diff options
| author | heqnx <root@heqnx.com> | 2025-06-27 14:36:04 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-06-27 14:36:04 +0300 |
| commit | cb3dc22df728272ad05de3684eb8dc672654a05e (patch) | |
| tree | 4c3ddd6505b82d4559ced35232e3ea028b70da1d /templates/vmbr1.conf.j2 | |
| parent | 12756a89c2089f696c9e05bf8c95a093e25521a4 (diff) | |
| download | ansible-pve-host-cb3dc22df728272ad05de3684eb8dc672654a05e.tar.gz ansible-pve-host-cb3dc22df728272ad05de3684eb8dc672654a05e.zip | |
added conditional dnsmasq setup for vmbr1 and ufw filter rules; fixed a couple of issues by removing /etc/pve/priv, no need for modifying it
Diffstat (limited to 'templates/vmbr1.conf.j2')
| -rw-r--r-- | templates/vmbr1.conf.j2 | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/templates/vmbr1.conf.j2 b/templates/vmbr1.conf.j2 new file mode 100644 index 0000000..7e00a2d --- /dev/null +++ b/templates/vmbr1.conf.j2 @@ -0,0 +1,29 @@ +# Serve DHCP only on vmbr1 +interface=vmbr1 +bind-interfaces + +# Disable DNS functionality entirely +port=0 + +# DHCP range with 12h lease time +dhcp-range={{ nat_subnet_prefix }}.100,{{ nat_subnet_prefix }}.200,12h + +# Gateway and external DNS for clients +dhcp-option=3,{{ nat_subnet_prefix }}.1 # Gateway +dhcp-option=6,1.1.1.1,1.0.0.1 # DNS servers + +# Block dnsmasq from loading unrelated configs +no-hosts +no-resolv + +# Disable ping checks and extra interfaces +no-ping +no-dhcp-interface= + +# Drop privileges +user=dnsmasq +group=dnsmasq + +# Logging +log-queries +log-dhcp |