Merge pull request 'Enable IPv6 on Host' (#1) from ipv6_on_host into tdf7

Reviewed-on: #1

host_vars/vpn01/vars.yml

@@ -2,6 +2,11 @@
 ### Ansible
 ###
 ansible_host: 5.9.220.114
+ansible_host_net: /29
+ansible_host_ipv6: 2a01:4f8:262:5112::101
+ansible_host_ipv6_net: /64
+ipv4_gateway: 5.9.220.112
+ipv6_gateway: 2a01:4f8:262:5112::3
 ansible_port: 22
 ansible_ssh_user: root
 ansible_python_interpreter: /usr/bin/python3

host_vars/vpn02/vars.yml

@@ -1,4 +1,9 @@
 ansible_host: 5.9.220.115
+ansible_host_net: /29
+ansible_host_ipv6: 2a01:4f8:262:5112::102
+ansible_host_ipv6_net: /64
+ipv4_gateway: 5.9.220.112
+ipv6_gateway: 2a01:4f8:262:5112::3
 ansible_port: 22
 ansible_ssh_user: root
 ansible_python_interpreter: /usr/bin/python3

roles/01-vpn-offloader-setup/tasks/main.yml

@@ -48,10 +48,24 @@
     state: latest
     update_cache: yes
 
+- name: Find all Netplan Files without of the freifunk file 
+  find:
+    paths: /etc/netplan/
+    file_type: file
+    excludes: 
+      - "01-freifunk.yaml"
+  register: found_files
+
+- name: Delete files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ found_files['files'] }}"
+
 - name: Copy Netplan Template for Internal Network
   ansible.builtin.template:
     src: netplan.j2
-    dest: /etc/netplan/01-freifunk-internal.yaml
+    dest: /etc/netplan/01-freifunk.yaml
     owner: root
     group: root
     mode: 755

roles/01-vpn-offloader-setup/templates/netplan.j2

@@ -1,5 +1,24 @@
 network:
   ethernets:
+    ens18:
+      addresses:
+      - {{ ansible_host }}{{ ansible_host_net }}
+      - {{ ansible_host_ipv6 }}{{ ansible_host_ipv6_net }}
+      nameservers:
+        addresses:
+        - 1.1.1.1
+      routes:
+      - to: default
+        via: {{ ipv4_gateway }}
+        table: 42
+      - to: default
+        via: {{ ipv6_gateway }}
+        table: 42
+      routing-policy:
+      - from: {{ ansible_host }}
+        table: 42
+      - from: {{ ansible_host_ipv6 }}
+        table: 42
     ens19:
       dhcp4: false
       addresses:
@@ -10,5 +29,4 @@ network:
       routes:
       - to: default
         via: {{ core_router }}
-        table: 42
   version: 2

roles/21-install-wireguard/files/postup.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-ip rule add fwmark 0x4 table 42
-iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4
-routeExists=$(ip route show table 42 | grep '172.16.7.1')
-
-if [ -z "$routeExists" ]; then
-    ip route add default via 172.16.7.1 table 42
-fi

roles/21-install-wireguard/tasks/main.yml

@@ -84,16 +84,6 @@
   notify:
     - reconfigure wireguard
 
-- name: Copy PostUp Script
-  ansible.builtin.copy:
-    src: postup.sh
-    dest: /etc/wireguard/postup.sh
-    mode: 755
-  tags:
-    - wg-config
-  notify:
-    - reconfigure wireguard
-
 - name: Start and enable WireGuard service
   ansible.builtin.service:
     name: "wg-quick@vpn01"

roles/21-install-wireguard/templates/wg.conf.j2

@@ -9,9 +9,6 @@ PrivateKey = {{ wireguard_private_key }}
 ListenPort = {{ wireguard_port }}
 MTU = 1380
 
-PostUp = /etc/wireguard/postup.sh
-PostDown = ip route del default via 172.16.7.1 table 42
-
 
 {% if wireguard_unmanaged_peers is defined %}
 # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable