diff options
author | Quentin <quentin@deuxfleurs.fr> | 2019-06-01 16:02:49 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2019-07-11 09:33:07 +0200 |
commit | 61d009f18d5886db8b22ae41e04bb41a4ba2fddb (patch) | |
tree | e44bb326caf3107653c7a48749527cfd77f02cf2 /ansible/roles/network/tasks/main.yml | |
download | infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.tar.gz infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.zip |
Initial commit
Diffstat (limited to 'ansible/roles/network/tasks/main.yml')
-rw-r--r-- | ansible/roles/network/tasks/main.yml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml new file mode 100644 index 0000000..7f95b0f --- /dev/null +++ b/ansible/roles/network/tasks/main.yml @@ -0,0 +1,42 @@ +- name: "Add dummy interface to handle Nomad NAT restriction nomad#2770" + template: src=nomad-interface.j2 dest=/etc/network/interfaces.d/nomad.cfg + when: public_ip != private_ip + notify: + - reload nomad interface + +- name: "Deploy iptablesv4 configuration" + template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 + notify: + - reload iptables + +- name: "Deploy iptablesv6 configuration" + copy: src=rules.v6 dest=/etc/iptables/rules.v6 + notify: + - reload ip6tables + +- name: "Activate IP forwarding" + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + +- name: "Create systemd-resolved override directory" + file: path=/etc/systemd/resolved.conf.d/ state=directory + +- name: "Prevent systemd-resolved from listening on port 53 (DNS)" + copy: src=systemd-resolve-no-listen.conf dest=/etc/systemd/resolved.conf.d/systemd-resolve-no-listen.conf + notify: reload systemd-resolved + +- name: "Use systemd-resolved as a source for /etc/resolv.conf" + file: + src: "/run/systemd/resolve/resolv.conf" + dest: "/etc/resolv.conf" + state: link + force: yes + notify: reload systemd-resolved + +- name: "Update nsswitch.conf to use systemd-resolved" + copy: src=nsswitch.conf dest=/etc/nsswitch.conf + +- name: "Flush handlers" + meta: flush_handlers |