ansible/roles/router/tasks/main.yml

99 lines
2.4 KiB
YAML
Raw Permalink Normal View History

2020-05-08 15:54:54 +02:00
---
# XXX: YES, this is ugly as fuck.
- name: set IP suffix (main)
set_fact:
2020-11-04 20:11:31 +01:00
router_hard_ip_suffix: 240
when: "'backup' not in ansible_hostname"
- name: set IP suffix (backup)
set_fact:
2020-11-04 20:11:31 +01:00
router_hard_ip_suffix: 140
when: "'backup' in ansible_hostname"
2020-05-08 15:54:54 +02:00
- name: Enable IPv4 packet forwarding
2020-05-21 18:06:37 +02:00
ansible.posix.sysctl:
2020-05-08 15:54:54 +02:00
name: net.ipv4.ip_forward
value: '1'
2020-11-04 19:58:54 +01:00
sysctl_set: true
- name: Enable IPv6 packet forwarding
ansible.posix.sysctl:
2020-08-01 17:48:39 +02:00
name: net.ipv6.conf.all.forwarding
value: '1'
2020-11-04 19:58:54 +01:00
sysctl_set: true
2020-05-08 15:54:54 +02:00
- name: Configure /etc/network/interfaces for routeur-aurore*
template:
src: interfaces-aurore
dest: /etc/network/interfaces
mode: 0644
when: "'routeur-aurore' in ansible_hostname"
- name: Install ipset
apt:
name: ipset
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
2020-05-08 15:54:54 +02:00
- name: Install aurore-firewall (re2o-service)
import_role:
name: re2o_service
2020-05-08 15:54:54 +02:00
vars:
service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git
2020-05-08 15:54:54 +02:00
service_name: aurore-firewall
service_version: aurore
service_config:
hostname: re2o.auro.re
username: service-user
password: "{{ vault_serviceuser_passwd }}"
notify: run aurore-firewall
- name: Configure aurore-firewall for local router
2020-05-08 15:54:54 +02:00
template:
src: firewall_config.py
dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
mode: 0644
notify: run aurore-firewall
when: "'routeur-aurore' not in ansible_hostname"
- name: Configure aurore-firewall for routeur-aurore*
template:
src: firewall_config_aurore.py
dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
mode: 0644
notify: run aurore-firewall
when: "'routeur-aurore' in ansible_hostname"
2020-05-08 15:54:54 +02:00
- name: Install keepalived
apt:
name: keepalived
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: configure keepalived for local router
2020-05-08 15:54:54 +02:00
template:
src: keepalived.conf
dest: /etc/keepalived/keepalived.conf
mode: 0644
notify: Reload keepalived
when: "'routeur-aurore' not in ansible_hostname"
2020-05-08 15:54:54 +02:00
- name: configure keepalived for routeur-aurore*
template:
src: keepalived-aurore.conf
dest: /etc/keepalived/keepalived.conf
mode: 0644
notify: Reload keepalived
when: "'routeur-aurore' in ansible_hostname"
2020-05-08 15:54:54 +02:00
- name: Configure cron
template:
src: cron.d/re2o-services
dest: /etc/cron.d/re2o-services
mode: 0644