40 lines
1.0 KiB
YAML
40 lines
1.0 KiB
YAML
---
|
||
# The home-server project produces a multi-purpose setup using Ansible.
|
||
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||
|
||
- name: DMZ firewall
|
||
include_role:
|
||
name: nftables.inc
|
||
allow_duplicates: true
|
||
|
||
- name: enable IP forward
|
||
copy:
|
||
content: |
|
||
net.ipv4.ip_forward=1
|
||
net.ipv6.conf.default.forwarding=1
|
||
net.ipv6.conf.all.forwarding=1
|
||
dest: /etc/sysctl.d/30-ipforward.conf
|
||
mode: 0600
|
||
when: (env == 'prod')
|
||
notify:
|
||
- apply sysctl immediately
|
||
|
||
- name: enable kernel logging
|
||
copy:
|
||
content: |
|
||
net.netfilter.nf_log_all_netns=1
|
||
dest: /etc/sysctl.d/30-kernellog.conf
|
||
mode: 0600
|
||
when: (env == 'prod')
|
||
notify:
|
||
- apply sysctl immediately
|
||
|
||
### LOCAL COMMIT ⇒ ###
|
||
- name: commit local changes
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
||
vars:
|
||
msg: back firewall
|
||
### ⇐ LOCAL COMMIT ###
|
||
- meta: flush_handlers
|