Limit NAT to IPv4 interfaces

[chef.git] / roles / ucl.rb

diff --git a/roles/ucl.rb b/roles/ucl.rb
index 7f74979a5e81070e07f963df9e3c2e0d72481209..1bfa54c201c09383158ef85796f8bb7f98f1d5b5 100644 (file)
--- a/roles/ucl.rb
+++ b/roles/ucl.rb
@@ -4,11 +4,17 @@ description "Role applied to all servers at UCL"
 default_attributes(
   :location => "Slough, England",
   :networking => {
+    :firewall => {
+      :engine => "nftables"
+    },
     :roles => {
       :internal => {
         :inet => {
           :prefix => "20",
-          :gateway => "10.0.0.3"
+          :gateway => "10.0.0.3",
+          :routes => {
+            "10.0.0.0/8" => { :via => "10.0.0.3" }
+          }
         }
       },
       :external => {
@@ -18,6 +24,9 @@ default_attributes(
           :gateway => "193.60.236.254"
         }
       }
+    },
+    :wireguard => {
+      :keepalive => 180
     }
   }
 )
@@ -33,6 +42,5 @@ override_attributes(
 )
 
 run_list(
-  "role[gb]",
-  "recipe[prometheus]"
+  "role[gb]"
 )