Select Git revision
main.yml 1.96 KiB
---
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/systemd_module.html
- name: systemctl daemon-reload
ansible.builtin.systemd:
daemon-reload: true
- name: enable systemd-units
ansible.builtin.command: "systemctl enable /etc/systemd/user/{{ item }}.service"
loop: "{{ vault_service_files.keys() | list }}"
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/systemd_module.html
- name: restart repairtools
ansible.builtin.systemd:
name: "{{ item }}.service"
state: restarted
loop: "{{ vault_service_files.keys() | list }}"
- name: save iptables rules (Debian)
block:
- name: Ordner für iptables-Config erstellen
ansible.builtin.file:
path: "/etc/iptables"
state: directory
owner: "root"
group: "root"
mode: "0755"
listen: "save iptables rules"
- name: install netfilter-persistent to be able to save iptables rules
ansible.builtin.apt:
name: netfilter-persistent
state: present
listen: "save iptables rules"
# we exclude this task from being linted for "no-changed-when", because handlers only ever run if there's a change triggered by a task
- name: save iptables rules
ansible.builtin.command: 'netfilter-persistent save' # noqa no-changed-when
listen: "save iptables rules"
when: ansible_os_family == "Debian"
- name: save iptables rules (RedHat)
block:
- name: make sure iptables config file exists
ansible.builtin.file:
path: "/etc/sysconfig/iptables"
state: touch
owner: "root"
group: "root"
mode: "0600"
listen: "save iptables rules"
# we exclude this task from being linted for "no-changed-when", because handlers only ever run if there's a change triggered by a task
- name: save rules
ansible.builtin.command: /usr/sbin/iptables-save # noqa no-changed-when
listen: "save iptables rules"
when: ansible_os_family == "RedHat"