Add ability to include completely raw files #146

hashworks · 2022-08-26T21:14:44Z

I have a list of files I need to include without any header or footer, which currently isn't possible. According to the README one should use nftables::config for that which Manages a raw file in /etc/nftables/puppet/${name}.nft, but that always surrounds the provided source or content with stuff.

Currently, I have to create the files manually, which isn't clean at all:

  file { '/etc/nftables/puppet/custom-include-geoipsets.nft':
    ensure  => 'present',
    mode    => '0640',
    content => @(EOT),
    # THIS FILE IS MANAGED BY PUPPET

    include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
    include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
    |EOT
  }

  file { '/etc/nftables/puppet-preflight/custom-include-geoipsets.nft':
    ensure => 'link',
    target => '/etc/nftables/puppet/custom-include-geoipsets.nft',
  }

Am I missing something here?

There should be an ability to A) provide a list of external *.nft files to include or B) a flag for nfttables::config to use the content as-is.

The text was updated successfully, but these errors were encountered:

traylenator · 2022-08-30T14:36:17Z

Do you have the nftables::config resource you tried.

I don't use this but I would have thought it was.

nftables::config{'inet-filter':
    content => @(EOT),
    # THIS FILE IS MANAGED BY PUPPET

    include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
    include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
    |EOT,
}

presumably those dbip files are generated from something else and the sets in there will be added to inet-filter table.

traylenator · 2022-08-30T15:13:45Z

Wrong:

nftables::config{'geoip-sets':
    content => @(EOT),
    # THIS FILE IS MANAGED BY PUPPET

    include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
    include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
    |EOT,
}

Though I confess I am bit confused why the title has to xyz-abc

hashworks · 2022-08-30T16:31:05Z

This won't work, since it will always surround it with a table:

table geoip sets {
# THIS FILE IS MANAGED BY PUPPET

include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
}

traylenator · 2022-08-31T09:04:30Z

So we need a new type nftables::file that does the the whole pre-flight thing.

For example: ```puppet nftables::file{'geoip': content => "include \"/files/geoipsets/dbip/*.ipv4\"\n", } ``` will right a file or content into the nftables configuration. The file written will be included in configuration. Fixes voxpupuli#146

hashworks changed the title ~~Add ability to include completly raw files~~ Add ability to include completely raw files Aug 26, 2022

traylenator mentioned this issue Sep 1, 2022

New nftables::file type to include raw file #147

Merged

bastelfreak closed this as completed in #147 Sep 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ability to include completely raw files #146

Add ability to include completely raw files #146

hashworks commented Aug 26, 2022

traylenator commented Aug 30, 2022

traylenator commented Aug 30, 2022

hashworks commented Aug 30, 2022

traylenator commented Aug 31, 2022

Add ability to include completely raw files #146

Add ability to include completely raw files #146

Comments

hashworks commented Aug 26, 2022

traylenator commented Aug 30, 2022

traylenator commented Aug 30, 2022

hashworks commented Aug 30, 2022

traylenator commented Aug 31, 2022