From 56808e4e60392acbf80c2ae51d29505f06a1c412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= <yberreby@protonmail.ch>
Date: Sat, 1 Aug 2020 15:46:41 +0200
Subject: [PATCH] wip: begin updating 'router' role for IPv6

pending: update virtual routes
---
 roles/router/tasks/main.yml               |  6 ++++++
 roles/router/templates/firewall_config.py |  2 +-
 roles/router/templates/keepalived.conf    | 13 ++++++++++---
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml
index dd7f865..06595a2 100644
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@@ -6,6 +6,12 @@
     value: '1'
     sysctl_set: yes
 
+- name: Enable IPv6 packet forwarding
+  ansible.posix.sysctl:
+    name: net.ipv6.ip_forward
+    value: '1'
+    sysctl_set: yes
+
 - name: Install aurore-firewall (re2o-service)
   import_role:
     name: re2o-service
diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py
index bd013d3..1a3579c 100644
--- a/roles/router/templates/firewall_config.py
+++ b/roles/router/templates/firewall_config.py
@@ -25,7 +25,7 @@
 ### Give me a role
 
 # routeur4 = routeur IPv4
-role = ['routeur4']
+role = ['routeur4', 'routeur6']
 
 
 ### Specify each interface role
diff --git a/roles/router/templates/keepalived.conf b/roles/router/templates/keepalived.conf
index 1bb305e..875c132 100644
--- a/roles/router/templates/keepalived.conf
+++ b/roles/router/templates/keepalived.conf
@@ -26,7 +26,6 @@ vrrp_instance VI_ROUT_{{ apartment_block }} {
   # Timeout in seconds before failover kicks in.
   advert_int 2
 
-
   # Used to authenticate VRRP communication between master and backup.
   authentication {
     auth_type PASS
@@ -38,18 +37,26 @@ vrrp_instance VI_ROUT_{{ apartment_block }} {
   virtual_ipaddress {
         # Routing subnet
         10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
+        {{ ipv6_base_prefix }}:129:0::{{ apartment_block_id }}:254/64 dev ens19 scope global
 
-        # Public subnet: wired
+
+        # NATed subnet: wired
         45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
-        # Public subnet: wifi
+
+        # NATed subnet: wifi
         45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
 
         # Wired
         10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
+        {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:254/64 dev ens20 scope global
+
         # Wifi
         10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
+        {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:254/64 dev ens21 scope global
    }
 
+
+  # FIXME: update for IPv6
   virtual_routes {
         # 10.129.0.1 is Yggdrasil
         src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19