init.sls 771 B

1234567891011121314151617181920212223242526272829303132333435363738
  1. #
  2. # nftables state
  3. #
  4. {% if not 'no-nftables' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':tags', []) %}
  5. nftables:
  6. pkg.installed:
  7. - name: nftables
  8. service.running:
  9. - enable: true
  10. - reload: true
  11. /etc/nftables.conf:
  12. file.managed:
  13. - source: salt://nftables/nftables.conf.tmpl
  14. - template: jinja
  15. - mode: 755
  16. - require:
  17. - pkg: nftables
  18. - watch_in:
  19. - service: nftables
  20. {% set no_purge_roles = ['docker', 'kvm'] %}
  21. {% set roles = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', [])%}
  22. {% set not_purge_iptables = salt['ffho.any_item_in_list'](no_purge_roles, roles) %}
  23. purge-iptables:
  24. pkg.purged:
  25. - pkgs:
  26. - iptables-persistent
  27. {%- if not not_purge_iptables %}
  28. - iptables
  29. {%- endif %}
  30. {% endif %}