Import firewall role from network repo
Move, actually.
This commit is contained in:
parent
88061d97b2
commit
754c3da31f
21 changed files with 801 additions and 1 deletions
44
roles/firewall/tasks/main.yml
Normal file
44
roles/firewall/tasks/main.yml
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
- name: Update package cache
|
||||
package:
|
||||
update_cache: yes
|
||||
|
||||
- name: Install packages
|
||||
package:
|
||||
name: bash,bonding,iproute2
|
||||
state: latest
|
||||
|
||||
- name: Set up custom interfaces
|
||||
template:
|
||||
dest: /etc/network/interfaces.d/firewall.intf
|
||||
src: firewall.intf.j2
|
||||
mode: 0644
|
||||
notify: enable interfaces
|
||||
|
||||
- name: Set up sysctls
|
||||
template:
|
||||
dest: /etc/sysctl.d/firewall.conf
|
||||
src: sysctl.conf.j2
|
||||
|
||||
- name: Run SSH in management VRF
|
||||
lineinfile:
|
||||
path: /etc/conf.d/sshd
|
||||
regexp: "#* *vrf="
|
||||
line: "vrf=\"mgmt\""
|
||||
notify: reboot
|
||||
|
||||
- name: Set up FRR
|
||||
import_tasks: frr.yml
|
||||
|
||||
- name: Set up wireguard
|
||||
import_tasks: wireguard.yml
|
||||
|
||||
- name: Set up nftables
|
||||
import_tasks: nftables.yml
|
||||
|
||||
# causes issues in normal operation
|
||||
# the conntrack tables seem to get synced incorrectly
|
||||
#- name: Set up conntrackd
|
||||
# import_tasks: conntrackd.yml
|
||||
|
||||
- name: Set up configuration channel
|
||||
import_tasks: config.yml
|
||||
Loading…
Add table
Add a link
Reference in a new issue