diff options
| author | Quentin <quentin@dufour.io> | 2020-07-05 20:37:19 +0200 |
|---|---|---|
| committer | Quentin <quentin@dufour.io> | 2020-07-05 20:37:19 +0200 |
| commit | 09878271f2a207ffb33c1f293dd26ee97cc6fff2 (patch) | |
| tree | ee8d82b8640deed41acf13ab5cce94045ebc3081 /ansible/roles/network/tasks | |
| parent | f427bcf5645d92604be3994496bf44bd93f5c7e3 (diff) | |
| parent | faf39bbb282542efa237c39f4371918589508254 (diff) | |
| download | infrastructure-09878271f2a207ffb33c1f293dd26ee97cc6fff2.tar.gz infrastructure-09878271f2a207ffb33c1f293dd26ee97cc6fff2.zip | |
Merge pull request 'Network configuration' (#1) from network_config into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/deuxfleurs.fr/pulls/1
Diffstat (limited to 'ansible/roles/network/tasks')
| -rw-r--r-- | ansible/roles/network/tasks/main.yml | 37 |
1 files changed, 9 insertions, 28 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml index 7f95b0f..2087765 100644 --- a/ansible/roles/network/tasks/main.yml +++ b/ansible/roles/network/tasks/main.yml @@ -1,42 +1,23 @@ -- name: "Add dummy interface to handle Nomad NAT restriction nomad#2770" - template: src=nomad-interface.j2 dest=/etc/network/interfaces.d/nomad.cfg - when: public_ip != private_ip - notify: - - reload nomad interface - - name: "Deploy iptablesv4 configuration" template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 - notify: - - reload iptables - name: "Deploy iptablesv6 configuration" copy: src=rules.v6 dest=/etc/iptables/rules.v6 - notify: - - reload ip6tables - name: "Activate IP forwarding" sysctl: name: net.ipv4.ip_forward - value: 1 + value: "1" sysctl_set: yes -- name: "Create systemd-resolved override directory" - file: path=/etc/systemd/resolved.conf.d/ state=directory - -- name: "Prevent systemd-resolved from listening on port 53 (DNS)" - copy: src=systemd-resolve-no-listen.conf dest=/etc/systemd/resolved.conf.d/systemd-resolve-no-listen.conf - notify: reload systemd-resolved +# These two lines are used to undo previous config, remove them once it is done +- name: "Update nsswitch.conf to not use systemd-resolved" + copy: src=nsswitch.conf dest=/etc/nsswitch.conf -- name: "Use systemd-resolved as a source for /etc/resolv.conf" - file: - src: "/run/systemd/resolve/resolv.conf" - dest: "/etc/resolv.conf" - state: link - force: yes - notify: reload systemd-resolved +- name: "Disable systemd-resolved" + systemd: + name: systemd-resolved + state: stopped + enabled: false -- name: "Update nsswitch.conf to use systemd-resolved" - copy: src=nsswitch.conf dest=/etc/nsswitch.conf -- name: "Flush handlers" - meta: flush_handlers |