Enable IPv6 on Host #1
@ -1,4 +1,9 @@
|
||||
ansible_host: 5.9.220.115
|
||||
ansible_host_net: /29
|
||||
ansible_host_ipv6: 2a01:4f8:262:5112::102
|
||||
ansible_host_ipv6_net: /64
|
||||
ipv4_gateway: 5.9.220.112
|
||||
ipv6_gateway: 2a01:4f8:262:5112::3
|
||||
ansible_port: 22
|
||||
ansible_ssh_user: root
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
@ -14,7 +14,7 @@ all:
|
||||
children:
|
||||
vpn_offloader_wireguard:
|
||||
hosts:
|
||||
vpn01:
|
||||
#vpn01:
|
||||
vpn02:
|
||||
freifunk_supernodes:
|
||||
hosts:
|
||||
|
@ -48,10 +48,24 @@
|
||||
state: latest
|
||||
update_cache: yes
|
||||
|
||||
- name: Find all Netplan Files without of the freifunk file
|
||||
find:
|
||||
paths: /etc/netplan/
|
||||
file_type: file
|
||||
excludes:
|
||||
- "01-freifunk.yaml"
|
||||
register: found_files
|
||||
|
||||
- name: Delete files
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
with_items: "{{ found_files['files'] }}"
|
||||
|
||||
- name: Copy Netplan Template for Internal Network
|
||||
ansible.builtin.template:
|
||||
src: netplan.j2
|
||||
dest: /etc/netplan/01-freifunk-internal.yaml
|
||||
dest: /etc/netplan/01-freifunk.yaml
|
||||
owner: root
|
||||
group: root
|
||||
mode: 755
|
||||
|
@ -1,5 +1,24 @@
|
||||
network:
|
||||
ethernets:
|
||||
ens18:
|
||||
addresses:
|
||||
- {{ ansible_host }}{{ ansible_host_net }}
|
||||
- {{ ansible_host_ipv6 }}{{ ansible_host_ipv6_net }}
|
||||
nameservers:
|
||||
addresses:
|
||||
- 1.1.1.1
|
||||
routes:
|
||||
- to: default
|
||||
via: {{ ipv4_gateway }}
|
||||
table: 88
|
||||
- to: default
|
||||
via: {{ ipv6_gateway }}
|
||||
table: 88
|
||||
routing-policy:
|
||||
- from: {{ ansible_host }}
|
||||
table: 88
|
||||
- from: {{ ansible_host_ipv6 }}
|
||||
table: 88
|
||||
ens19:
|
||||
dhcp4: false
|
||||
addresses:
|
||||
@ -10,5 +29,4 @@ network:
|
||||
routes:
|
||||
- to: default
|
||||
via: {{ core_router }}
|
||||
table: 42
|
||||
version: 2
|
@ -1,9 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
ip rule add fwmark 0x4 table 42
|
||||
iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
||||
routeExists=$(ip route show table 42 | grep '172.16.7.1')
|
||||
|
||||
if [ -z "$routeExists" ]; then
|
||||
ip route add default via 172.16.7.1 table 42
|
||||
fi
|
@ -84,16 +84,6 @@
|
||||
notify:
|
||||
- reconfigure wireguard
|
||||
|
||||
- name: Copy PostUp Script
|
||||
ansible.builtin.copy:
|
||||
src: postup.sh
|
||||
dest: /etc/wireguard/postup.sh
|
||||
mode: 755
|
||||
tags:
|
||||
- wg-config
|
||||
notify:
|
||||
- reconfigure wireguard
|
||||
|
||||
- name: Start and enable WireGuard service
|
||||
ansible.builtin.service:
|
||||
name: "wg-quick@vpn01"
|
||||
|
@ -9,9 +9,6 @@ PrivateKey = {{ wireguard_private_key }}
|
||||
ListenPort = {{ wireguard_port }}
|
||||
MTU = 1380
|
||||
|
||||
PostUp = /etc/wireguard/postup.sh
|
||||
PostDown = ip route del default via 172.16.7.1 table 42
|
||||
|
||||
|
||||
{% if wireguard_unmanaged_peers is defined %}
|
||||
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
|
||||
|
Loading…
Reference in New Issue
Block a user