Initial commit

1 files changed, 42 insertions, 0 deletions

diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml
new file mode 100644
index 0000000..7f95b0f
--- /dev/null
+++ b/ansible/roles/network/tasks/main.yml
@@ -0,0 +1,42 @@
+- name: "Add dummy interface to handle Nomad NAT restriction nomad#2770"
+  template: src=nomad-interface.j2 dest=/etc/network/interfaces.d/nomad.cfg
+  when: public_ip != private_ip
+  notify:
+    - reload nomad interface
+
+- name: "Deploy iptablesv4 configuration"
+  template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
+  notify:
+    - reload iptables
+
+- name: "Deploy iptablesv6 configuration"
+  copy: src=rules.v6 dest=/etc/iptables/rules.v6
+  notify:
+    - reload ip6tables
+
+- name: "Activate IP forwarding"
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: 1
+    sysctl_set: yes
+
+- name: "Create systemd-resolved override directory"
+  file: path=/etc/systemd/resolved.conf.d/ state=directory
+
+- name: "Prevent systemd-resolved from listening on port 53 (DNS)"
+  copy: src=systemd-resolve-no-listen.conf dest=/etc/systemd/resolved.conf.d/systemd-resolve-no-listen.conf
+  notify: reload systemd-resolved
+
+- name: "Use systemd-resolved as a source for /etc/resolv.conf"
+  file:
+    src: "/run/systemd/resolve/resolv.conf"
+    dest: "/etc/resolv.conf"
+    state: link
+    force: yes
+  notify: reload systemd-resolved
+
+- name: "Update nsswitch.conf to use systemd-resolved"
+  copy: src=nsswitch.conf dest=/etc/nsswitch.conf
+
+- name: "Flush handlers"
+  meta: flush_handlers