add bundle:sysctl
This commit is contained in:
parent
8d21e15106
commit
95856a2c2d
GPG key ID:
12E3D2136B818350
10 changed files with 79 additions and 0 deletions
8
bundles/nftables/files/override.conf
Normal file
8
bundles/nftables/files/override.conf
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
|
||||
ExecStart=/usr/local/sbin/apply-sysctl
|
||||
|
||||
ExecReload=
|
||||
ExecReload=/usr/sbin/nft -f /etc/nftables.conf
|
||||
ExecReload=/usr/local/sbin/apply-sysctl
|
||||
|
|
@ -23,6 +23,14 @@ files = {
|
|||
'svc_systemd:nftables:reload',
|
||||
},
|
||||
},
|
||||
'/etc/systemd/system/nftables.service.d/bundlewrap.conf': {
|
||||
'source': 'override.conf',
|
||||
'triggers': {
|
||||
'action:systemd-reload',
|
||||
'svc_systemd:nftables:reload',
|
||||
},
|
||||
},
|
||||
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
|
|
|
|||
|
|
@ -75,6 +75,9 @@ files = {
|
|||
},
|
||||
'mode': '0700',
|
||||
},
|
||||
'/etc/sysctl.d/90-pppd.conf': {
|
||||
'content_type': 'any',
|
||||
},
|
||||
'/etc/systemd/system/pppoe.service': {
|
||||
'triggers': {
|
||||
'action:systemd-reload',
|
||||
|
|
|
|||
3
bundles/sysctl/files/99-sysctl.conf
Normal file
3
bundles/sysctl/files/99-sysctl.conf
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
% for option, value in sorted(node.metadata.get('sysctl/options', {}).items()):
|
||||
${option}=${value}
|
||||
% endfor
|
||||
31
bundles/sysctl/items.py
Normal file
31
bundles/sysctl/items.py
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
files = {
|
||||
'/usr/local/sbin/apply-sysctl': {
|
||||
'content':
|
||||
'#!/bin/sh\n'
|
||||
'\n'
|
||||
'cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -',
|
||||
'mode': '0700',
|
||||
},
|
||||
'/etc/sysctl.d/99-sysctl.conf': {
|
||||
'content_type': 'mako',
|
||||
},
|
||||
}
|
||||
|
||||
directories = {
|
||||
'/etc/sysctl.d': {
|
||||
'purge': True,
|
||||
'triggers': {
|
||||
'action:apply-sysctl-settings',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'apply-sysctl-settings': {
|
||||
'command': '/usr/local/sbin/apply-sysctl',
|
||||
'triggered': True,
|
||||
'needs': {
|
||||
'file:/usr/local/sbin/apply-sysctl',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -25,6 +25,7 @@ groups['linux'] = {
|
|||
'postfix',
|
||||
'sshmon',
|
||||
'sudo',
|
||||
'sysctl',
|
||||
'systemd',
|
||||
'systemd-networkd',
|
||||
'telegraf',
|
||||
|
|
|
|||
|
|
@ -140,6 +140,12 @@ nodes['home.nas'] = {
|
|||
'/dev/disk/by-id/ata-TS64GSSD370_B807810527',
|
||||
},
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
# XXX find out if this is really needed
|
||||
'net.ipv4.ip_forward': '1',
|
||||
},
|
||||
},
|
||||
'systemd-networkd': {
|
||||
'bonds': {
|
||||
'bond0': {
|
||||
|
|
|
|||
|
|
@ -215,6 +215,12 @@ nodes['home.router'] = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
'net.ipv4.ip_forward': '1',
|
||||
'net.ipv6.conf.all.forwarding': '1',
|
||||
},
|
||||
},
|
||||
'vnstat': {
|
||||
'generate-web-dashboard': True,
|
||||
'interface': 'enp1s0.100',
|
||||
|
|
|
|||
|
|
@ -183,6 +183,13 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
# XXX find out if this is really needed
|
||||
'net.ipv4.ip_forward': '1',
|
||||
'net.ipv6.conf.all.forwarding': '1',
|
||||
},
|
||||
},
|
||||
'vm': {
|
||||
'cpu': 2,
|
||||
'ram': 4,
|
||||
|
|
|
|||
|
|
@ -23,6 +23,12 @@ nodes['ovh.wireguard'] = {
|
|||
'cpu': 1,
|
||||
'ram': 2,
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
'net.ipv4.ip_forward': '1',
|
||||
'net.ipv6.conf.all.forwarding': '1',
|
||||
},
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.19.136.1/22',
|
||||
'peers': {
|
||||
|
|
|
|||
Loading…
Reference in a new issue