mirror of
https://github.com/trailofbits/algo.git
synced 2025-06-06 15:13:56 +02:00
IPv6 fix (#1302)
This commit is contained in:
Jack Ivanov
Dan Guido
parent
7a338b511d
commit
7a6daff1ff
4 changed files with 14 additions and 23 deletions
|
|
@ -1,4 +1,10 @@
|
||||||
---
|
---
|
||||||
|
- name: Gather facts
|
||||||
|
setup:
|
||||||
|
|
||||||
|
- name: Gather additional facts
|
||||||
|
import_tasks: facts.yml
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
config_prefix: "/usr/local/"
|
config_prefix: "/usr/local/"
|
||||||
strongswan_shell: /usr/sbin/nologin
|
strongswan_shell: /usr/sbin/nologin
|
||||||
|
|
@ -23,17 +29,11 @@
|
||||||
value: 1
|
value: 1
|
||||||
- item: "{{ 'net.inet6.ip6.forwarding' if ipv6_support else none }}"
|
- item: "{{ 'net.inet6.ip6.forwarding' if ipv6_support else none }}"
|
||||||
value: 1
|
value: 1
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- setup:
|
|
||||||
|
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
package: name="{{ item }}" state=present
|
package: name="{{ item }}" state=present
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ tools|default([]) }}"
|
- "{{ tools|default([]) }}"
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Loopback included into the rc config
|
- name: Loopback included into the rc config
|
||||||
blockinfile:
|
blockinfile:
|
||||||
|
|
@ -45,8 +45,6 @@
|
||||||
ifconfig_lo100_ipv6="inet6 FCAA::1/64"
|
ifconfig_lo100_ipv6="inet6 FCAA::1/64"
|
||||||
notify:
|
notify:
|
||||||
- restart loopback bsd
|
- restart loopback bsd
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Enable the gateway features
|
- name: Enable the gateway features
|
||||||
lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}'
|
lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}'
|
||||||
|
|
@ -59,8 +57,6 @@
|
||||||
- { param: natd_flags, value: '"-dynamic -m"' }
|
- { param: natd_flags, value: '"-dynamic -m"' }
|
||||||
notify:
|
notify:
|
||||||
- restart ipfw
|
- restart ipfw
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: FreeBSD | Activate IPFW
|
- name: FreeBSD | Activate IPFW
|
||||||
shell: >
|
shell: >
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,13 @@
|
||||||
|
|
||||||
- include_tasks: ubuntu.yml
|
- include_tasks: ubuntu.yml
|
||||||
when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
|
when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
|
||||||
|
tags:
|
||||||
|
- update-users
|
||||||
|
|
||||||
- include_tasks: freebsd.yml
|
- include_tasks: freebsd.yml
|
||||||
when: '"FreeBSD" in OS.stdout'
|
when: '"FreeBSD" in OS.stdout'
|
||||||
|
tags:
|
||||||
- name: Gather additional facts
|
- update-users
|
||||||
import_tasks: facts.yml
|
|
||||||
|
|
||||||
- name: Sysctl tuning
|
- name: Sysctl tuning
|
||||||
sysctl: name="{{ item.item }}" value="{{ item.value }}"
|
sysctl: name="{{ item.item }}" value="{{ item.value }}"
|
||||||
|
|
|
||||||
|
|
@ -71,8 +71,6 @@
|
||||||
dest: /etc/systemd/network/10-algo-lo100.network
|
dest: /etc/systemd/network/10-algo-lo100.network
|
||||||
notify:
|
notify:
|
||||||
- restart systemd-networkd
|
- restart systemd-networkd
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: systemd services enabled and started
|
- name: systemd services enabled and started
|
||||||
systemd:
|
systemd:
|
||||||
|
|
@ -83,12 +81,8 @@
|
||||||
with_items:
|
with_items:
|
||||||
- systemd-networkd
|
- systemd-networkd
|
||||||
- systemd-resolved
|
- systemd-resolved
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Check apparmor support
|
- name: Check apparmor support
|
||||||
shell: apparmor_status
|
shell: apparmor_status
|
||||||
|
|
@ -99,6 +93,9 @@
|
||||||
apparmor_enabled: true
|
apparmor_enabled: true
|
||||||
when: '"profiles are in enforce mode" in apparmor_status.stdout'
|
when: '"profiles are in enforce mode" in apparmor_status.stdout'
|
||||||
|
|
||||||
|
- name: Gather additional facts
|
||||||
|
import_tasks: facts.yml
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
tools:
|
tools:
|
||||||
- git
|
- git
|
||||||
|
|
@ -116,15 +113,11 @@
|
||||||
value: 1
|
value: 1
|
||||||
- item: "{{ 'net.ipv6.conf.all.forwarding' if ipv6_support else none }}"
|
- item: "{{ 'net.ipv6.conf.all.forwarding' if ipv6_support else none }}"
|
||||||
value: 1
|
value: 1
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
package: name="{{ item }}" state=present
|
package: name="{{ item }}" state=present
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ tools|default([]) }}"
|
- "{{ tools|default([]) }}"
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Install headers
|
- name: Install headers
|
||||||
apt:
|
apt:
|
||||||
|
|
|
||||||
|
|
@ -62,6 +62,7 @@
|
||||||
- block:
|
- block:
|
||||||
- name: Local pre-tasks
|
- name: Local pre-tasks
|
||||||
import_tasks: playbooks/cloud-pre.yml
|
import_tasks: playbooks/cloud-pre.yml
|
||||||
|
become: false
|
||||||
rescue:
|
rescue:
|
||||||
- debug: var=fail_hint
|
- debug: var=fail_hint
|
||||||
tags: always
|
tags: always
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue