ansible.fftdf.supernode/roles/01-vpn-offloader-setup/tasks/main.yml

---
- name: Setup NAT
  ansible.builtin.iptables:
    chain: POSTROUTING
    table: nat
    source: "{{ internal_network }}"
    jump: MASQUERADE
  register: iptables

- name: Enable kernel panic reboots
  ansible.posix.sysctl:
    name: kernel.panic
    value: '1'

- name: Enable IPv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: true

- name: Enable IPv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: true

- name: Create Routing Table 42
  ansible.builtin.lineinfile:
    path: /etc/iproute2/rt_tables
    line: 42 ffrl
    create: yes

- name: Generate NDPPD Config
  ansible.builtin.template:
    src: ndppd.conf.j2
    dest: /etc/ndppd.conf
    owner: root
    group: root
    mode: 755

- name: Install all Packages for VPN Servers
  ansible.builtin.apt: 
    name: 
      - libndp0
      - libndp-tools
      - ndppd
      - iptables-persistent
    state: latest
    update_cache: yes

- name: Copy Netplan Template for Internal Network
  ansible.builtin.template:
    src: netplan.j2
    dest: /etc/netplan/01-freifunk-internal.yaml
    owner: root
    group: root
    mode: 755
  register: netplan_config

- name: saveip6tables
  ansible.builtin.shell: ip6tables-save > /etc/iptables/rules.v6
  when: iptables.changed

- name: saveip4tables
  ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4
  when: iptables.changed
  
- name: Apply Netplan
  ansible.builtin.shell: netplan apply
  when: netplan_config.changed

- name: Enable Proxy_NDP on interface ens19
  ansible.posix.sysctl:
    name: net.ipv6.conf.ens19.proxy_ndp
    value: '1'
    sysctl_set: true
Toller Commit 2023-02-06 22:13:32 +00:00			`---`
bugfixing indent 2023-02-26 09:52:43 +00:00			`- name: Setup NAT`
			`ansible.builtin.iptables:`
			`chain: POSTROUTING`
			`table: nat`
			`source: "{{ internal_network }}"`
			`jump: MASQUERADE`
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`register: iptables`
Toller Commit 2023-02-06 22:13:32 +00:00
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`- name: Enable kernel panic reboots`
			`ansible.posix.sysctl:`
Toller Commit 2023-02-06 22:13:32 +00:00			`name: kernel.panic`
			`value: '1'`

Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`- name: Enable IPv4 forwarding`
			`ansible.posix.sysctl:`
Toller Commit 2023-02-06 22:13:32 +00:00			`name: net.ipv4.ip_forward`
			`value: '1'`
			`sysctl_set: true`

Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`- name: Enable IPv6 forwarding`
			`ansible.posix.sysctl:`
Toller Commit 2023-02-06 22:13:32 +00:00			`name: net.ipv6.conf.all.forwarding`
			`value: '1'`
			`sysctl_set: true`
IPv6 config 2023-03-02 19:25:22 +00:00
			`- name: Create Routing Table 42`
			`ansible.builtin.lineinfile:`
			`path: /etc/iproute2/rt_tables`
			`line: 42 ffrl`
Keine ahnung 2023-03-04 13:56:15 +00:00			`create: yes`

			`- name: Generate NDPPD Config`
			`ansible.builtin.template:`
			`src: ndppd.conf.j2`
			`dest: /etc/ndppd.conf`
			`owner: root`
			`group: root`
			`mode: 755`

			`- name: Install all Packages for VPN Servers`
			`ansible.builtin.apt:`
			`name:`
			`- libndp0`
			`- libndp-tools`
			`- ndppd`
			`- iptables-persistent`
			`state: latest`
Add Netplan for Servers 2023-03-06 17:25:27 +00:00			`update_cache: yes`

			`- name: Copy Netplan Template for Internal Network`
			`ansible.builtin.template:`
			`src: netplan.j2`
			`dest: /etc/netplan/01-freifunk-internal.yaml`
			`owner: root`
			`group: root`
			`mode: 755`
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`register: netplan_config`
Add Netplan for Servers 2023-03-06 17:25:27 +00:00
Running Config with MTU Setup 2023-03-24 18:34:41 +00:00			`- name: saveip6tables`
			`ansible.builtin.shell: ip6tables-save > /etc/iptables/rules.v6`
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`when: iptables.changed`
Running Config with MTU Setup 2023-03-24 18:34:41 +00:00
			`- name: saveip4tables`
			`ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4`
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`when: iptables.changed`
Running Config with MTU Setup 2023-03-24 18:34:41 +00:00
Add Netplan for Servers 2023-03-06 17:25:27 +00:00			`- name: Apply Netplan`
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`ansible.builtin.shell: netplan apply`
			`when: netplan_config.changed`

			`- name: Enable Proxy_NDP on interface ens19`
			`ansible.posix.sysctl:`
			`name: net.ipv6.conf.ens19.proxy_ndp`
			`value: '1'`
			`sysctl_set: true`