From 1c9619633840a0e7588a5fdf6996faddf32e8090 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Mon, 27 Aug 2018 20:36:21 +0200
Subject: o Disable IPv6 in LXC containers. o Create LXC configuration from
 Ansible vars.

---
 ansible/roles/lxc-machine/handlers/main.yml |  6 ++++++
 ansible/roles/lxc-machine/tasks/main.yml    | 11 +++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 ansible/roles/lxc-machine/handlers/main.yml

(limited to 'ansible/roles/lxc-machine')

diff --git a/ansible/roles/lxc-machine/handlers/main.yml b/ansible/roles/lxc-machine/handlers/main.yml
new file mode 100644
index 0000000..3f96231
--- /dev/null
+++ b/ansible/roles/lxc-machine/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart sysctl
+  service:
+    name: systemd-sysctl.service
+    state: restarted
+
diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml
index 24d64c8..626428c 100644
--- a/ansible/roles/lxc-machine/tasks/main.yml
+++ b/ansible/roles/lxc-machine/tasks/main.yml
@@ -10,5 +10,16 @@
         install_recommends: no
       with_items:
         - systemd-cron
+        - ca-certificates
+        - unzip
+        - sudo
+
+- name: disable ipv6
+  tags:
+    - disable-ipv6
+  copy:
+    dest: /etc/sysctl.d/99-disable-ipv6.conf
+    content: net.ipv6.conf.all.disable_ipv6=1
+  notify: restart sysctl
 
 # TODO: unattended upgrades, postfix client
-- 
cgit v1.2.3