--- # XXX: YES, this is ugly as fuck. - name: set IP suffix (main) set_fact: router_hard_ip_suffix: 240 when: "'backup' not in ansible_hostname" - name: set IP suffix (backup) set_fact: router_hard_ip_suffix: 140 when: "'backup' in ansible_hostname" - name: Enable IPv4 packet forwarding ansible.posix.sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: true - name: Enable IPv6 packet forwarding ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: '1' sysctl_set: true - name: Configure /etc/network/interfaces for routeur-aurore* template: src: interfaces-aurore dest: /etc/network/interfaces mode: 0644 when: "'routeur-aurore' in ansible_hostname" - name: Install ipset apt: name: ipset update_cache: true register: apt_result retries: 3 until: apt_result is succeeded - name: Install aurore-firewall (re2o-service) import_role: name: re2o_service vars: service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git service_name: aurore-firewall service_version: aurore service_config: hostname: re2o.auro.re username: service-user password: "{{ vault_serviceuser_passwd }}" notify: run aurore-firewall - name: Configure aurore-firewall for local router template: src: firewall_config.py dest: /var/local/re2o-services/aurore-firewall/firewall_config.py mode: 0644 notify: run aurore-firewall when: "'routeur-aurore' not in ansible_hostname" - name: Configure aurore-firewall for routeur-aurore* template: src: firewall_config_aurore.py dest: /var/local/re2o-services/aurore-firewall/firewall_config.py mode: 0644 notify: run aurore-firewall when: "'routeur-aurore' in ansible_hostname" - name: Install keepalived apt: name: keepalived update_cache: true register: apt_result retries: 3 until: apt_result is succeeded - name: configure keepalived for local router template: src: keepalived.conf dest: /etc/keepalived/keepalived.conf mode: 0644 notify: Reload keepalived when: "'routeur-aurore' not in ansible_hostname" - name: configure keepalived for routeur-aurore* template: src: keepalived-aurore.conf dest: /etc/keepalived/keepalived.conf mode: 0644 notify: restart keepalived when: "'routeur-aurore' in ansible_hostname" - name: Configure cron template: src: cron.d/re2o-services dest: /etc/cron.d/re2o-services mode: 0644