network configuration for ubuntu

This commit is contained in:
histausse 2021-07-10 02:39:21 +02:00
parent d6f55bff2e
commit 9aec5310fc
Signed by: histausse
GPG key ID: 67486F107F62E9E9
11 changed files with 66 additions and 16 deletions

View file

@ -2,9 +2,10 @@
---
- hosts: vpn, !tests,
roles:
- vpn
- client_apt_proxy
- hosts: all, !tests,
- hosts: all, tests,
roles:
- networking
- base_config

View file

@ -1,11 +1,7 @@
---
interfaces:
enp2s0:
ipv4: 45.66.110.3
netmaskv4: 24
type: static
routes:
- {subnet: 0.0.0.0, netmask: 0, gateway: 45.66.110.254}
type: dhcp
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"

View file

@ -0,0 +1,2 @@
---
ansible_host: "vm5"

View file

@ -0,0 +1,10 @@
---
interfaces:
enp0s3:
ipv4: 10.0.2.9
netmaskv4: 24
type: static
gateway: 10.0.2.1
ipv4_forwarding: false
ipv6_forwarding: false

View file

@ -22,11 +22,6 @@
retries: 3
until: apt_result is succeeded
- name: Upgrade all
apt:
update_cache: yes
upgrade: dist
- name: Customize motd
copy:
src: "update-motd.d/{{ item }}"

View file

@ -7,3 +7,7 @@
systemd:
name: dhcpcd
state: restarted
- name: Apply netplan ubuntu
become: true
command: netplan apply

View file

@ -1,6 +1,6 @@
---
- name: Install wireguard
- name: Install ifupdown2
apt:
name:
- ifupdown2
@ -9,6 +9,7 @@
register: apt_result
retries: 3
until: apt_result is succeeded
when: ansible_facts["lsb"]["id"] == "Debian"
- name: Enable ipv4 forwarding
ansible.posix.sysctl:
@ -58,3 +59,12 @@
notify: Restart dhcpcd raspbian
when: ansible_facts["lsb"]["id"] == "Raspbian"
- name: Create netplan config files
ansible.builtin.template:
src: "ubuntu_00-installer-config.yaml.j2"
dest: "/etc/netplan/00-installer-config.yaml"
owner: root
group: root
mode: '644'
notify: Apply netplan ubuntu
when: ansible_facts["lsb"]["id"] == "Ubuntu"

View file

@ -4,7 +4,7 @@
auto lo
iface lo inet loopback
{% for item in lookup('dict', interfaces) %}
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', ] %}
auto {{ item.key }}
{% if item.value.type == 'dhcp' %}

View file

@ -42,7 +42,7 @@ require dhcp_server_identifier
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
{% for item in lookup('dict', interfaces) %}
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type == 'static' %}
interface {{ item.key }}
{% if 'ipv4' in item.value %}

View file

@ -0,0 +1,32 @@
{{ ansible_managed | comment }}
network:
ethernets:
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', ] %}
{{ item.key }}:
{% if item.value.type == 'dhcp' %}
dhcp4: true
{% elif item.value.type == 'static' %}
dhcp4: false
addresses:
- {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% if 'gateway' in item.value %}
gateway4: {{ item.value.gateway }}
{% endif %}
nameservers:
addresses:
- 1.1.1.1
{# the nameservers are hardcoded for now #}
{% endif %}{# end (type == *) #}
{% if 'routes' in item.value %}{# routes #}
routes:
{% for route in item.value.routes %}
- to: {{ route.subnet }}/{{ route.netmask }}
via: {{ route.gateway }}
metric: 100
{% endfor %}
{% endif %}{# end routes #}
{% endif %}{# end (not in [wireguard, ]) #}
{% endfor %}
version: 2

View file

@ -37,7 +37,7 @@
mode: '600'
notify: Restart wireguard for interface
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
- "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
no_log: true
- name: Enable interface
@ -46,5 +46,5 @@
state: started
enabled: yes
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
- "{{ lookup('dict', vpn_interfaces, wantlist=True) }}"
no_log: true