Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

network configuration for ubuntu

Browse source
This commit is contained in:
histausse 2021-07-10 02:39:21 +02:00
parent d6f55bff2e
commit 9aec5310fc
Signed by: histausse
GPG key ID: 67486F107F62E9E9
11 changed files with 66 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
books/base.yml
View file

@ -2,9 +2,10 @@
--- ---
- hosts: vpn, !tests, - hosts: vpn, !tests,
roles: roles:
- vpn
- client_apt_proxy - client_apt_proxy
- hosts: all, !tests, - hosts: all, tests,
roles: roles:
- networking - networking
- base_config - base_config

6
host_vars/hindley/networking.yml
View file

@ -1,11 +1,7 @@
--- ---
interfaces: interfaces:
enp2s0: enp2s0:
ipv4: 45.66.110.3 type: dhcp
netmaskv4: 24
type: static
routes:
- {subnet: 0.0.0.0, netmask: 0, gateway: 45.66.110.254}
wg0: wg0:
ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}" ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}" netmaskv4: "{{ intranet.netmaskv4 }}"

2
host_vars/vm5/ansible.yml Normal file
View file

@ -0,0 +1,2 @@
---
ansible_host: "vm5"

10
host_vars/vm5/networking.yml Normal file
View file

@ -0,0 +1,10 @@
---
interfaces:
enp0s3:
ipv4: 10.0.2.9
netmaskv4: 24
type: static
gateway: 10.0.2.1
ipv4_forwarding: false
ipv6_forwarding: false

5
roles/base_config/tasks/main.yml
View file

@ -22,11 +22,6 @@
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Upgrade all
apt:
update_cache: yes
upgrade: dist
- name: Customize motd - name: Customize motd
copy: copy:
src: "update-motd.d/{{ item }}" src: "update-motd.d/{{ item }}"

4
roles/networking/handlers/main.yml
View file

@ -7,3 +7,7 @@
systemd: systemd:
name: dhcpcd name: dhcpcd
state: restarted state: restarted
- name: Apply netplan ubuntu
become: true
command: netplan apply

12
roles/networking/tasks/main.yml
View file

@ -1,6 +1,6 @@
--- ---
- name: Install wireguard - name: Install ifupdown2
apt: apt:
name: name:
- ifupdown2 - ifupdown2
@ -9,6 +9,7 @@
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
when: ansible_facts["lsb"]["id"] == "Debian"
- name: Enable ipv4 forwarding - name: Enable ipv4 forwarding
ansible.posix.sysctl: ansible.posix.sysctl:
@ -58,3 +59,12 @@
notify: Restart dhcpcd raspbian notify: Restart dhcpcd raspbian
when: ansible_facts["lsb"]["id"] == "Raspbian" when: ansible_facts["lsb"]["id"] == "Raspbian"
- name: Create netplan config files
ansible.builtin.template:
src: "ubuntu_00-installer-config.yaml.j2"
dest: "/etc/netplan/00-installer-config.yaml"
owner: root
group: root
mode: '644'
notify: Apply netplan ubuntu
when: ansible_facts["lsb"]["id"] == "Ubuntu"

2
roles/networking/templates/debian_interfaces.j2
View file

@ -4,7 +4,7 @@
auto lo auto lo
iface lo inet loopback iface lo inet loopback
{% for item in lookup('dict', interfaces) %} {% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', ] %} {% if item.value.type not in ['wireguard', ] %}
auto {{ item.key }} auto {{ item.key }}
{% if item.value.type == 'dhcp' %} {% if item.value.type == 'dhcp' %}

2
roles/networking/templates/raspbian_dhcpcd.conf.j2
View file

@ -42,7 +42,7 @@ require dhcp_server_identifier
# OR generate Stable Private IPv6 Addresses based from the DUID # OR generate Stable Private IPv6 Addresses based from the DUID
slaac private slaac private
{% for item in lookup('dict', interfaces) %} {% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type == 'static' %} {% if item.value.type == 'static' %}
interface {{ item.key }} interface {{ item.key }}
{% if 'ipv4' in item.value %} {% if 'ipv4' in item.value %}

32
roles/networking/templates/ubuntu_00-installer-config.yaml.j2 Normal file
View file

@ -0,0 +1,32 @@
{{ ansible_managed | comment }}
network:
ethernets:
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', ] %}
{{ item.key }}:
{% if item.value.type == 'dhcp' %}
dhcp4: true
{% elif item.value.type == 'static' %}
dhcp4: false
addresses:
- {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% if 'gateway' in item.value %}
gateway4: {{ item.value.gateway }}
{% endif %}
nameservers:
addresses:
- 1.1.1.1
{# the nameservers are hardcoded for now #}
{% endif %}{# end (type == *) #}
{% if 'routes' in item.value %}{# routes #}
routes:
{% for route in item.value.routes %}
- to: {{ route.subnet }}/{{ route.netmask }}
via: {{ route.gateway }}
metric: 100
{% endfor %}
{% endif %}{# end routes #}
{% endif %}{# end (not in [wireguard, ]) #}
{% endfor %}
version: 2

4
roles/vpn/tasks/main.yml
View file

@ -37,7 +37,7 @@
mode: '600' mode: '600'
notify: Restart wireguard for interface notify: Restart wireguard for interface
loop: loop:
- "{{ lookup('dict', vpn_interfaces) }}" - "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
no_log: true no_log: true
- name: Enable interface - name: Enable interface
@ -46,5 +46,5 @@
state: started state: started
enabled: yes enabled: yes
loop: loop:
- "{{ lookup('dict', vpn_interfaces) }}" - "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
no_log: true no_log: true