ansible.fftdf.supernode/roles/10-freifunk-supernode/tasks/main.yml
2023-04-08 14:49:34 +02:00

123 lines
3.1 KiB
YAML

---
# tasks file for 10-freifunk-supernode
# Install basic packages for Supernode
- name: Install all Packages
ansible.builtin.apt:
name:
- batctl
- iptables-persistent
- conntrack
state: latest
update_cache: yes
## IP Forwarding
- name: IPv4-Paketweiterleitung aktivieren
sysctl:
name: "net.ipv4.conf.all.forwarding"
value: 1
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-ip_forwarding.conf
- name: IPv6-Paketweiterleitung aktivieren
sysctl:
name: "net.ipv6.conf.all.forwarding"
value: 1
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-ip_forwarding.conf
- name: sysctl Reverse-Path-Filter default deaktivieren - Quellroute nicht prüfen
sysctl:
name: "net.ipv4.conf.default.rp_filter"
value: 0
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-ip_forwarding.conf
- name: sysctl Reverse-Path-Filter all deaktivieren - Quellroute nicht prüfen
sysctl:
name: "net.ipv4.conf.all.rp_filter"
value: 0
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-ip_forwarding.conf
- name: Create Routing Table 42
ansible.builtin.lineinfile:
path: /etc/iproute2/rt_tables
line: 42 ffrl
create: yes
## Contrack
- name: Enable nf_conntrack_ipv4 module
modprobe:
name: nf_conntrack_ipv4
state: present
when: ansible_kernel is version_compare('4.19', '<')
- name: Enable nf_conntrack_ipv4 on system startup
blockinfile:
path: /etc/modules
marker: "# {mark} Ansible managed block"
block: |
nf_conntrack_ipv4
when: ansible_kernel is version_compare('4.19', '<')
- name: Enable nf_conntrack module
modprobe:
name: nf_conntrack
state: present
when: ansible_kernel is version_compare('4.19', '>=')
- name: Enable nf_conntrack on system startup
blockinfile:
path: /etc/modules
marker: "# {mark} Ansible managed block"
block: |
nf_conntrack
when: ansible_kernel is version_compare('4.19', '>=')
- name: Set nf_conntrack_max to a higher value
sysctl:
name: "net.netfilter.nf_conntrack_max"
value: 524288
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-netfilter.conf
- name: Set nf_conntrack_tcp_timeout_established to 86400 (one day)
sysctl:
name: "net.netfilter.nf_conntrack_tcp_timeout_established"
value: 86400
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-netfilter.conf
- name: Set nf_conntrack_tcp_timeout_time_wait to 60
sysctl:
name: "net.netfilter.nf_conntrack_tcp_timeout_time_wait"
value: 60
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/ff-netfilter.conf
- name: Get current nf_conntrack hashsize
shell: "cat /sys/module/nf_conntrack/parameters/hashsize"
register: nf_conntrack_hashsize
changed_when: false
check_mode: no
- name: Set nf_conntrack hashsize to a higher value
shell: "echo 32768 > /sys/module/nf_conntrack/parameters/hashsize"
when: "nf_conntrack_hashsize.stdout != '32768'"