install.fairie/home/dot_local/share/ansible/tasks/qubes/randomize-mac.yml

35 lines
1 KiB
YAML
Raw Normal View History

2023-07-15 22:40:26 -07:00
---
- name: Add MAC address randomization configuration
become: true
copy:
content: |
[device]
wifi.scan-rand-mac-address=ye
[connection]
wifi.cloned-mac-address=stable
ethernet.cloned-mac-address=stable
connection.stable-id=${CONNECTION}/${BOOT}
# Use random IPv6 addresses per session / don't leak MAC via IPv6 (cf. RFC 4941)
ipv6.ip6-privacy=2
dest: /etc/NetworkManager/conf.d/00-randomize.conf
- name: Configure NetworkManager to use dhclient (to prevent hostname leaks)
become: true
copy:
content: |
[main]
dhcp=dhclient
dest: /etc/NetworkManager/conf.d/dhclient.conf
- name: Determine if /etc/dhcp/dhclient.conf is sending host-name
become: true
shell:
cmd: grep 'send host-name' < /etc/dhcp/dhclient.conf
changed_when: false
register: dhclient_host_name_grep
- name: Remove "send host-name" from /etc/dhcp/dhclient.conf
become: true
command: sed -i '/send host-name/d' /etc/dhcp/dhclient.conf
when: dhclient_host_name_grep.rc == 0