38 lines
994 B
YAML
38 lines
994 B
YAML
---
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
- name: DMZ firewall
|
|
include_role:
|
|
name: nftables.inc
|
|
allow_duplicates: true
|
|
|
|
- name: enable IP forward
|
|
copy:
|
|
content: |
|
|
net.ipv4.ip_forward=1
|
|
net.ipv6.conf.default.forwarding=1
|
|
net.ipv6.conf.all.forwarding=1
|
|
dest: /etc/sysctl.d/30-ipforward.conf
|
|
mode: 0600
|
|
notify:
|
|
- apply sysctl immediately
|
|
|
|
- name: enable kernel logging
|
|
copy:
|
|
content: |
|
|
net.netfilter.nf_log_all_netns=1
|
|
dest: /etc/sysctl.d/30-kernellog.conf
|
|
mode: 0600
|
|
notify:
|
|
- apply sysctl immediately
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
- name: commit local changes
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
vars:
|
|
msg: back firewall
|
|
### ⇐ LOCAL COMMIT ###
|
|
- meta: flush_handlers
|