configpolicy/roles/nbd-server/tasks/main.yml

- name: ensure nbd is installed
  package:
    name: nbd
    state: present
  tags:
  - install

- name: ensure nbd user group exists
  group:
    name: nbd
    system: true
    state: present
  tags:
  - user
  - group
- name: ensure nbd user exists
  user:
    name: nbd
    system: true
    group: nbd
    home: /var/lib/nbd
    create_home: false
    shell: /sbin/nologin
    state: present
  tags:
  - user

- name: ensure nbd data directory exists
  file:
    path: /var/lib/nbd
    mode: ug=rwx,o=rx
    owner: nbd
    group: nbd
    state: directory

- name: ensure nbd-server configuration directory exists
  file:
    path: /etc/nbd-server
    mode: u=rwx,go=rx
    owner: root
    group: root
    state: directory
  tags:
  - config
- name: ensure nbd-server configuration drop-in directory exists
  file:
    path: /etc/nbd-server/config.d
    mode: u=rwx,go=rx
    owner: root
    group: root
    state: directory
  tags:
  - config
- name: ensure nbd-server is configured
  template:
    src: nbd-server.config.j2
    dest: /etc/nbd-server/config
    mode: u=rw,go=r
    owner: root
    group: root
  notify:
  - restart nbd-server
  tags:
  - config

- name: ensure nbd-server unit files exist
  copy:
    src: '{{ item }}'
    dest: /etc/systemd/system/
    mode: u=rw,go=r
    owner: root
    group: root
  loop:
  - nbd-server.socket
  - nbd-server@.service
  notify:
  - reload systemd
  - restart nbd-server
  tags:
  - systemd

- name: ensure nbd-server socket is listening
  systemd:
    name: nbd-server.socket
    state: started
  tags:
  - service

- name: ensure firewall is configured for nbd-server
  firewalld:
    service: nbd
    state: enabled
    permanent: true
    immediate: true
  tags:
  - firewall