add bridge support for debian

This commit is contained in:
histausse 2021-07-11 02:55:12 +02:00
parent b9240ef965
commit 3e08fde515
Signed by: histausse
GPG key ID: 67486F107F62E9E9
3 changed files with 37 additions and 4 deletions

View file

@ -1,11 +1,20 @@
---
interfaces:
enp0s3:
type: void
br0:
ipv4: 10.0.2.5
netmaskv4: 24
type: static
routes:
- {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1}
bridge: true
gateway: 10.0.2.1
interfaces:
- enp0s3
br1:
type: manual
bridge: true
interfaces:
- enp0s3.42
wg0:
ipv4: "{{ intranet.subnets.test.subnets.vm1.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"

View file

@ -11,6 +11,18 @@
until: apt_result is succeeded
when: ansible_facts["lsb"]["id"] == "Debian"
- name: Install bridge-utils
apt:
name:
- bridge-utils
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
when: (ansible_facts["lsb"]["id"] == "Debian") and
(lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list)
- name: Enable ipv4 forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward

View file

@ -5,12 +5,14 @@ auto lo
iface lo inet loopback
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', ] %}
{% if item.value.type not in ['wireguard', 'void', ] %}
auto {{ item.key }}
{% if item.value.type == 'dhcp' %}
iface {{ item.key }} inet dhcp
{% elif item.value.type == 'static' %}
iface {{ item.key }} inet static
{% elif item.value.type == 'manual' %}
iface {{ item.key }} inet manual
{% endif %}
{% if 'routes' in item.value %}{# route up #}
{% for route in item.value.routes %}
@ -23,11 +25,21 @@ iface {{ item.key }} inet static
{% if 'gateway' in item.value %}
gateway {{ item.value.gateway }}
{% endif %}
{% if 'bridge' in item.value and item.value.bridge %}
{% if 'interfaces' in item.value and item.value.interfaces %}
bridge-ports {{ item.value.interfaces | join(' ') }}
{% endif %}
bridge-stp off
bridge-fd 0
{% endif %}
{% if 'routes' in item.value %}{# route dw #}
{% for route in item.value.routes %}
post-down ip route del {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}{# end route dw #}
{% endif %}{# end (not in [wireguard, ]) #}
{% elif item.value.type == 'void' %}{# end (not in [wireguard, void, ]) #}
iface {{ item.key }} inet manual
{% endif %}
{% endfor %}