Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Enable IPv6 on Host #1

Merged
stefan merged 4 commits from ipv6_on_host into tdf7 2023-04-17 19:17:21 +00:00
Conversation 0 Commits 4 Files Changed 7 +44 -24
7 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
host_vars/vpn01/vars.yml
View File

@ -2,6 +2,11 @@
### Ansible ### Ansible
### ###
ansible_host: 5.9.220.114 ansible_host: 5.9.220.114
ansible_host_net: /29
ansible_host_ipv6: 2a01:4f8:262:5112::101
ansible_host_ipv6_net: /64
ipv4_gateway: 5.9.220.112
ipv6_gateway: 2a01:4f8:262:5112::3
ansible_port: 22 ansible_port: 22
ansible_ssh_user: root ansible_ssh_user: root
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3

5
host_vars/vpn02/vars.yml
View File

@ -1,4 +1,9 @@
ansible_host: 5.9.220.115 ansible_host: 5.9.220.115
ansible_host_net: /29
ansible_host_ipv6: 2a01:4f8:262:5112::102
ansible_host_ipv6_net: /64
ipv4_gateway: 5.9.220.112
ipv6_gateway: 2a01:4f8:262:5112::3
ansible_port: 22 ansible_port: 22
ansible_ssh_user: root ansible_ssh_user: root
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3

16
roles/01-vpn-offloader-setup/tasks/main.yml
View File

@ -48,10 +48,24 @@
state: latest state: latest
update_cache: yes update_cache: yes
- name: Find all Netplan Files without of the freifunk file
find:
paths: /etc/netplan/
file_type: file
excludes:
- "01-freifunk.yaml"
register: found_files
- name: Delete files
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ found_files['files'] }}"
- name: Copy Netplan Template for Internal Network - name: Copy Netplan Template for Internal Network
ansible.builtin.template: ansible.builtin.template:
src: netplan.j2 src: netplan.j2
dest: /etc/netplan/01-freifunk-internal.yaml dest: /etc/netplan/01-freifunk.yaml
owner: root owner: root
group: root group: root
mode: 755 mode: 755

20
roles/01-vpn-offloader-setup/templates/netplan.j2
View File

@ -1,5 +1,24 @@
network: network:
ethernets: ethernets:
ens18:
addresses:
- {{ ansible_host }}{{ ansible_host_net }}
- {{ ansible_host_ipv6 }}{{ ansible_host_ipv6_net }}
nameservers:
addresses:
- 1.1.1.1
routes:
- to: default
via: {{ ipv4_gateway }}
table: 42
- to: default
via: {{ ipv6_gateway }}
table: 42
routing-policy:
- from: {{ ansible_host }}
table: 42
- from: {{ ansible_host_ipv6 }}
table: 42
ens19: ens19:
dhcp4: false dhcp4: false
addresses: addresses:
@ -10,5 +29,4 @@ network:
routes: routes:
- to: default - to: default
via: {{ core_router }} via: {{ core_router }}
table: 42
version: 2 version: 2

9
roles/21-install-wireguard/files/postup.sh
View File

@ -1,9 +0,0 @@
#!/bin/sh
ip rule add fwmark 0x4 table 42
iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4
routeExists=$(ip route show table 42 | grep '172.16.7.1')
if [ -z "$routeExists" ]; then
ip route add default via 172.16.7.1 table 42
fi

10
roles/21-install-wireguard/tasks/main.yml
View File

@ -84,16 +84,6 @@
notify: notify:
- reconfigure wireguard - reconfigure wireguard
- name: Copy PostUp Script
ansible.builtin.copy:
src: postup.sh
dest: /etc/wireguard/postup.sh
mode: 755
tags:
- wg-config
notify:
- reconfigure wireguard
- name: Start and enable WireGuard service - name: Start and enable WireGuard service
ansible.builtin.service: ansible.builtin.service:
name: "wg-quick@vpn01" name: "wg-quick@vpn01"

3
roles/21-install-wireguard/templates/wg.conf.j2
View File

@ -9,9 +9,6 @@ PrivateKey = {{ wireguard_private_key }}
ListenPort = {{ wireguard_port }} ListenPort = {{ wireguard_port }}
MTU = 1380 MTU = 1380
PostUp = /etc/wireguard/postup.sh
PostDown = ip route del default via 172.16.7.1 table 42
{% if wireguard_unmanaged_peers is defined %} {% if wireguard_unmanaged_peers is defined %}
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable