Allow icinga2 in nftables

playbooks/icinga2.yml

@@ -4,6 +4,8 @@
   gather_facts: false
   hosts: all
   roles:
+    - role: common_handlers
+      tags: always
     - role: setup_nftables
   tasks:
     - name: Install required packages
@@ -20,10 +22,14 @@
   gather_facts: true
   hosts: lime2servers
   roles:
+    - role: common_handlers
+      tags: always
     - role: icinga2_master
 
 - name: Setup Icinga2 agent
   gather_facts: true
   hosts: mailservers
   roles:
+    - role: common_handlers
+      tags: always
     - role: icinga2_agent

roles/icinga2_master/files/nftables/input.d/icinga2.conf

@@ -0,0 +1 @@
+tcp dport 5665 accept comment "Allow Icinga2 from all"

roles/icinga2_master/tasks/main.yml

@@ -1,5 +1,13 @@
 ---
 
+- name: Allow incoming icinga2
+  become: true
+  ansible.builtin.copy:
+    src: nftables/input.d/icinga2.conf
+    dest: /etc/nftables/input.d/icinga2.conf
+    mode: 0640
+  notify: Reload nftables service
+
 - name: Setup Master node
   become: true
   ansible.builtin.command: