Ivo C.S. Wingelaar
67681b6fdc
This role is intended for simple port forwarding via `nftables` rules.
29 lines
812 B
YAML
29 lines
812 B
YAML
---
|
|
- name: Install nftables
|
|
ansible.builtin.apt:
|
|
pkg: nftables
|
|
state: present
|
|
|
|
- name: Install SCE port mapping rules
|
|
ansible.builtin.template:
|
|
src: nft.conf.j2
|
|
dest: /etc/{{ sce_nft_table_filename }}.conf
|
|
mode: "0755"
|
|
validate: /usr/sbin/nft -cf %s
|
|
notify: Reload port mapping service
|
|
|
|
- name: Install SCE port mapping systemd service
|
|
ansible.builtin.template:
|
|
src: nft.service.j2
|
|
dest: /etc/systemd/system/{{ sce_nft_table_filename }}.service
|
|
notify: Reload systemd daemon
|
|
|
|
# Must be placed here to ensure proper ordering of events
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: Ensure nft SCE port mapping service is started and enabled
|
|
ansible.builtin.systemd_service:
|
|
name: "{{ sce_nft_table_filename }}.service"
|
|
state: started
|
|
enabled: true
|