common: Sync from polyfloyd
This commit is contained in:
parent
b1add6ce2c
commit
97a4e95ca8
4 changed files with 21 additions and 20 deletions
|
|
@ -2,5 +2,6 @@
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
allow all;
|
allow all;
|
||||||
|
auth_basic off;
|
||||||
alias /var/lib/dehydrated/acme-challenges;
|
alias /var/lib/dehydrated/acme-challenges;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/bash.bashrc
|
path: /etc/bash.bashrc
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
regexp: "^source /usr/share/doc/fzf/{{ item }}"
|
regexp: "^source /usr/share/doc/fzf/examples/{{ item }}"
|
||||||
line: "source /usr/share/doc/fzf/examples/{{ item }} # Managed by Ansible"
|
line: "source /usr/share/doc/fzf/examples/{{ item }} # Managed by Ansible"
|
||||||
with_items:
|
with_items:
|
||||||
- key-bindings.bash
|
- key-bindings.bash
|
||||||
|
|
@ -77,12 +77,15 @@
|
||||||
- ipv6
|
- ipv6
|
||||||
notify: persist iptables
|
notify: persist iptables
|
||||||
|
|
||||||
- name: Allow IPv6 ICMP
|
- name: Allow ICMP
|
||||||
iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
protocol: ipv6-icmp
|
protocol: "{{ item.proto }}"
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
ip_version: ipv6
|
ip_version: "{{ item.ip }}"
|
||||||
|
with_items:
|
||||||
|
- { ip: ipv4, proto: icmp }
|
||||||
|
- { ip: ipv6, proto: ipv6-icmp }
|
||||||
notify: persist iptables
|
notify: persist iptables
|
||||||
|
|
||||||
- name: Allow related and established connections
|
- name: Allow related and established connections
|
||||||
|
|
|
||||||
|
|
@ -5,17 +5,14 @@
|
||||||
state: present
|
state: present
|
||||||
when: network_br
|
when: network_br
|
||||||
|
|
||||||
- lineinfile:
|
- name: Configure sysctl.conf
|
||||||
|
lineinfile:
|
||||||
path: /etc/sysctl.conf
|
path: /etc/sysctl.conf
|
||||||
regexp: ^#?net.ipv4.ip_forward
|
regexp: "^#?{{ item.k }}"
|
||||||
line: "net.ipv4.ip_forward=1 # Managed by Ansible"
|
line: "{{ item.k }}={{ item.v }} # Managed by Ansible"
|
||||||
notify: reboot
|
with_items:
|
||||||
when: network_br
|
- { k: net.ipv4.ip_forward, v: "1" }
|
||||||
|
- { k: net.ipv6.conf.all.forwarding, v: "1" }
|
||||||
- lineinfile:
|
|
||||||
path: /etc/sysctl.conf
|
|
||||||
regexp: ^#?net.ipv6.conf.all.forwarding
|
|
||||||
line: "net.ipv6.conf.all.forwarding=1 # Managed by Ansible"
|
|
||||||
notify: reboot
|
notify: reboot
|
||||||
when: network_br
|
when: network_br
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,20 +18,20 @@ iface eth0 inet manual
|
||||||
|
|
||||||
auto br0
|
auto br0
|
||||||
iface br0 inet static
|
iface br0 inet static
|
||||||
address {{ network_static.address_v4 }}
|
address {{ network_address_v4 }}
|
||||||
gateway {{ network_static.gateway_v4 }}
|
gateway {{ network_gateway_v4 }}
|
||||||
bridge_ports eth0
|
bridge_ports eth0
|
||||||
|
|
||||||
iface br0 inet6 auto
|
iface br0 inet6 auto
|
||||||
up echo -n 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping
|
up echo -n 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping
|
||||||
up ip -6 addr add {{ network_static.address_v6 }} dev br0
|
up ip -6 addr add {{ network_address_v6 }} dev br0
|
||||||
up ip -6 route add default via {{ network_static.gateway_v6 }} dev br0
|
up ip -6 route add default via {{ network_gateway_v6 }} dev br0
|
||||||
bridge_stp on
|
bridge_stp on
|
||||||
|
|
||||||
{% elif network_static %}
|
{% elif network_static %}
|
||||||
iface eth0 inet static
|
iface eth0 inet static
|
||||||
address {{ network_static.address_v4 }}
|
address {{ network_address_v4 }}
|
||||||
gateway {{ network_static.gateway_v4 }}
|
gateway {{ network_gateway_v4 }}
|
||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
iface eth0 inet dhcp
|
iface eth0 inet dhcp
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue