---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Set the options that we want for the container, these are config options.
# The option is set as a YAML list which translates into "key = value" in config
container_config_options:
  - "lxc.aa_profile=unconfined"
  - "lxc.cgroup.devices.allow=a *:* rmw"
  - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"

required_inner_dirs:
  - "/lib/modules"

required_outer_dirs:
  - "/lib/modules"

kernel_modules:
  - 8021q
  - ip6table_filter
  - ip6_tables
  - ipt_REJECT
  - iptable_mangle
  - ipt_MASQUERADE
  - iptable_nat
  - nf_conntrack_ipv4
  - nf_defrag_ipv4
  - nf_nat_ipv4
  - nf_nat
  - nf_conntrack
  - iptable_filter
  - ip_tables
  - x_tables

sysctl_options:
  - { key: 'net.ipv4.conf.all.rp_filter', value: 0 }
  - { key: 'net.ipv4.conf.default.rp_filter', value: 0 }
  - { key: 'net.ipv4.ip_forward', value: 1 }
  - { key: 'net.netfilter.nf_conntrack_max', value: 262144 }