40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
- name: ensure outside-address dhcpcd hook is installed
|
|
copy:
|
|
src=outside-address.dhcpcd-hook
|
|
dest=/usr/libexec/dhcpcd-hooks/10-outside-address
|
|
mode=0444
|
|
notify: rebind dhcp leases
|
|
- meta: flush_handlers
|
|
|
|
- name: ensure ipv4 forwarding is enabled
|
|
sysctl:
|
|
name=net.ipv4.conf.all.forwarding
|
|
value=1
|
|
sysctl_file=/etc/sysctl.d/ip-forwarding.conf
|
|
state=present
|
|
- name: ensure ipv6 forwarding is enabled
|
|
sysctl:
|
|
name=net.ipv6.conf.all.forwarding
|
|
value=1
|
|
sysctl_file=/etc/sysctl.d/ip-forwarding.conf
|
|
state=present
|
|
|
|
- name: ensure ipv4 nat rules are configured
|
|
copy:
|
|
src=ipv4-nat.nft
|
|
dest=/etc/nftables/ruleset.d/10_ipv4-nat.nft
|
|
mode=0644
|
|
notify: reload nftables
|
|
- name: ensure port forwards are configured
|
|
template:
|
|
src=port-forwards.nft.j2
|
|
dest=/etc/nftables/ruleset.d/70_port-forwards.nft
|
|
mode=0644
|
|
notify: reload nftables
|
|
- name: ensure ip masquerading is configured
|
|
template:
|
|
src=masquerade.nft.j2
|
|
dest=/etc/nftables/ruleset.d/90_masquerade.nft
|
|
mode=0644
|
|
notify: reload nftables
|