From 3d2ce8f79f2e5c0ad7de0352ccb8ded9e1ebbf4a Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Fri, 26 Aug 2022 10:13:37 +0200
Subject: [PATCH 1/7] ifupdown2: add minimal role

---
 roles/ifupdown2/tasks/main.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 roles/ifupdown2/tasks/main.yml

diff --git a/roles/ifupdown2/tasks/main.yml b/roles/ifupdown2/tasks/main.yml
new file mode 100644
index 0000000..0c6d547
--- /dev/null
+++ b/roles/ifupdown2/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: Gather package facts
+  package_facts:
+    manager: apt
+
+- name: Check if ifupdown2 is installed
+  set_fact:
+    must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
+
+- name: Mask networking before installing ifupdown2
+  systemd:
+    name: networking.service
+    masked: true
+  when: must_mask
+
+- name: Install ifupdown2
+  apt:
+    name: ifupdown2
+
+- name: Unmask networking now that ifupdown2 is installed
+  systemd:
+    name: networking.service
+    masked: false
+  when: must_mask
+
+- name: Enable and start networking
+  systemd:
+    name: networking.service
+    state: started
+    enabled: true
+...

From e26d5dfc2738fc1472cfcf618e1e6b408734ea90 Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Fri, 26 Aug 2022 19:11:40 +0200
Subject: [PATCH 2/7] resolvconf: add role

---
 roles/resolvconf/tasks/main.yml           |  9 +++++++++
 roles/resolvconf/templates/resolv.conf.j2 | 11 +++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 roles/resolvconf/tasks/main.yml
 create mode 100644 roles/resolvconf/templates/resolv.conf.j2

diff --git a/roles/resolvconf/tasks/main.yml b/roles/resolvconf/tasks/main.yml
new file mode 100644
index 0000000..d650b78
--- /dev/null
+++ b/roles/resolvconf/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Install resolv.conf
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+...
diff --git a/roles/resolvconf/templates/resolv.conf.j2 b/roles/resolvconf/templates/resolv.conf.j2
new file mode 100644
index 0000000..9376000
--- /dev/null
+++ b/roles/resolvconf/templates/resolv.conf.j2
@@ -0,0 +1,11 @@
+{{ ansible_managed | comment }}
+
+{% for nameserver in resolvconf__nameservers %}
+nameserver {{ nameserver | ipaddr }}
+{% endfor %}
+{% if resolvconf__domain is defined %}
+domain {{ resolvconf__domain }}
+{% endif %}
+{% if resolvconf__search is defined %}
+search {{ resolvconf__search | join(" ") }}
+{% endif %}

From a5a4d28ccc902cbde09fa0566108c62f85e83c45 Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Fri, 26 Aug 2022 20:52:23 +0200
Subject: [PATCH 3/7] ifupdown2: simple interfaces file configuration

---
 roles/ifupdown2/defaults/main.yml       |  3 +++
 roles/ifupdown2/handlers/main.yml       |  6 ++++++
 roles/ifupdown2/tasks/main.yml          | 10 ++++++++++
 roles/ifupdown2/templates/interfaces.j2 | 12 ++++++++++++
 4 files changed, 31 insertions(+)
 create mode 100644 roles/ifupdown2/defaults/main.yml
 create mode 100644 roles/ifupdown2/handlers/main.yml
 create mode 100644 roles/ifupdown2/templates/interfaces.j2

diff --git a/roles/ifupdown2/defaults/main.yml b/roles/ifupdown2/defaults/main.yml
new file mode 100644
index 0000000..a419f07
--- /dev/null
+++ b/roles/ifupdown2/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+ifupdown2__interfaces: {}
+...
diff --git a/roles/ifupdown2/handlers/main.yml b/roles/ifupdown2/handlers/main.yml
new file mode 100644
index 0000000..a065d26
--- /dev/null
+++ b/roles/ifupdown2/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart networking
+  systemd:
+    name: networking.service
+    state: restarted
+...
diff --git a/roles/ifupdown2/tasks/main.yml b/roles/ifupdown2/tasks/main.yml
index 0c6d547..5b1ed81 100644
--- a/roles/ifupdown2/tasks/main.yml
+++ b/roles/ifupdown2/tasks/main.yml
@@ -23,6 +23,16 @@
     masked: false
   when: must_mask
 
+- name: Configure ifupdown2
+  template:
+    src: interfaces.j2
+    dest: /etc/network/interfaces
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify:
+    - Restart networking
+
 - name: Enable and start networking
   systemd:
     name: networking.service
diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2
new file mode 100644
index 0000000..236a0ee
--- /dev/null
+++ b/roles/ifupdown2/templates/interfaces.j2
@@ -0,0 +1,12 @@
+{{ ansible_managed | comment }}
+
+{% for name, iface in ifupdown2__interfaces.items() %}
+allow-hotplug {{ name }}
+iface {{ name }}
+{% for address in iface.addresses %}
+    address {{ address | ipaddr }}
+{% endfor %}
+{% for gateway in iface.gateways %}
+    gateway {{ gateway | ipaddr }}
+{% endfor %}
+{% endfor %}

From 5ae7126ce29a8986774f84081df3bc90be3daa4f Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Sat, 27 Aug 2022 04:10:11 +0200
Subject: [PATCH 4/7] ifupdown2: add support for stanzas with no gateway

---
 roles/ifupdown2/templates/interfaces.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2
index 236a0ee..81ce05f 100644
--- a/roles/ifupdown2/templates/interfaces.j2
+++ b/roles/ifupdown2/templates/interfaces.j2
@@ -6,7 +6,8 @@ iface {{ name }}
 {% for address in iface.addresses %}
     address {{ address | ipaddr }}
 {% endfor %}
-{% for gateway in iface.gateways %}
+{% for gateway in iface.gateways | default([]) %}
     gateway {{ gateway | ipaddr }}
 {% endfor %}
+
 {% endfor %}

From 15e2db49f378e20938e0b77f96d1ea9bd345cedd Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Sat, 27 Aug 2022 04:22:15 +0200
Subject: [PATCH 5/7] add remove_domain_suffix filter

---
 ansible.cfg                 |  1 +
 filter_plugins/net_utils.py | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 filter_plugins/net_utils.py

diff --git a/ansible.cfg b/ansible.cfg
index 6476e6f..b04e116 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,6 +3,7 @@ ask_vault_pass = True
 roles_path = ./roles
 retry_files_enabled = False
 inventory = ./hosts
+filter_plugins = ./filter_plugins
 ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
 nocows = 1
 forks = 15
diff --git a/filter_plugins/net_utils.py b/filter_plugins/net_utils.py
new file mode 100644
index 0000000..082f34d
--- /dev/null
+++ b/filter_plugins/net_utils.py
@@ -0,0 +1,13 @@
+import dns.name
+
+
+class FilterModule:
+    def filters(self):
+        return {
+            "remove_domain_suffix": remove_domain_suffix,
+        }
+
+
+def remove_domain_suffix(name):
+    parent = dns.name.from_text(name).parent()
+    return parent.to_text()

From 1281a6a51aa5b017a3c55754fc9b4c28372db0b5 Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Sat, 27 Aug 2022 04:26:14 +0200
Subject: [PATCH 6/7] ifupdown2: add playbook

---
 playbooks/ifupdown2.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100755 playbooks/ifupdown2.yml

diff --git a/playbooks/ifupdown2.yml b/playbooks/ifupdown2.yml
new file mode 100755
index 0000000..01d72f0
--- /dev/null
+++ b/playbooks/ifupdown2.yml
@@ -0,0 +1,32 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - ntp-1.int.infra.auro.re
+  vars:
+    # TODO: netbox
+    ifupdown2__hosts:
+      ntp-1.int.infra.auro.re:
+        ens18:
+          gateways:
+            - 2a09:6840:128::254
+            - 10.128.0.254
+          addresses:
+            - 2a09:6840:128::203/56
+            - 10.128.0.203/16
+    ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
+  roles:
+    - ifupdown2
+
+- hosts:
+    - ntp-1.int.infra.auro.re
+  vars:
+    resolvconf__nameservers:
+      - 2a09:6840:128::127
+      - 10.128.0.127
+    resolvconf__domain: auro.re
+    resolvconf__search:
+      - "{{ inventory_hostname | remove_domain_suffix }}"
+      - auro.re
+  roles:
+    - resolvconf
+...

From f723c3e1a458d47619fa446f23b951aae06adf31 Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Sat, 27 Aug 2022 04:46:16 +0200
Subject: [PATCH 7/7] ifupdown2: notify ifup -a + auto instead of allow-hotplug

---
 roles/ifupdown2/handlers/main.yml       | 3 +++
 roles/ifupdown2/tasks/main.yml          | 1 +
 roles/ifupdown2/templates/interfaces.j2 | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/ifupdown2/handlers/main.yml b/roles/ifupdown2/handlers/main.yml
index a065d26..9a5d0c0 100644
--- a/roles/ifupdown2/handlers/main.yml
+++ b/roles/ifupdown2/handlers/main.yml
@@ -3,4 +3,7 @@
   systemd:
     name: networking.service
     state: restarted
+
+- name: Bring all interfaces up
+  shell: /usr/sbin/ifup -a
 ...
diff --git a/roles/ifupdown2/tasks/main.yml b/roles/ifupdown2/tasks/main.yml
index 5b1ed81..aa07c7f 100644
--- a/roles/ifupdown2/tasks/main.yml
+++ b/roles/ifupdown2/tasks/main.yml
@@ -32,6 +32,7 @@
     mode: u=rw,g=r,o=
   notify:
     - Restart networking
+    - Bring all interfaces up
 
 - name: Enable and start networking
   systemd:
diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2
index 81ce05f..d61606c 100644
--- a/roles/ifupdown2/templates/interfaces.j2
+++ b/roles/ifupdown2/templates/interfaces.j2
@@ -1,7 +1,7 @@
 {{ ansible_managed | comment }}
 
 {% for name, iface in ifupdown2__interfaces.items() %}
-allow-hotplug {{ name }}
+auto {{ name }}
 iface {{ name }}
 {% for address in iface.addresses %}
     address {{ address | ipaddr }}