From c392e9975df92144b5482872e6be9cf9e6503e0b Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 2 Jan 2016 00:42:04 +0200
Subject: [PATCH] - NAT is still WIP (hanged on Debian bug). - Updated TODO
 list.

---
 README.rst              |  2 ++
 files/nspawnbr0.netdev  |  3 +++
 files/nspawnbr0.network |  7 +++++++
 tasks/main.yml          | 44 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 56 insertions(+)
 create mode 100644 files/nspawnbr0.netdev
 create mode 100644 files/nspawnbr0.network

diff --git a/README.rst b/README.rst
index ebc248a..33f50f6 100644
--- a/README.rst
+++ b/README.rst
@@ -43,5 +43,7 @@ TODO
 - If root mount is NOT btrfs, then create a sparse file, format with btrfs and
   mount under /var/lib/machines.
 - Disable the networking service, use systemd-networkd.
+- Create a bridge with NAT using systemd-networkd, use dnsmasq for dns
+  resolving.
 - Create a Debian Jessie base image to clone.
 - Test mac-vlan on Vagrant.
diff --git a/files/nspawnbr0.netdev b/files/nspawnbr0.netdev
new file mode 100644
index 0000000..26f3609
--- /dev/null
+++ b/files/nspawnbr0.netdev
@@ -0,0 +1,3 @@
+[NetDev]
+Name=nspawnbr0
+Kind=bridge
diff --git a/files/nspawnbr0.network b/files/nspawnbr0.network
new file mode 100644
index 0000000..456324e
--- /dev/null
+++ b/files/nspawnbr0.network
@@ -0,0 +1,7 @@
+[Match]
+Name=nspawnbr0
+
+[Network]
+Address=192.168.123.1/24
+DHCPServer=yes
+IPMasquerade=yes
diff --git a/tasks/main.yml b/tasks/main.yml
index fc2bb79..0c0efa7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,7 +10,51 @@
   with_items:
     - systemd-sysv
     - systemd-container
+    - libnss-myhostname
+    - libnss-mymachines
+    - libnss-resolve
     - ufw
     - btrfs-tools
     - debootstrap
     - yum
+    - dnsmasq
+
+- name: Create npawn configuration directory
+  file:
+    path: /etc/systemd/nspawn
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+
+- name: Allow IP forwarding in UFW
+  ufw:
+    direction: routed
+    policy: allow
+
+- name: Configure systemd-networkd
+  with_fileglob:
+  - '*.netdev'
+  - '*.network'
+  - '*.link'
+  copy:
+    src: '{{ item }}'
+    dest: '/etc/systemd/network/{{ item|basename }}'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Disable networking service, enable systemd-networkd
+  with_items:
+  - name: systemd-resolved
+    state: started
+    enabled: yes
+  - name: systemd-networkd
+    state: started
+    enabled: yes
+  - name: networking
+    enabled: no
+  service:
+    name: '{{ item.name }}'
+    state: '{{ item.state|default(omit) }}'
+    enabled: '{{ item.enabled }}'
-- 
GitLab