added systemd-override to check config before reloading/restarting

tasks/main.yml

@@ -45,6 +45,30 @@
     name: ['nftables']
     state: present
 
+- name: NFTables | Adding systemd-override directory
+  ansible.builtin.file:
+    state: directory
+    path: '/etc/systemd/system/nftables.service.d'
+    mode: 0755
+    owner: 'root'
+    group: 'root'
+
+- name: NFTables | Copying systemd-override
+  ansible.builtin.template:
+    src: "templates/etc/systemd/system/nftables.service.d/override.conf.j2"
+    dest: '/etc/systemd/system/nftables.service.d/override.conf'
+    mode: 0644
+    owner: 'root'
+    group: 'root'
+  register: nft_svc_override
+
+- name: NFTables | Loading systemd-override
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: 'nftables.service'
+    state: restarted
+  when: nft_svc_override.changed
+
 - name: NFTables | Adding config directory
   ansible.builtin.file:
     state: directory

templates/etc/nftables.conf.j2

@@ -1,6 +1,7 @@
 #!/usr/sbin/nft -f
 
 # {{ ansible_managed }}
+# ansibleguy.infra_nftables
 
 flush ruleset
 

templates/etc/nftables.d/table.nft.j2

@@ -1,5 +1,8 @@
 #!/usr/sbin/nft -f
 
+# {{ ansible_managed }}
+# ansibleguy.infra_nftables
+
 table {{ nft_table.type }} {{ nft_table_name }} {
 {% include "_includes/definition_table.j2" %}
 

templates/etc/systemd/system/nftables.service.d/override.conf.j2

@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+# ansibleguy.infra_nftables
+
+[Unit]
+Documentation=https://github.com/ansibleguy/infra_nftables
+
+[Service]
+ExecStartPre=/usr/sbin/nft -cf /etc/nftables.conf
+
+ExecReload=
+ExecReload=/usr/sbin/nft -cf /etc/nftables.conf
+ExecReload=/usr/sbin/nft -f /etc/nftables.conf
+
+Restart=on-failure
+RestartSec=5s