36 lines
917 B
YAML
36 lines
917 B
YAML
- hosts: localhost
|
|
tasks:
|
|
- name: Install firewall packages
|
|
package:
|
|
name:
|
|
- nftables
|
|
state: present
|
|
- name: Create firewall rules directory
|
|
file:
|
|
state: directory
|
|
path: /etc/nftables.d
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
- name: Firewall rules
|
|
template:
|
|
src: files/firewall_rules.nft.j2
|
|
dest: /etc/nftables.d/noveria.nft
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
vars:
|
|
ALLOWED_PORTS: [80, 443]
|
|
- name: Additional pterodactyl rules
|
|
template:
|
|
src: files/firewall_pterodactyl-rules.j2
|
|
dest: /etc/nftables.d/pterodactyl.nft
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
when: installation_type == 'gaming'
|
|
- name: Enable nftables service
|
|
service:
|
|
name: nftables
|
|
state: started
|
|
enabled: true
|