common: bump nf_conntrack_max to 256k on redirect

The traffic hitting ping.archlinux.org has lately been exhausting its
default nf_conntrack_max limit of 64k. Bump it to 256k (which is also
the default limit found on systems with more than 4G of memory).

Suggested-by: Kristian Klausen <kristian@klausen.dk>

host_vars/redirect.archlinux.org/misc

@@ -4,3 +4,6 @@ wireguard_public_key: n11Ps2sc0Cxsi1sLaYFq7dkhlDtTnOZCGovRYbzDGR8=
 
 ipv4_address: "95.216.195.133"
 ipv6_address: "2a01:4f9:c010:2636::1"
+
+# The default limit of 65536 is too small to handle ping.archlinux.org traffic
+nf_conntrack_max: 262144

roles/common/tasks/main.yml

@@ -76,6 +76,14 @@
     sysctl_file: /etc/sysctl.d/net.conf
   when: tcp_wmem is defined
 
+- name: Configure size of connection tracking table
+  sysctl:
+    name: net.netfilter.nf_conntrack_max
+    value: "{{ nf_conntrack_max }}"
+    sysctl_set: true
+    sysctl_file: /etc/sysctl.d/net.conf
+  when: nf_conntrack_max is defined
+
 - name: Create drop-in directories for systemd configuration
   file: path=/etc/systemd/{{ item }}.d state=directory owner=root group=root mode=0755
   loop: