Switch machines in Amsterdam to use nftables

[chef.git] / roles / equinix-ams.rb

diff --git a/roles/equinix-ams.rb b/roles/equinix-ams.rb
index 718a4f632541d61763cb2f9649b43d8e9a8dc3b8..13ab238788506d2f69216907f62dec5f4ea0cd17 100644 (file)
--- a/roles/equinix-ams.rb
+++ b/roles/equinix-ams.rb
@@ -3,6 +3,9 @@ description "Role applied to all servers at Equinix Amsterdam"
 
 default_attributes(
   :networking => {
+    :firewall => {
+      :engine => "nftables"
+    },
     :roles => {
       :internal => {
         :inet => {
@@ -23,6 +26,7 @@ default_attributes(
           :prefix => "64",
           :gateway => "2001:978:2:2C::172:1",
           :routes => {
+            "2001:470:1:b3b::/64" => { :type => "unreachable" },
             "2001:978:2:2c::/64" => { :type => "unreachable" },
             "2001:4860::/32" => { :type => "unreachable" },
             "2a00:1450:4000::/37" => { :type => "unreachable" }
@@ -40,7 +44,7 @@ default_attributes(
 
 override_attributes(
   :networking => {
-    :nameservers => ["10.0.48.10", "1.1.1.1", "1.0.0.1"],
+    :nameservers => ["10.0.48.10", "8.8.8.8", "8.8.4.4"],
     :search => ["ams.openstreetmap.org", "openstreetmap.org"]
   },
   :ntp => {