2023-04-17 19:17:21 +00:00
7 changed files with 44 additions and 24 deletions
--- a/host_vars/vpn01/vars.yml
+++ b/host_vars/vpn01/vars.yml
@ -2,6 +2,11 @@
 ### Ansible
 ###
 ansible_host: 5.9.220.114
+ansible_host_net: /29
+ansible_host_ipv6: 2a01:4f8:262:5112::101
+ansible_host_ipv6_net: /64
+ipv4_gateway: 5.9.220.112
+ipv6_gateway: 2a01:4f8:262:5112::3
 ansible_port: 22
 ansible_ssh_user: root
 ansible_python_interpreter: /usr/bin/python3
--- a/host_vars/vpn02/vars.yml
+++ b/host_vars/vpn02/vars.yml
@ -1,4 +1,9 @@
 ansible_host: 5.9.220.115
+ansible_host_net: /29
+ansible_host_ipv6: 2a01:4f8:262:5112::102
+ansible_host_ipv6_net: /64
+ipv4_gateway: 5.9.220.112
+ipv6_gateway: 2a01:4f8:262:5112::3
 ansible_port: 22
 ansible_ssh_user: root
 ansible_python_interpreter: /usr/bin/python3
--- a/roles/01-vpn-offloader-setup/tasks/main.yml
+++ b/roles/01-vpn-offloader-setup/tasks/main.yml
@ -48,10 +48,24 @@
    state: latest
    update_cache: yes

+- name: Find all Netplan Files without of the freifunk file 
+  find:
+    paths: /etc/netplan/
+    file_type: file
+    excludes: 
+      - "01-freifunk.yaml"
+  register: found_files
+
+- name: Delete files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ found_files['files'] }}"
+
 - name: Copy Netplan Template for Internal Network
  ansible.builtin.template:
    src: netplan.j2
-    dest: /etc/netplan/01-freifunk-internal.yaml
+    dest: /etc/netplan/01-freifunk.yaml
    owner: root
    group: root
    mode: 755
--- a/roles/01-vpn-offloader-setup/templates/netplan.j2
+++ b/roles/01-vpn-offloader-setup/templates/netplan.j2
@ -1,5 +1,24 @@
 network:
  ethernets:
+    ens18:
+      addresses:
+      - {{ ansible_host }}{{ ansible_host_net }}
+      - {{ ansible_host_ipv6 }}{{ ansible_host_ipv6_net }}
+      nameservers:
+        addresses:
+        - 1.1.1.1
+      routes:
+      - to: default
+        via: {{ ipv4_gateway }}
+        table: 42
+      - to: default
+        via: {{ ipv6_gateway }}
+        table: 42
+      routing-policy:
+      - from: {{ ansible_host }}
+        table: 42
+      - from: {{ ansible_host_ipv6 }}
+        table: 42
    ens19:
      dhcp4: false
      addresses:
@ -10,5 +29,4 @@ network:
      routes:
      - to: default
        via: {{ core_router }}
-        table: 42
  version: 2
--- a/roles/21-install-wireguard/files/postup.sh
+++ b/roles/21-install-wireguard/files/postup.sh
@ -1,9 +0,0 @@
-#!/bin/sh
-
-ip rule add fwmark 0x4 table 42
-iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4
-routeExists=$(ip route show table 42 | grep '172.16.7.1')
-
-if [ -z "$routeExists" ]; then
-    ip route add default via 172.16.7.1 table 42
-fi
--- a/roles/21-install-wireguard/tasks/main.yml
+++ b/roles/21-install-wireguard/tasks/main.yml
@ -84,16 +84,6 @@
  notify:
    - reconfigure wireguard

- name: Copy PostUp Script
-  ansible.builtin.copy:
-    src: postup.sh
-    dest: /etc/wireguard/postup.sh
-    mode: 755
-  tags:
-    - wg-config
-  notify:
-    - reconfigure wireguard
-
 - name: Start and enable WireGuard service
  ansible.builtin.service:
    name: "wg-quick@vpn01"
--- a/roles/21-install-wireguard/templates/wg.conf.j2
+++ b/roles/21-install-wireguard/templates/wg.conf.j2
@ -9,9 +9,6 @@ PrivateKey = {{ wireguard_private_key }}
 ListenPort = {{ wireguard_port }}
 MTU = 1380

-PostUp = /etc/wireguard/postup.sh
-PostDown = ip route del default via 172.16.7.1 table 42
-

 {% if wireguard_unmanaged_peers is defined %}
 # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable