ansible: shut up warnings about discovered Python interpreter

Same as for debian.

ansible.cfg

@@ -1,5 +1,6 @@
 [defaults]
 nocows = true
+interpreter_python = auto_silent
 inventory = inventory.yml
 remote_user = root
 

roles/alpine/tasks/main.yml

@@ -26,6 +26,12 @@
   hostname:
     name: '{{ dns_name }}'
 
+- name: Set up resolv.conf
+  template:
+    dest: /etc/resolv.conf
+    src: resolv.conf.j2
+    mode: 0644
+
 - name: Configure hosts
   template:
     dest: /etc/hosts

roles/proxmox-backup/tasks/main.yml

@@ -58,18 +58,6 @@
     mode: 0644
   notify: reload interfaces
 
-- name: Disable SSH password authentication
-  lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: '^#?{{ item.key }}'
-    line: '{{ item.key }} {{ item.value }}'
-  loop:
-    - key: PasswordAuthentication
-      value: 'no'
-    - key: PermitRootLogin
-      value: 'prohibit-password'
-  notify: reload sshd
-
 - name: Run SSH instance in management VRF
   when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
   block:

roles/proxmox-backup/templates/nftables.conf.j2

@@ -19,6 +19,10 @@ table inet filter {
             packet-too-big, parameter-problem, time-exceeded,
         } accept comment "accept some ICMPv6"
 
+        iif mgmt0 ip6 hoplimit 255 ip6 nexthdr icmpv6 icmpv6 type {
+            nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert
+        } accept comment "accept IPv6 neighbor discovery"
+
         # BGP / BFD sessions
         iif lan0 ip6 saddr fe80::/64 accept
         iif lan1 ip6 saddr fe80::/64 accept

templates/resolv.conf.j2

@@ -1,4 +1,4 @@
 search {{ domain }}
-{% for server in dns %}
+{% for server in dns6 %}
 nameserver {{ server }}
 {% endfor %}