resources/chaosknoten/router/nftables/nftables.conf

@@ -45,7 +45,7 @@ table inet host {
         tcp dport 22 accept comment "allow ssh access"
 
         # Allow DHCP server access.
-		iifname { $if_net0_2_v4_nat, $if_net0_3_ci_runner } udp dport 67 accept comment "allow dhcp server access"
+		iifname $if_net0_3_ci_runner udp dport 67 accept comment "allow dhcp server access"
     }
 }
 

resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network

@@ -11,12 +11,6 @@ Description=v4-NAT
 # Masquerading done in nftables (nftables.conf).
 IPv6SendRA=yes
 
-DHCPServer=true
-
-[DHCPServer]
-PoolOffset=100
-PoolSize=150
-
 [Address]
 Address=10.32.2.1/24
 

roles/base_config/tasks/main.yaml

@@ -1,13 +0,0 @@
-# Ensure the ssh module is disabled, so a cloud-init config change doesn't regenerate the host keys for no reason.
-- name: check if cloud-init config file exists
-  ansible.builtin.stat:
-    path: /etc/cloud/cloud.cfg
-  register: base_config__stat_cloud_cfg
-
-- name: ensure the cloud-init ssh module is disabled
-  ansible.builtin.replace:
-    path: /etc/cloud/cloud.cfg
-    regexp: " - ssh$"
-    replace: " #- ssh"
-  become: true
-  when: base_config__stat_cloud_cfg.stat.exists