radvd: update role

This commit is contained in:
jeltz 2022-09-02 17:14:31 +02:00
parent 2e10714a79
commit b0c386507a
Signed by: jeltz
GPG key ID: 800882B66C0C3326
5 changed files with 88 additions and 88 deletions

30
playbooks/radvd.yml Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
radvd__interfaces:
client-0:
prefix:
- 2a09:6841::/56
client-1:
prefix:
- 2a09:6841:0:100::/56
client-2:
prefix:
- 2a09:6841:0:200::/56
client-3:
prefix:
- 2a09:6841:0:300::/56
client-4:
prefix:
- 2a09:6841:0:400::/56
radvd__domain_search:
- isp.auro.re
- auro.re
radvd__dns_servers:
- 2a09:6840:128::127
roles:
- radvd
...

View file

@ -0,0 +1,8 @@
---
radvd__interfaces: {}
radvd__min_adv_interval: 3
radvd__max_adv_interval: 600
radvd__dns_servers: []
radvd__domain_search: []
radvd__ignore_if_missing: true
...

View file

@ -1,6 +1,6 @@
--- ---
- name: restart radvd - name: Restart radvd
systemd: systemd:
name: radvd.service
state: restarted state: restarted
name: radvd ...
enabled: true

View file

@ -1,19 +1,20 @@
--- ---
# Warning: radvd installation seems to fail if the configuration - name: Install radvd
# file doesn't already exist when the package is installed, apt:
# so the order is important. name: radvd
- name: Configure radvd - name: Configure radvd
template: template:
src: radvd.conf.j2 src: radvd.conf.j2
dest: /etc/radvd.conf dest: /etc/radvd.conf
mode: 0644 owner: root
notify: restart radvd group: root
tags: mode: u=rw,g=r,o=
- radconf notify: Restart radvd
- name: Install radvd - name: Enable and start radvd
apt: systemd:
update_cache: true name: radvd.service
name: radvd state: started
state: present enabled: true
notify: restart radvd ...

View file

@ -1,80 +1,41 @@
# -*- mode: conf-unix; coding: utf-8 -*- {{ ansible_managed | comment }}
## {% for name, iface in radvd__interfaces.items() %}
# Bornes Wi-Fi interface {{ name }} {
##
# # Need to add an interface for this VLAN on "routeur-*" hosts.
#
# interface ens19 {
# AdvSendAdvert on;
# AdvLinkMTU {{ mtu }};
# AdvDefaultPreference high;
# MaxRtrAdvInterval 30;
#
# AdvRASrcAddress {
# {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:250; # Unifi controller
# };
#
# prefix {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::/64 {
# AdvRouterAddr on;
# };
#
# # La zone DNS
# DNSSL borne.auro.re {};
#
# # Les DNS récursifs
# RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::{{ dns_host_suffix_main }} {};
# RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::{{ dns_host_suffix_backup }} {};
# };
##
# Utilisateurs filaire
##
interface ens20 {
AdvSendAdvert on; AdvSendAdvert on;
AdvLinkMTU {{ mtu }}; IgnoreIfMissing {{ iface.ignore_if_missing
AdvDefaultPreference high; | default(radvd__ignore_if_missing)
MaxRtrAdvInterval 30; | ternary("yes", "no") }};
{% if iface.mtu is defined %}
AdvLinkMTU {{ iface.mtu | int }};
{% endif %}
AdvDefaultPreference high; # TODO
MinRtrAdvInterval {{ iface.min_adv_interval
| default(radvd__min_adv_interval)
| int }};
MaxRtrAdvInterval {{ iface.max_adv_interval
| default(radvd__max_adv_interval)
| int }};
{% if iface.src_address | default([]) %}
AdvRASrcAddress { AdvRASrcAddress {
fe80::1; # link-local virtual IP used with keepalived {% for addr in iface.src_address %}
{{ addr | ipv6 }}
{% endfor %}
}; };
{% endif %}
prefix {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::/64 { {% for prefix in iface.prefix | default([]) %}
prefix {{ prefix | ipv6 }} {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on; AdvRouterAddr on;
}; };
{% endfor %}
DNSSL fil.{{ apartment_block_dhcp }}.auro.re {}; # TODO: fix this shitty workaround. {% for domain in iface.domain_search | default(radvd__domain_search) %}
DNSSL {{ domain }} {};
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::{{ dns_host_suffix_main }} {}; {% endfor %}
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::{{ dns_host_suffix_backup }} {}; {% for addr in iface.dns_servers | default(radvd__dns_servers) %}
RDNSS {{ addr | ipv6 }} {};
{% endfor %}
}; };
{% endfor %}
##
# Utilisateurs wifi
##
interface ens21 {
AdvSendAdvert on;
AdvLinkMTU {{ mtu }};
AdvDefaultPreference high;
MaxRtrAdvInterval 30;
AdvRASrcAddress {
fe80::1;
};
prefix {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::/64 {
AdvRouterAddr on;
};
DNSSL wifi.{{ apartment_block_dhcp }}.auro.re {}; # TODO: fix this shitty workaround.
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::{{ dns_host_suffix_main }} {};
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::{{ dns_host_suffix_backup }} {};
};
# For public IPs: will use DHCPv6, deployed on routeur-aurore alone.