feat: Merge rules and tables in one file

tasks/configuration.yml

@@ -27,18 +27,15 @@
   vars:
     specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"
 
-- name: Déployer les règles
-  ansible.builtin.template:
-    owner: root
-    group: root
-    mode: u=rw,g=,o=
-    src: "{{ role_path }}/templates/rules.conf.j2"
-    dest: "/srv/nftables/rules_{{ item.filename }}.conf"
-  loop: "{{ nftables_rules }}"
-  loop_control:
-    label: "{{ item.filename }}"
-  become: true
-  notify: Redémarrer nftables.service
+#- name: Déployer les règles
+#  ansible.builtin.template:
+#    owner: root
+#    group: root
+#    mode: u=rw,g=,o=
+#    src: "{{ role_path }}/templates/rules.conf.j2"
+#    dest: "/srv/nftables/rules.conf"
+#  become: true
+#  notify: Redémarrer nftables.service
 
 - name: Déployer les tables
   ansible.builtin.template:

templates/nftables.conf.j2

@@ -16,8 +16,8 @@ table inet filter {
     # accept neighbour discovery otherwise IPv6 connectivity breaks.
     ip6 nexthdr icmpv6 icmpv6 type {nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert} accept
 
-    # include specifics rules
-    include "/srv/nftables/rules_*.conf"
+    # include specific rules
+    include "/srv/nftables/rules.conf"
 
     # count and drop any other traffic
     counter drop

templates/rules.conf.j2

@@ -1,5 +1,7 @@
 # {{ ansible_managed }}
 
-{% for rule in item.rules %}
-{{ rule }}
+{% for item in nftables_rules %}
+# {{ item.comment }}
+{{ item.rules | join('\n') }}
+
 {% endfor %}