52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
---
|
|
- name: libvirt | Add nftables rules for libvirt bridge (NAT mode)
|
|
patch:
|
|
backup: yes
|
|
src: libvirt-nftables.patch
|
|
dest: /etc/nftables.nft
|
|
state: present
|
|
notify: Reload nftables ruleset
|
|
|
|
- name: libvirt | Allow IPv6 RA passthrough to libvirt NAT
|
|
lineinfile:
|
|
path: /etc/sysctl.d/custom.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
search_string: eth0.accept_ra
|
|
line: net.ipv6.conf.eth0.accept_ra = 2
|
|
notify: Load custom sysctl settings
|
|
|
|
- name: libvirt | Allow the normal user to interact with qemu system instance
|
|
lineinfile:
|
|
path: /etc/libvirt/qemu.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
regexp: '^#?user = "'
|
|
line: 'user = "{{ username }}"'
|
|
|
|
- name: libvirt | Allow kvm group to interact with qemu system instance
|
|
lineinfile:
|
|
path: /etc/libvirt/qemu.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
regexp: '^#?group = "'
|
|
line: 'group = "kvm"'
|
|
|
|
- name: libvirt | Start modular services on runlevel 'default'
|
|
service:
|
|
name: '{{ item }}'
|
|
runlevel: default
|
|
enabled: yes
|
|
state: started
|
|
loop:
|
|
- virtinterfaced
|
|
- virtlockd
|
|
- virtlogd
|
|
- virtnetworkd
|
|
- virtnodedevd
|
|
- virtqemud
|
|
- virtstoraged
|