Add networking

network/files/firewall_rules.nft.j2

@@ -0,0 +1,11 @@
+## This file is managed by Ansible
+#!/usr/sbin/nft
+
+table inet filter {
+  chain input {
+    tcp dport 22 accept
+    {%- for port in ALLOWED_PORTS %}
+    tcp dport {{ port }} accept
+    {%- endfor %}
+  }
+}

network/files/network_interfaces

@@ -0,0 +1,8 @@
+auto eth0
+iface eth0 inet dhcp
+
+auto lo
+iface lo inet loopback
+iface lo inet static
+    address 127.0.0.2/8
+    broadcast 0.0.0.0

network/firewall.ansible.yml

@@ -0,0 +1,28 @@
+- hosts: localhost
+  tasks:
+    - name: Install firewall packages
+      package:
+        name:
+          - nftables
+        state: present
+    - name: Create firewall rules directory
+      file:
+        state: directory
+        path: /etc/nftables.d
+        owner: root
+        group: root
+        mode: '0755'
+    - name: Firewall rules
+      template:
+        src: files/firewall_rules.nft.j2
+        dest: /etc/nftables.d/noveria.nft
+        owner: root
+        group: root
+        mode: '0600'
+      vars:
+        ALLOWED_PORTS: [80, 443, 25565, 51871]
+    - name: Enable nftables service
+      service:
+        name: nftables
+        state: started
+        enabled: true

network/init.ansible.yml

@@ -1 +1,16 @@
-- import_playbook:
+- import_playbook: firewall.ansible.yml
+
+- hosts: localhost
+  tasks:
+    - name: Populate interfaces
+      template:
+        src: files/network_interfaces
+        dest: /etc/network/interfaces
+        owner: root
+        group: root
+        mode: '0644'
+    - name: Enable networking service
+      service:
+        name: networking
+        state: started
+        enabled: true

top.ansible.yml

@@ -1,2 +1,4 @@
 - import_playbook: directories.ansible.yml
 - import_playbook: system/init.ansible.yml
+- import_playbook: network/init.ansible.yml
+- import_playbook: apps/init.ansible.yml