From 9aec5310fcbd10320c13a928310d79bf9cdc0725 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Sat, 10 Jul 2021 02:39:21 +0200
Subject: [PATCH] network configuration for ubuntu

---
 books/base.yml                                |  3 +-
 host_vars/hindley/networking.yml              |  6 +---
 host_vars/vm5/ansible.yml                     |  2 ++
 host_vars/vm5/networking.yml                  | 10 ++++++
 roles/base_config/tasks/main.yml              |  5 ---
 roles/networking/handlers/main.yml            |  4 +++
 roles/networking/tasks/main.yml               | 12 ++++++-
 .../networking/templates/debian_interfaces.j2 |  2 +-
 .../templates/raspbian_dhcpcd.conf.j2         |  2 +-
 .../ubuntu_00-installer-config.yaml.j2        | 32 +++++++++++++++++++
 roles/vpn/tasks/main.yml                      |  4 +--
 11 files changed, 66 insertions(+), 16 deletions(-)
 create mode 100644 host_vars/vm5/ansible.yml
 create mode 100644 host_vars/vm5/networking.yml
 create mode 100644 roles/networking/templates/ubuntu_00-installer-config.yaml.j2

diff --git a/books/base.yml b/books/base.yml
index 3822d34..46e4e87 100644
--- a/books/base.yml
+++ b/books/base.yml
@@ -2,9 +2,10 @@
 ---
 - hosts: vpn, !tests,
   roles:
+    - vpn
     - client_apt_proxy
 
-- hosts: all, !tests,
+- hosts: all, tests,
   roles:
     - networking
     - base_config
diff --git a/host_vars/hindley/networking.yml b/host_vars/hindley/networking.yml
index d8b6318..f39efa6 100644
--- a/host_vars/hindley/networking.yml
+++ b/host_vars/hindley/networking.yml
@@ -1,11 +1,7 @@
 ---
 interfaces:
   enp2s0:
-    ipv4: 45.66.110.3
-    netmaskv4: 24
-    type: static
-    routes:
-      - {subnet: 0.0.0.0, netmask: 0, gateway: 45.66.110.254}
+    type: dhcp
   wg0:
     ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
     netmaskv4: "{{ intranet.netmaskv4 }}"
diff --git a/host_vars/vm5/ansible.yml b/host_vars/vm5/ansible.yml
new file mode 100644
index 0000000..30c6274
--- /dev/null
+++ b/host_vars/vm5/ansible.yml
@@ -0,0 +1,2 @@
+---
+ansible_host: "vm5"
diff --git a/host_vars/vm5/networking.yml b/host_vars/vm5/networking.yml
new file mode 100644
index 0000000..5c52c51
--- /dev/null
+++ b/host_vars/vm5/networking.yml
@@ -0,0 +1,10 @@
+---
+interfaces:
+  enp0s3:
+    ipv4: 10.0.2.9
+    netmaskv4: 24
+    type: static
+    gateway: 10.0.2.1
+
+ipv4_forwarding: false
+ipv6_forwarding: false
diff --git a/roles/base_config/tasks/main.yml b/roles/base_config/tasks/main.yml
index 892f3d7..7e0525b 100644
--- a/roles/base_config/tasks/main.yml
+++ b/roles/base_config/tasks/main.yml
@@ -22,11 +22,6 @@
   retries: 3
   until: apt_result is succeeded
 
-- name: Upgrade all
-  apt:
-    update_cache: yes
-    upgrade: dist
-
 - name: Customize motd
   copy:
     src: "update-motd.d/{{ item }}"
diff --git a/roles/networking/handlers/main.yml b/roles/networking/handlers/main.yml
index a38fd58..db6d64c 100644
--- a/roles/networking/handlers/main.yml
+++ b/roles/networking/handlers/main.yml
@@ -7,3 +7,7 @@
   systemd:
     name: dhcpcd
     state: restarted
+
+- name: Apply netplan ubuntu
+  become: true
+  command: netplan apply
diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml
index 0b7668a..1eaa78c 100644
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Install wireguard
+- name: Install ifupdown2
   apt:
     name:
       - ifupdown2
@@ -9,6 +9,7 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
+  when: ansible_facts["lsb"]["id"] == "Debian"
 
 - name: Enable ipv4 forwarding
   ansible.posix.sysctl:
@@ -58,3 +59,12 @@
   notify: Restart dhcpcd raspbian
   when: ansible_facts["lsb"]["id"] == "Raspbian"
 
+- name: Create netplan config files
+  ansible.builtin.template:
+    src: "ubuntu_00-installer-config.yaml.j2"
+    dest: "/etc/netplan/00-installer-config.yaml"
+    owner: root
+    group: root
+    mode: '644'
+  notify: Apply netplan ubuntu
+  when: ansible_facts["lsb"]["id"] == "Ubuntu"
diff --git a/roles/networking/templates/debian_interfaces.j2 b/roles/networking/templates/debian_interfaces.j2
index a4d35c1..32cef46 100644
--- a/roles/networking/templates/debian_interfaces.j2
+++ b/roles/networking/templates/debian_interfaces.j2
@@ -4,7 +4,7 @@
 auto lo
 iface lo inet loopback
 
-{% for item in lookup('dict', interfaces) %}
+{% for item in lookup('dict', interfaces, wantlist=True) %}
 {% if item.value.type not in ['wireguard', ] %}
 auto {{ item.key }}
 {% if item.value.type == 'dhcp' %}
diff --git a/roles/networking/templates/raspbian_dhcpcd.conf.j2 b/roles/networking/templates/raspbian_dhcpcd.conf.j2
index 226e804..f34a420 100644
--- a/roles/networking/templates/raspbian_dhcpcd.conf.j2
+++ b/roles/networking/templates/raspbian_dhcpcd.conf.j2
@@ -42,7 +42,7 @@ require dhcp_server_identifier
 # OR generate Stable Private IPv6 Addresses based from the DUID
 slaac private
 
-{% for item in lookup('dict', interfaces) %}
+{% for item in lookup('dict', interfaces, wantlist=True) %}
 {% if item.value.type == 'static' %}
 interface {{ item.key }}
 {% if 'ipv4' in item.value %}
diff --git a/roles/networking/templates/ubuntu_00-installer-config.yaml.j2 b/roles/networking/templates/ubuntu_00-installer-config.yaml.j2
new file mode 100644
index 0000000..7a9c251
--- /dev/null
+++ b/roles/networking/templates/ubuntu_00-installer-config.yaml.j2
@@ -0,0 +1,32 @@
+{{ ansible_managed | comment }}
+
+network:
+  ethernets:
+{% for item in lookup('dict', interfaces, wantlist=True) %}
+{% if item.value.type not in ['wireguard', ] %}
+    {{ item.key }}:
+{% if item.value.type == 'dhcp' %}
+      dhcp4: true
+{% elif item.value.type == 'static' %}
+      dhcp4: false
+      addresses:
+        - {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
+{% if 'gateway' in item.value %}
+      gateway4: {{ item.value.gateway }}
+{% endif %}
+      nameservers:
+        addresses:
+          - 1.1.1.1
+{# the nameservers are hardcoded for now #}
+{% endif %}{# end (type == *) #}
+{% if 'routes' in item.value %}{# routes #}
+      routes:
+{% for route in item.value.routes %}
+        - to: {{ route.subnet }}/{{ route.netmask }}
+          via: {{ route.gateway }}
+          metric: 100
+{% endfor %}
+{% endif %}{# end routes #}
+{% endif %}{# end (not in [wireguard, ]) #}
+{% endfor %}
+  version: 2
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 00d417e..3a9cf44 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -37,7 +37,7 @@
     mode: '600'
   notify: Restart wireguard for interface
   loop:
-    - "{{ lookup('dict', vpn_interfaces) }}"
+    - "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
   no_log: true
 
 - name: Enable interface
@@ -46,5 +46,5 @@
     state: started
     enabled: yes
   loop:
-    - "{{ lookup('dict', vpn_interfaces) }}"
+    - "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
   no_log: true