105 lines
3.2 KiB
YAML
105 lines
3.2 KiB
YAML
---
|
|
- name: Create maatma container
|
|
community.general.lxc_container:
|
|
name: "{{ ctr_name }}"
|
|
backing_store: dir
|
|
container_log: true
|
|
container_log_level: DEBUG
|
|
template: download
|
|
template_options: "--dist alpine --release 3.17 --arch armhf"
|
|
state: stopped
|
|
|
|
- name: Erase container configuration
|
|
copy:
|
|
content: |
|
|
# Template used to create this container: /usr/share/lxc/templates/lxc-download
|
|
# Parameters passed to the template: --dist alpine --release 3.17 --arch armhf
|
|
# For additional config options, please look at lxc.container.conf(5)
|
|
|
|
# Uncomment the following line to support nesting containers:
|
|
#lxc.include = /usr/share/lxc/config/nesting.conf
|
|
# (Be aware this has security implications)
|
|
|
|
|
|
# Distribution configuration
|
|
lxc.include = /usr/share/lxc/config/common.conf
|
|
lxc.arch = linux32
|
|
|
|
# Container specific configuration
|
|
lxc.rootfs.path = dir:/var/lib/lxc/{{ ctr_name }}/rootfs
|
|
lxc.uts.name = {{ ctr_name }}
|
|
|
|
lxc.net.0.type = veth
|
|
lxc.net.0.flags = up
|
|
lxc.net.0.link = br0
|
|
lxc.net.0.hwaddr = de:de:d7:8e:36:5e
|
|
lxc.net.0.ipv4.address = {{ local_network.prefix4 }}201/{{ local_network.netmask4 }}
|
|
lxc.net.0.ipv4.gateway = {{ local_network.gateway }}
|
|
lxc.net.0.ipv6.address = {{ local_network.prefix6 }}:1:a/64
|
|
lxc.net.0.ipv6.gateway = {{ local_network.gateway6 }}
|
|
|
|
lxc.net.2.type = phys
|
|
lxc.net.2.flags = up
|
|
lxc.net.2.link = wg-adlin
|
|
lxc.net.2.ipv6.address = {{ maatma_network.gateway6 }}/{{ maatma_network.netmask6 }}
|
|
|
|
lxc.net.1.type = veth
|
|
lxc.net.1.flags = up
|
|
lxc.net.1.veth.pair = veth_sshpipper
|
|
lxc.net.1.ipv4.address = 169.254.42.1/30
|
|
|
|
lxc.sysctl.net.ipv6.conf.eth0.autoconf = 0
|
|
lxc.sysctl.net.ipv6.conf.all.forwarding = 1
|
|
|
|
lxc.cap.drop = setgid
|
|
lxc.cap.drop = setuid
|
|
lxc.cap.drop = setpcap
|
|
lxc.cap.drop = sys_resource
|
|
lxc.cap.drop = sys_boot
|
|
dest: "/var/lib/lxc/{{ ctr_name }}/config"
|
|
|
|
- name: Update runlevels
|
|
file:
|
|
path: "/var/lib/lxc/{{ ctr_name }}/rootfs{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "/etc/runlevels/boot/syslog"
|
|
- "/etc/runlevels/default/crond"
|
|
- "/etc/runlevels/default/networking"
|
|
|
|
- name: Copy init scripts
|
|
template:
|
|
src: "{{ item }}.init.j2"
|
|
dest: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/init.d/{{ item }}"
|
|
mode: 0755
|
|
loop:
|
|
- token-validator
|
|
- checker
|
|
- clean-wg
|
|
|
|
- name: Setup runlevels
|
|
file:
|
|
path: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/runlevels/{{ item.runlevel }}/{{ item.filename }}"
|
|
src: "/etc/init.d/{{ item.filename }}"
|
|
state: link
|
|
force: yes
|
|
loop:
|
|
- { filename: "token-validator", runlevel: "default" }
|
|
- { filename: "checker", runlevel: "default" }
|
|
- { filename: "clean-wg", runlevel: "default" }
|
|
|
|
# Does not work
|
|
- name: Setup maatma container
|
|
community.general.lxc_container:
|
|
name: "{{ ctr_name }}"
|
|
container_command: |
|
|
echo nameserver 192.168.0.254 > /etc/resolv.conf;
|
|
apk add --no-cache curl wireguard-tools-wg nftables;
|
|
state: started
|
|
|
|
- name: Create symlink for service
|
|
file:
|
|
path: "/etc/init.d/lxc.{{ ctr_name }}"
|
|
src: "/etc/init.d/lxc"
|
|
state: link
|