From 18a6c64179d45e94466f0598a49ea34fe23fe3eb Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Wed, 26 Sep 2018 13:24:00 +0200 Subject: space_server: replace blackhole script --- roles/space_server/files/blackhole.service | 11 ------- roles/space_server/files/blackhole.sh | 6 ---- roles/space_server/files/network/10-lo.network | 8 ++++++ roles/space_server/handlers/main.yml | 6 ---- roles/space_server/tasks/blackhole.yml | 40 -------------------------- roles/space_server/tasks/main.yml | 2 -- 6 files changed, 8 insertions(+), 65 deletions(-) delete mode 100644 roles/space_server/files/blackhole.service delete mode 100755 roles/space_server/files/blackhole.sh delete mode 100644 roles/space_server/tasks/blackhole.yml diff --git a/roles/space_server/files/blackhole.service b/roles/space_server/files/blackhole.service deleted file mode 100644 index e32f642..0000000 --- a/roles/space_server/files/blackhole.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Blackhole routes -Wants=network.target - -[Service] -Type=oneshot -ExecStart=/etc/systemd/scripts/blackhole.sh -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/roles/space_server/files/blackhole.sh b/roles/space_server/files/blackhole.sh deleted file mode 100755 index 56a6c10..0000000 --- a/roles/space_server/files/blackhole.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -set -e - -ip route add unreachable 185.38.175.0/24 -ip route add unreachable 2a01:4262:1ab::/48 diff --git a/roles/space_server/files/network/10-lo.network b/roles/space_server/files/network/10-lo.network index 2321ce5..9b89210 100644 --- a/roles/space_server/files/network/10-lo.network +++ b/roles/space_server/files/network/10-lo.network @@ -4,3 +4,11 @@ Name=lo [Network] Address=185.38.175.0/32 Address=2a01:4262:1ab::/128 + +[Route] +Type=unreachable +Destination=185.38.175.0/24 + +[Route] +Type=unreachable +Destination=2a01:4262:1ab::/48 diff --git a/roles/space_server/handlers/main.yml b/roles/space_server/handlers/main.yml index ee26d53..706cc13 100644 --- a/roles/space_server/handlers/main.yml +++ b/roles/space_server/handlers/main.yml @@ -5,12 +5,6 @@ state: reloaded when: not chroot -- name: restart blackhole - systemd: - name: blackhole.service - state: restarted - when: not chroot - - name: restart sshd systemd: name: sshd.service diff --git a/roles/space_server/tasks/blackhole.yml b/roles/space_server/tasks/blackhole.yml deleted file mode 100644 index cb139f7..0000000 --- a/roles/space_server/tasks/blackhole.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Create /etc/systemd/scripts - file: - dest: '/etc/systemd/scripts' - state: directory - owner: root - group: root - mode: 0755 -- name: Install blackhole script - copy: - dest: '/etc/systemd/scripts/blackhole.sh' - src: blackhole.sh - owner: root - group: root - mode: 0755 - notify: - - restart blackhole - -- name: Install blackhole service - copy: - dest: '/etc/systemd/system/blackhole.service' - src: blackhole.service - owner: root - group: root - mode: 0644 - -- name: Enable blackhole service - systemd: - name: blackhole.service - enabled: yes - masked: no - state: started - when: not chroot -- name: '- when in chroot' - command: systemctl enable blackhole.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/blackhole.service' - when: chroot - -# vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index 5b93e60..294d655 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -23,8 +23,6 @@ tags: networkd - import_tasks: nftables.yml tags: nftables -- import_tasks: blackhole.yml - tags: blackhole - import_tasks: sshd.yml tags: sshd - import_tasks: bird.yml -- cgit v1.2.1