nftables: Don't purge iptables on docker and KVM hosts

  libvirt-daemon-system sadly depends on iptables since Debian Bullseye so we
  have to keep iptables installed, as it otherwise removes the package which
  contains the systemd files to start the libvirt daemon :-/

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>

_modules/ffho.py

@@ -8,3 +8,6 @@ def re_search (pattern, string, flags = 0):
 
 def is_bool (value):
 	return type (value) == bool
+
+def any_item_in_list (items, list):
+	return len(set(items).intersection(set(list))) != 0

nftables/init.sls

@@ -22,11 +22,16 @@ nftables:
    - watch_in:
      - service: nftables
 
+
+{% set no_purge_roles = ['docker', 'kvm'] %}
+{% set roles = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', [])%}
+{% set not_purge_iptables = salt['ffho.any_item_in_list'](no_purge_roles, roles) %}
+
 purge-iptables:
   pkg.purged:
     - pkgs:
       - iptables-persistent
-  {%- if not 'docker' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
+  {%- if not not_purge_iptables %}
       - iptables
   {%- endif %}