From cd46ebf17b7fba2c3f6cad1e7c2cf8b4edf3ada5 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 2 Oct 2019 20:03:43 +0200
Subject: fix vmhost network configs

---
 dan/sk-2019vm.yml               | 18 ++++++++++++++++++
 roles/vm/host/tasks/network.yml |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml
index 00c6a067..42354bc6 100644
--- a/dan/sk-2019vm.yml
+++ b/dan/sk-2019vm.yml
@@ -9,3 +9,21 @@
   - role: cryptdisk
   - role: zfs/base
   - role: vm/host
+  tasks:
+    - name: install post-boot script
+      copy:
+        dest: /usr/local/bin/post-boot
+        mode: 0755
+        content: |
+          #!/bin/bash
+          set -e
+
+          {% for name, volume in  cryptdisk_volumes.items() %}
+          cryptsetup luksOpen '{{ volume.device }}' '{{ name }}'
+          {% endfor %}
+          systemctl restart zfs-import-cache.service
+          systemctl restart zfs-mount.service
+          mount -a
+
+          sleep 2
+          systemctl restart libvirtd.service
diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml
index 7ce3de45..16fe9314 100644
--- a/roles/vm/host/tasks/network.yml
+++ b/roles/vm/host/tasks/network.yml
@@ -19,6 +19,8 @@
         up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
         up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
       {% if 'nat' in vm_host.network and vm_host.network.nat %}
+        up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
+        up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
         up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
         down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
       {% endif %}
-- 
cgit v1.2.3