lxc-host: Moving to its own playbook. Adding arius-test1. Only

configuring ipv4/6 forwarding for the created interface. Adding
configurable ipv6 address too.
wireguard: Tagging old nets with never.
nftables: Trying out portforwarding on arius.

3 files changed, 27 insertions, 0 deletions

diff --git a/ansible/host_vars/fuckaduck/elasticsearch.yml b/ansible/host_vars/arius-test1/elasticsearch.yml
index 1eb42bc..1eb42bc 100644
--- a/ansible/host_vars/fuckaduck/elasticsearch.yml
+++ b/ansible/host_vars/arius-test1/elasticsearch.yml
diff --git a/ansible/host_vars/arius/lxc.yml b/ansible/host_vars/arius/lxc.yml
new file mode 100644
index 0000000..5eea54d
--- /dev/null
+++ b/ansible/host_vars/arius/lxc.yml
@@ -0,0 +1,4 @@
+lxc_host__containers:
+  test1:
+    state: started
+    host_database: arius-test1
diff --git a/ansible/host_vars/arius/nftables.yml b/ansible/host_vars/arius/nftables.yml
index 6f4f167..8a276ff 100644
--- a/ansible/host_vars/arius/nftables.yml
+++ b/ansible/host_vars/arius/nftables.yml
@@ -43,3 +43,26 @@ nftables_tables:
           - position: 1
             statement: ""
 #            statement: "ip daddr 192.0.2.100 counter"
+
+  - name: nat
+    family: ip
+    chains:
+      - name: "prerouting"
+        base:
+          type: "nat"
+          hook: "prerouting"
+          priority: 0
+        rules:
+#          - position: 1
+#            statement: "iif wlp1s0 tcp dport { 2222 } dnat 192.168.10.176:22"
+          - position: 1
+            statement: ""
+
+      - name: "postrouting"
+        base:
+          type: "nat"
+          hook: "postrouting"
+          priority: 100
+        rules:
+          - position: 1
+            statement: "masquerade random,persistent"