diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2018-09-26 13:24:00 +0200 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2018-11-10 22:31:14 +0100 |
commit | 18a6c64179d45e94466f0598a49ea34fe23fe3eb (patch) | |
tree | 96d5b8dfa8bc54ce9dca4158f9ab38fe9ce84bf0 | |
parent | 311893c3bc2bbd18669b5c80bf884e9d25889b74 (diff) | |
download | labitat-ansible-18a6c64179d45e94466f0598a49ea34fe23fe3eb.tar.gz labitat-ansible-18a6c64179d45e94466f0598a49ea34fe23fe3eb.tar.xz labitat-ansible-18a6c64179d45e94466f0598a49ea34fe23fe3eb.zip |
space_server: replace blackhole script
-rw-r--r-- | roles/space_server/files/blackhole.service | 11 | ||||
-rwxr-xr-x | roles/space_server/files/blackhole.sh | 6 | ||||
-rw-r--r-- | roles/space_server/files/network/10-lo.network | 8 | ||||
-rw-r--r-- | roles/space_server/handlers/main.yml | 6 | ||||
-rw-r--r-- | roles/space_server/tasks/blackhole.yml | 40 | ||||
-rw-r--r-- | roles/space_server/tasks/main.yml | 2 |
6 files changed, 8 insertions, 65 deletions
diff --git a/roles/space_server/files/blackhole.service b/roles/space_server/files/blackhole.service deleted file mode 100644 index e32f642..0000000 --- a/roles/space_server/files/blackhole.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Blackhole routes -Wants=network.target - -[Service] -Type=oneshot -ExecStart=/etc/systemd/scripts/blackhole.sh -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/roles/space_server/files/blackhole.sh b/roles/space_server/files/blackhole.sh deleted file mode 100755 index 56a6c10..0000000 --- a/roles/space_server/files/blackhole.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -set -e - -ip route add unreachable 185.38.175.0/24 -ip route add unreachable 2a01:4262:1ab::/48 diff --git a/roles/space_server/files/network/10-lo.network b/roles/space_server/files/network/10-lo.network index 2321ce5..9b89210 100644 --- a/roles/space_server/files/network/10-lo.network +++ b/roles/space_server/files/network/10-lo.network @@ -4,3 +4,11 @@ Name=lo [Network] Address=185.38.175.0/32 Address=2a01:4262:1ab::/128 + +[Route] +Type=unreachable +Destination=185.38.175.0/24 + +[Route] +Type=unreachable +Destination=2a01:4262:1ab::/48 diff --git a/roles/space_server/handlers/main.yml b/roles/space_server/handlers/main.yml index ee26d53..706cc13 100644 --- a/roles/space_server/handlers/main.yml +++ b/roles/space_server/handlers/main.yml @@ -5,12 +5,6 @@ state: reloaded when: not chroot -- name: restart blackhole - systemd: - name: blackhole.service - state: restarted - when: not chroot - - name: restart sshd systemd: name: sshd.service diff --git a/roles/space_server/tasks/blackhole.yml b/roles/space_server/tasks/blackhole.yml deleted file mode 100644 index cb139f7..0000000 --- a/roles/space_server/tasks/blackhole.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Create /etc/systemd/scripts - file: - dest: '/etc/systemd/scripts' - state: directory - owner: root - group: root - mode: 0755 -- name: Install blackhole script - copy: - dest: '/etc/systemd/scripts/blackhole.sh' - src: blackhole.sh - owner: root - group: root - mode: 0755 - notify: - - restart blackhole - -- name: Install blackhole service - copy: - dest: '/etc/systemd/system/blackhole.service' - src: blackhole.service - owner: root - group: root - mode: 0644 - -- name: Enable blackhole service - systemd: - name: blackhole.service - enabled: yes - masked: no - state: started - when: not chroot -- name: '- when in chroot' - command: systemctl enable blackhole.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/blackhole.service' - when: chroot - -# vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index 5b93e60..294d655 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -23,8 +23,6 @@ tags: networkd - import_tasks: nftables.yml tags: nftables -- import_tasks: blackhole.yml - tags: blackhole - import_tasks: sshd.yml tags: sshd - import_tasks: bird.yml |