aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/network/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/network/tasks')
-rw-r--r--ansible/roles/network/tasks/main.yml42
1 files changed, 42 insertions, 0 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml
new file mode 100644
index 0000000..7f95b0f
--- /dev/null
+++ b/ansible/roles/network/tasks/main.yml
@@ -0,0 +1,42 @@
+- name: "Add dummy interface to handle Nomad NAT restriction nomad#2770"
+ template: src=nomad-interface.j2 dest=/etc/network/interfaces.d/nomad.cfg
+ when: public_ip != private_ip
+ notify:
+ - reload nomad interface
+
+- name: "Deploy iptablesv4 configuration"
+ template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
+ notify:
+ - reload iptables
+
+- name: "Deploy iptablesv6 configuration"
+ copy: src=rules.v6 dest=/etc/iptables/rules.v6
+ notify:
+ - reload ip6tables
+
+- name: "Activate IP forwarding"
+ sysctl:
+ name: net.ipv4.ip_forward
+ value: 1
+ sysctl_set: yes
+
+- name: "Create systemd-resolved override directory"
+ file: path=/etc/systemd/resolved.conf.d/ state=directory
+
+- name: "Prevent systemd-resolved from listening on port 53 (DNS)"
+ copy: src=systemd-resolve-no-listen.conf dest=/etc/systemd/resolved.conf.d/systemd-resolve-no-listen.conf
+ notify: reload systemd-resolved
+
+- name: "Use systemd-resolved as a source for /etc/resolv.conf"
+ file:
+ src: "/run/systemd/resolve/resolv.conf"
+ dest: "/etc/resolv.conf"
+ state: link
+ force: yes
+ notify: reload systemd-resolved
+
+- name: "Update nsswitch.conf to use systemd-resolved"
+ copy: src=nsswitch.conf dest=/etc/nsswitch.conf
+
+- name: "Flush handlers"
+ meta: flush_handlers