init.sls 616 B

123456789101112131415161718192021222324252627282930313233
  1. #
  2. # nftables state
  3. #
  4. {% if not 'no-nftables' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':tags', []) %}
  5. nftables:
  6. pkg.installed:
  7. - name: nftables
  8. service.running:
  9. - enable: true
  10. - reload: true
  11. /etc/nftables.conf:
  12. file.managed:
  13. - source: salt://nftables/nftables.conf.tmpl
  14. - template: jinja
  15. - mode: 755
  16. - require:
  17. - pkg: nftables
  18. - watch_in:
  19. - service: nftables
  20. purge-iptables:
  21. pkg.purged:
  22. - pkgs:
  23. - iptables-persistent
  24. {%- if not 'docker' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  25. - iptables
  26. {%- endif %}
  27. {% endif %}