall_nft_table_name }}

 [Install]
 WantedBy=sysinit.target