Skip to content
Snippets Groups Projects
Commit eb496dd1 authored by nimrod's avatar nimrod
Browse files

- Removed all bridging support until Debian bug #787480 is resolved (meanwhile I'm using MAC-VLAN).

parent c62694d3
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
files/nspawn-nat.service deleted 100644 → 0
+ 0
15
View file @ c62694d3
[Unit]
Description="Enable NAT on nspawn bridge due to Debian bug #787480."
Requires=systemd-networkd
After=systemd-networkd
After=ufw
[Service]
Type=oneshot
RemainAfterExit=yes
Environment=network="192.168.123.0/24"
ExecStart=/sbin/iptables -w -t nat -A POSTROUTING -s "$network" ! -d "$network" -j MASQUERADE
ExecStop=/sbin/iptables -w -t nat -D POSTROUTING -s "$network" ! -d "$network" -j MASQUERADE
[Install]
WantedBy=network.target
files/nspawnbr0.netdev deleted 100644 → 0
+ 0
3
View file @ c62694d3
[NetDev]
Name=nspawnbr0
Kind=bridge
files/nspawnbr0.network deleted 100644 → 0
+ 0
7
View file @ c62694d3
[Match]
Name=nspawnbr0
[Network]
Address=192.168.123.1/24
DHCPServer=yes
IPMasquerade=yes
tasks/main.yml
+ 0
54
View file @ eb496dd1
......@@ -18,11 +18,9 @@
- libnss-myhostname
- libnss-mymachines
- libnss-resolve
- ufw
- btrfs-tools
- debootstrap
- yum
- dnsmasq
- name: Create npawn configuration directory
file:
......@@ -31,55 +29,3 @@
group: root
mode: '0755'
state: directory
- name: Allow IP forwarding in UFW
ufw:
direction: routed
policy: allow
- name: Allow DHCP, DNS in UFW
with_items:
- 53
- 67
- 68
ufw:
interface: nspawnbr0
policy: allow
proto: udp
rule: allow
to_port: '{{ item }}'
- name: Configure systemd-networkd
with_fileglob:
- '*.netdev'
- '*.network'
- '*.link'
copy:
src: '{{ item }}'
dest: '/etc/systemd/network/{{ item|basename }}'
owner: root
group: root
mode: '0644'
- name: Add NAT workaround for Debian bug #787480
copy:
src: nspawn-nat.service
dest: /etc/systemd/system/nspawn-nat.service
owner: root
group: root
mode: '0644'
- name: Disable networking service, enable systemd-networkd
with_items:
- name: systemd-resolved
state: started
enabled: yes
- name: systemd-networkd
state: started
enabled: yes
- name: networking
enabled: no
service:
name: '{{ item.name }}'
state: '{{ item.state|default(omit) }}'
enabled: '{{ item.enabled }}'
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment