bundles/nftables: store rules in dedicated files instead of nftables.conf

2021-12-14 14:03:13 +01:00 · 2021-12-14 14:03:13 +01:00 · 0101e0c92d
commit 0101e0c92d
parent 1742f51778
11 changed files with 77 additions and 102 deletions
--- a/bundles/nftables/items.py
+++ b/bundles/nftables/items.py
@ -15,7 +15,6 @@ directories = {

 files = {
    '/etc/nftables.conf': {
-        'content_type': 'mako',
        'needs': {
            'directory:/etc/nftables-rules.d',
        },
@ -30,9 +29,23 @@ files = {
            'svc_systemd:nftables:reload',
        },
    },
-
 }

+for ruleset, rules in node.metadata.get('nftables/rules', {}).items():
+    files[f'/etc/nftables-rules.d/{ruleset}'] = {
+        'source': 'rules-template',
+        'content_type': 'mako',
+        'context': {
+            'rules': rules,
+        },
+        'needed_by': {
+            'svc_systemd:nftables',
+        },
+        'triggers': {
+            'svc_systemd:nftables:reload',
+        },
+    }
+
 svc_systemd = {
    'nftables': {
        'needs': {