- NAT is still WIP (hanged on Debian bug).

- Updated TODO list.

- NAT is still WIP (hanged on Debian bug).
c392e997 · nimrod · b29d7ad3 · c392e997 · c392e997 · c392e997
Commit c392e997 authored 9 years ago by nimrod
--- a/README.rst
+++ b/README.rst
@@ -43,5 +43,7 @@ TODO
 - If root mount is NOT btrfs, then create a sparse file, format with btrfs and
  mount under /var/lib/machines.
 - Disable the networking service, use systemd-networkd.
+- Create a bridge with NAT using systemd-networkd, use dnsmasq for dns
+  resolving.
 - Create a Debian Jessie base image to clone.
 - Test mac-vlan on Vagrant.
--- a/files/nspawnbr0.netdev
+++ b/files/nspawnbr0.netdev
+[NetDev]
+Name=nspawnbr0
+Kind=bridge
--- a/files/nspawnbr0.network
+++ b/files/nspawnbr0.network
+[Match]
+Name=nspawnbr0
+
+[Network]
+Address=192.168.123.1/24
+DHCPServer=yes
+IPMasquerade=yes
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,7 +10,51 @@
  with_items:
    - systemd-sysv
    - systemd-container
+    - libnss-myhostname
+    - libnss-mymachines
+    - libnss-resolve
    - ufw
    - btrfs-tools
    - debootstrap
    - yum
+    - dnsmasq
+
+- name: Create npawn configuration directory
+  file:
+    path: /etc/systemd/nspawn
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+
+- name: Allow IP forwarding in UFW
+  ufw:
+    direction: routed
+    policy: allow
+
+- name: Configure systemd-networkd
+  with_fileglob:
+  - '*.netdev'
+  - '*.network'
+  - '*.link'
+  copy:
+    src: '{{ item }}'
+    dest: '/etc/systemd/network/{{ item|basename }}'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Disable networking service, enable systemd-networkd
+  with_items:
+  - name: systemd-resolved
+    state: started
+    enabled: yes
+  - name: systemd-networkd
+    state: started
+    enabled: yes
+  - name: networking
+    enabled: no
+  service:
+    name: '{{ item.name }}'
+    state: '{{ item.state|default(omit) }}'
+    enabled: '{{ item.enabled }}'