diff --git a/host_vars/vpn01/vars.yml b/host_vars/vpn01/vars.yml index 78a86bc..b45c3b2 100644 --- a/host_vars/vpn01/vars.yml +++ b/host_vars/vpn01/vars.yml @@ -2,6 +2,11 @@ ### Ansible ### ansible_host: 5.9.220.114 +ansible_host_net: /29 +ansible_host_ipv6: 2a01:4f8:262:5112::101 +ansible_host_ipv6_net: /64 +ipv4_gateway: 5.9.220.112 +ipv6_gateway: 2a01:4f8:262:5112::3 ansible_port: 22 ansible_ssh_user: root ansible_python_interpreter: /usr/bin/python3 diff --git a/host_vars/vpn02/vars.yml b/host_vars/vpn02/vars.yml index d5044d9..45b646b 100644 --- a/host_vars/vpn02/vars.yml +++ b/host_vars/vpn02/vars.yml @@ -1,4 +1,9 @@ ansible_host: 5.9.220.115 +ansible_host_net: /29 +ansible_host_ipv6: 2a01:4f8:262:5112::102 +ansible_host_ipv6_net: /64 +ipv4_gateway: 5.9.220.112 +ipv6_gateway: 2a01:4f8:262:5112::3 ansible_port: 22 ansible_ssh_user: root ansible_python_interpreter: /usr/bin/python3 diff --git a/roles/01-vpn-offloader-setup/tasks/main.yml b/roles/01-vpn-offloader-setup/tasks/main.yml index 4655d7a..89effeb 100644 --- a/roles/01-vpn-offloader-setup/tasks/main.yml +++ b/roles/01-vpn-offloader-setup/tasks/main.yml @@ -48,10 +48,24 @@ state: latest update_cache: yes +- name: Find all Netplan Files without of the freifunk file + find: + paths: /etc/netplan/ + file_type: file + excludes: + - "01-freifunk.yaml" + register: found_files + +- name: Delete files + file: + path: "{{ item.path }}" + state: absent + with_items: "{{ found_files['files'] }}" + - name: Copy Netplan Template for Internal Network ansible.builtin.template: src: netplan.j2 - dest: /etc/netplan/01-freifunk-internal.yaml + dest: /etc/netplan/01-freifunk.yaml owner: root group: root mode: 755 diff --git a/roles/01-vpn-offloader-setup/templates/netplan.j2 b/roles/01-vpn-offloader-setup/templates/netplan.j2 index 2195bf2..de5e2c8 100644 --- a/roles/01-vpn-offloader-setup/templates/netplan.j2 +++ b/roles/01-vpn-offloader-setup/templates/netplan.j2 @@ -1,5 +1,24 @@ network: ethernets: + ens18: + addresses: + - {{ ansible_host }}{{ ansible_host_net }} + - {{ ansible_host_ipv6 }}{{ ansible_host_ipv6_net }} + nameservers: + addresses: + - 1.1.1.1 + routes: + - to: default + via: {{ ipv4_gateway }} + table: 42 + - to: default + via: {{ ipv6_gateway }} + table: 42 + routing-policy: + - from: {{ ansible_host }} + table: 42 + - from: {{ ansible_host_ipv6 }} + table: 42 ens19: dhcp4: false addresses: @@ -10,5 +29,4 @@ network: routes: - to: default via: {{ core_router }} - table: 42 version: 2 \ No newline at end of file diff --git a/roles/21-install-wireguard/files/postup.sh b/roles/21-install-wireguard/files/postup.sh deleted file mode 100644 index 71d58cf..0000000 --- a/roles/21-install-wireguard/files/postup.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -ip rule add fwmark 0x4 table 42 -iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -routeExists=$(ip route show table 42 | grep '172.16.7.1') - -if [ -z "$routeExists" ]; then - ip route add default via 172.16.7.1 table 42 -fi diff --git a/roles/21-install-wireguard/tasks/main.yml b/roles/21-install-wireguard/tasks/main.yml index 3924653..ec668f9 100644 --- a/roles/21-install-wireguard/tasks/main.yml +++ b/roles/21-install-wireguard/tasks/main.yml @@ -84,16 +84,6 @@ notify: - reconfigure wireguard -- name: Copy PostUp Script - ansible.builtin.copy: - src: postup.sh - dest: /etc/wireguard/postup.sh - mode: 755 - tags: - - wg-config - notify: - - reconfigure wireguard - - name: Start and enable WireGuard service ansible.builtin.service: name: "wg-quick@vpn01" diff --git a/roles/21-install-wireguard/templates/wg.conf.j2 b/roles/21-install-wireguard/templates/wg.conf.j2 index 68e57e5..60bc852 100644 --- a/roles/21-install-wireguard/templates/wg.conf.j2 +++ b/roles/21-install-wireguard/templates/wg.conf.j2 @@ -9,9 +9,6 @@ PrivateKey = {{ wireguard_private_key }} ListenPort = {{ wireguard_port }} MTU = 1380 -PostUp = /etc/wireguard/postup.sh -PostDown = ip route del default via 172.16.7.1 table 42 - {% if wireguard_unmanaged_peers is defined %} # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable