network configuration for ubuntu

2021-07-10 02:39:21 +02:00 · 2021-07-10 02:39:21 +02:00 · 9aec5310fc
commit 9aec5310fc
parent d6f55bff2e
11 changed files with 66 additions and 16 deletions
--- a/books/base.yml
+++ b/books/base.yml
@ -2,9 +2,10 @@
 ---
 - hosts: vpn, !tests,
  roles:
+    - vpn
    - client_apt_proxy

- hosts: all, !tests,
+- hosts: all, tests,
  roles:
    - networking
    - base_config
--- a/host_vars/hindley/networking.yml
+++ b/host_vars/hindley/networking.yml
@ -1,11 +1,7 @@
 ---
 interfaces:
  enp2s0:
-    ipv4: 45.66.110.3
-    netmaskv4: 24
-    type: static
-    routes:
-      - {subnet: 0.0.0.0, netmask: 0, gateway: 45.66.110.254}
+    type: dhcp
  wg0:
    ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
    netmaskv4: "{{ intranet.netmaskv4 }}"
--- a/host_vars/vm5/ansible.yml
+++ b/host_vars/vm5/ansible.yml
@ -0,0 +1,2 @@
+---
+ansible_host: "vm5"
--- a/host_vars/vm5/networking.yml
+++ b/host_vars/vm5/networking.yml
@ -0,0 +1,10 @@
+---
+interfaces:
+  enp0s3:
+    ipv4: 10.0.2.9
+    netmaskv4: 24
+    type: static
+    gateway: 10.0.2.1
+
+ipv4_forwarding: false
+ipv6_forwarding: false
--- a/roles/base_config/tasks/main.yml
+++ b/roles/base_config/tasks/main.yml
@ -22,11 +22,6 @@
  retries: 3
  until: apt_result is succeeded

- name: Upgrade all
-  apt:
-    update_cache: yes
-    upgrade: dist
-
 - name: Customize motd
  copy:
    src: "update-motd.d/{{ item }}"
--- a/roles/networking/handlers/main.yml
+++ b/roles/networking/handlers/main.yml
@ -7,3 +7,7 @@
  systemd:
    name: dhcpcd
    state: restarted
+
+- name: Apply netplan ubuntu
+  become: true
+  command: netplan apply
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@ -1,6 +1,6 @@
 ---

- name: Install wireguard
+- name: Install ifupdown2
  apt:
    name:
      - ifupdown2
@ -9,6 +9,7 @@
  register: apt_result
  retries: 3
  until: apt_result is succeeded
+  when: ansible_facts["lsb"]["id"] == "Debian"

 - name: Enable ipv4 forwarding
  ansible.posix.sysctl:
@ -58,3 +59,12 @@
  notify: Restart dhcpcd raspbian
  when: ansible_facts["lsb"]["id"] == "Raspbian"

+- name: Create netplan config files
+  ansible.builtin.template:
+    src: "ubuntu_00-installer-config.yaml.j2"
+    dest: "/etc/netplan/00-installer-config.yaml"
+    owner: root
+    group: root
+    mode: '644'
+  notify: Apply netplan ubuntu
+  when: ansible_facts["lsb"]["id"] == "Ubuntu"
--- a/roles/networking/templates/debian_interfaces.j2
+++ b/roles/networking/templates/debian_interfaces.j2
@ -4,7 +4,7 @@
 auto lo
 iface lo inet loopback

-{% for item in lookup('dict', interfaces) %}
+{% for item in lookup('dict', interfaces, wantlist=True) %}
 {% if item.value.type not in ['wireguard', ] %}
 auto {{ item.key }}
 {% if item.value.type == 'dhcp' %}
--- a/roles/networking/templates/raspbian_dhcpcd.conf.j2
+++ b/roles/networking/templates/raspbian_dhcpcd.conf.j2
@ -42,7 +42,7 @@ require dhcp_server_identifier
 # OR generate Stable Private IPv6 Addresses based from the DUID
 slaac private

-{% for item in lookup('dict', interfaces) %}
+{% for item in lookup('dict', interfaces, wantlist=True) %}
 {% if item.value.type == 'static' %}
 interface {{ item.key }}
 {% if 'ipv4' in item.value %}
--- a/roles/networking/templates/ubuntu_00-installer-config.yaml.j2
+++ b/roles/networking/templates/ubuntu_00-installer-config.yaml.j2
@ -0,0 +1,32 @@
+{{ ansible_managed | comment }}
+
+network:
+  ethernets:
+{% for item in lookup('dict', interfaces, wantlist=True) %}
+{% if item.value.type not in ['wireguard', ] %}
+    {{ item.key }}:
+{% if item.value.type == 'dhcp' %}
+      dhcp4: true
+{% elif item.value.type == 'static' %}
+      dhcp4: false
+      addresses:
+        - {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
+{% if 'gateway' in item.value %}
+      gateway4: {{ item.value.gateway }}
+{% endif %}
+      nameservers:
+        addresses:
+          - 1.1.1.1
+{# the nameservers are hardcoded for now #}
+{% endif %}{# end (type == *) #}
+{% if 'routes' in item.value %}{# routes #}
+      routes:
+{% for route in item.value.routes %}
+        - to: {{ route.subnet }}/{{ route.netmask }}
+          via: {{ route.gateway }}
+          metric: 100
+{% endfor %}
+{% endif %}{# end routes #}
+{% endif %}{# end (not in [wireguard, ]) #}
+{% endfor %}
+  version: 2
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -37,7 +37,7 @@
    mode: '600'
  notify: Restart wireguard for interface
  loop:
-    - "{{ lookup('dict', vpn_interfaces) }}"
+    - "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
  no_log: true

 - name: Enable interface
@ -46,5 +46,5 @@
    state: started
    enabled: yes
  loop:
-    - "{{ lookup('dict', vpn_interfaces) }}"
+    - "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
  no_log: true