Added a service to enable IP masquerading (NAT) because nspawn on Debian isn't

compiled with support for that.

Added a service to enable IP masquerading (NAT) because nspawn on Debian isn't
90798236 · nimrod · c392e997 · 90798236 · 90798236
Commit 90798236 authored 9 years ago by nimrod
--- a/files/nspawn-nat.service
+++ b/files/nspawn-nat.service
+[Unit]
+Description="Enable NAT on nspawn bridge due to Debian bug #787480."
+Requires=systemd-networkd
+After=systemd-networkd
+After=ufw
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+Environment=network="192.168.123.0/24"
+ExecStart=/sbin/iptables -w -t nat -A POSTROUTING -s "$network" ! -d "$network" -j MASQUERADE
+ExecStop=/sbin/iptables -w -t nat -D POSTROUTING -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE
+
+[Install]
+WantedBy=network.target
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -44,6 +44,14 @@
    group: root
    mode: '0644'

+- name: Add NAT workaround for Debian bug #787480
+  copy:
+    src: nspawn-nat.service
+    dest: /etc/systemd/system/nspawn-nat.service
+    owner: root
+    group: root
+    mode: '0644'
+
 - name: Disable networking service, enable systemd-networkd
  with_items:
  - name: systemd-resolved