From 99ce768a7d6fe9e828caf932554c4e095c1d00b2 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Fri, 11 Jan 2019 07:45:58 +0100
Subject: lxc-host: Moving to its own playbook. Adding arius-test1. Only
 configuring ipv4/6 forwarding for the created interface. Adding configurable
 ipv6 address too. wireguard: Tagging old nets with never. nftables: Trying
 out portforwarding on arius.

---
 ansible/host_vars/arius-test1/elasticsearch.yml |  4 ++++
 ansible/host_vars/arius/lxc.yml                 |  4 ++++
 ansible/host_vars/arius/nftables.yml            | 23 +++++++++++++++++++++++
 ansible/host_vars/fuckaduck/elasticsearch.yml   |  4 ----
 4 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 ansible/host_vars/arius-test1/elasticsearch.yml
 create mode 100644 ansible/host_vars/arius/lxc.yml
 delete mode 100644 ansible/host_vars/fuckaduck/elasticsearch.yml

(limited to 'ansible/host_vars')

diff --git a/ansible/host_vars/arius-test1/elasticsearch.yml b/ansible/host_vars/arius-test1/elasticsearch.yml
new file mode 100644
index 0000000..1eb42bc
--- /dev/null
+++ b/ansible/host_vars/arius-test1/elasticsearch.yml
@@ -0,0 +1,4 @@
+elasticsearch__state: present
+elasticsearch__data_dir: /opt/elasticsearch/data
+elasticsearch__http_port: 9201
+elasticsearch__tcp_port: 9301
diff --git a/ansible/host_vars/arius/lxc.yml b/ansible/host_vars/arius/lxc.yml
new file mode 100644
index 0000000..5eea54d
--- /dev/null
+++ b/ansible/host_vars/arius/lxc.yml
@@ -0,0 +1,4 @@
+lxc_host__containers:
+  test1:
+    state: started
+    host_database: arius-test1
diff --git a/ansible/host_vars/arius/nftables.yml b/ansible/host_vars/arius/nftables.yml
index 6f4f167..8a276ff 100644
--- a/ansible/host_vars/arius/nftables.yml
+++ b/ansible/host_vars/arius/nftables.yml
@@ -43,3 +43,26 @@ nftables_tables:
           - position: 1
             statement: ""
 #            statement: "ip daddr 192.0.2.100 counter"
+
+  - name: nat
+    family: ip
+    chains:
+      - name: "prerouting"
+        base:
+          type: "nat"
+          hook: "prerouting"
+          priority: 0
+        rules:
+#          - position: 1
+#            statement: "iif wlp1s0 tcp dport { 2222 } dnat 192.168.10.176:22"
+          - position: 1
+            statement: ""
+
+      - name: "postrouting"
+        base:
+          type: "nat"
+          hook: "postrouting"
+          priority: 100
+        rules:
+          - position: 1
+            statement: "masquerade random,persistent"
diff --git a/ansible/host_vars/fuckaduck/elasticsearch.yml b/ansible/host_vars/fuckaduck/elasticsearch.yml
deleted file mode 100644
index 1eb42bc..0000000
--- a/ansible/host_vars/fuckaduck/elasticsearch.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-elasticsearch__state: present
-elasticsearch__data_dir: /opt/elasticsearch/data
-elasticsearch__http_port: 9201
-elasticsearch__tcp_port: 9301
-- 
cgit v1.2.3