Move IPv6 privacy extension settings to 'networking' role
Also set privacy extension to 'preferred' in connman.
This commit is contained in:
parent
9ec9793663
commit
1b13b408a0
|
@ -79,14 +79,6 @@
|
|||
state: present
|
||||
reload: false
|
||||
|
||||
- name: essential | Set privacy extension for IPv6
|
||||
ansible.posix.sysctl:
|
||||
name: net.ipv6.conf.{{ item.name }}.use_tempaddr
|
||||
value: '2'
|
||||
state: present
|
||||
reload: false
|
||||
loop: '{{ network_interfaces + [{"name": "default"}, {"name": "all"}] }}'
|
||||
|
||||
- name: essential | Change the tty font to {{ console_font }}
|
||||
lineinfile:
|
||||
path: /etc/conf.d/consolefont
|
||||
|
|
|
@ -7,6 +7,21 @@
|
|||
group: root
|
||||
mode: '644'
|
||||
|
||||
# NOTE: These only get applied on next boot
|
||||
- name: networking | Set privacy extension for IPv6
|
||||
ansible.posix.sysctl:
|
||||
name: '{{ (item | split("=") | map("trim") | list)[0] }}'
|
||||
value: '{{ (item | split("=") | map("trim") | list)[1] | quote_single }}'
|
||||
state: present
|
||||
reload: false
|
||||
loop:
|
||||
- net.ipv6.conf.all.use_tempaddr = 2
|
||||
- net.ipv6.conf.default.use_tempaddr = 2
|
||||
- net.ipv6.conf.all.temp_prefered_lft = 60
|
||||
- net.ipv6.conf.default.temp_prefered_lft = 60
|
||||
- net.ipv6.conf.all.temp_valid_lft = 1440
|
||||
- net.ipv6.conf.default.temp_valid_lft = 1440
|
||||
|
||||
- name: networking | Install {{ dhcp_client }}
|
||||
community.general.apk:
|
||||
name: '{{ dhcp_client }}'
|
||||
|
|
|
@ -10,12 +10,12 @@ DeviceName = {{ interface.name }}
|
|||
IPv4 = {{ interface.ip4_addr | ansible.utils.ipv4('address') }}/{{ interface.ip4_addr | ansible.utils.ipv4('netmask') }}/{{ interface.ip4_gateway | ansible.utils.ipv4('address') }}
|
||||
{% else %}
|
||||
IPv4 = {{ interface.ip4_type }}
|
||||
{% endif%}
|
||||
{% endif %}
|
||||
{% if interface.ip6_type == 'static' %}
|
||||
IPv6 = {{ interface.ip6_addr | ansible.utils.ipv6('host/prefix') }}/{{ interface.ip6_gateway | ansible.utils.ipv6('address') }}
|
||||
{% else %}
|
||||
IPv6 = {{ interface.ip6_type }}
|
||||
{% endif%}
|
||||
IPv6.Privacy = enabled
|
||||
{% endif %}
|
||||
IPv6.Privacy = preferred
|
||||
|
||||
{% endfor%}
|
||||
{% endfor %}
|
||||
|
|
|
@ -173,7 +173,7 @@ table inet filter {
|
|||
|
||||
chain forward_libvirt {
|
||||
# NOTE: use 10.0.0.0/8 or 172.16.0.0/12 subnets for the LAN network instead
|
||||
# These rules naively defeat the purpose of having multiple separated subnets but I'm fine with it being on my desktops
|
||||
# These rules naively defeat the purpose of having multiple libvirt bridges but I'm fine with it being on my desktops
|
||||
oifname "virbr*" ip daddr 192.168.0.0/16 ct state { established, related } accept
|
||||
iifname "virbr*" ip saddr 192.168.0.0/16 accept
|
||||
iifname "virbr*" oifname "virbr*" accept
|
||||
|
|
Reference in New Issue