90 lines
2.3 KiB
YAML
90 lines
2.3 KiB
YAML
---
|
|
|
|
# XXX: YES, this is ugly as fuck.
|
|
- name: set IP suffix (main)
|
|
set_fact:
|
|
router_hard_ip_suffix: 240
|
|
when: "'backup' not in ansible_hostname"
|
|
|
|
- name: set IP suffix (backup)
|
|
set_fact:
|
|
router_hard_ip_suffix: 140
|
|
when: "'backup' in ansible_hostname"
|
|
|
|
- name: Enable IPv4 packet forwarding
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: true
|
|
|
|
- name: Enable IPv6 packet forwarding
|
|
ansible.posix.sysctl:
|
|
name: net.ipv6.conf.all.forwarding
|
|
value: '1'
|
|
sysctl_set: true
|
|
|
|
- name: Configure /etc/network/interfaces for routeur-aurore*
|
|
template:
|
|
src: interfaces-aurore
|
|
dest: /etc/network/interfaces
|
|
mode: 0644
|
|
when: "'routeur-aurore' in ansible_hostname"
|
|
|
|
- name: Install aurore-firewall (re2o-service)
|
|
import_role:
|
|
name: re2o-service
|
|
vars:
|
|
service_repo: https://gitlab.federez.net/aurore/aurore-firewall.git
|
|
service_name: aurore-firewall
|
|
service_version: aurore
|
|
service_config:
|
|
hostname: re2o.auro.re
|
|
username: service-user
|
|
password: "{{ vault_serviceuser_passwd }}"
|
|
notify: run aurore-firewall
|
|
|
|
- name: Configure aurore-firewall for local router
|
|
template:
|
|
src: firewall_config.py
|
|
dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
|
|
mode: 0644
|
|
notify: run aurore-firewall
|
|
when: "'routeur-aurore' not in ansible_hostname"
|
|
|
|
- name: Configure aurore-firewall for routeur-aurore*
|
|
template:
|
|
src: firewall_config_aurore.py
|
|
dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
|
|
mode: 0644
|
|
notify: run aurore-firewall
|
|
when: "'routeur-aurore' in ansible_hostname"
|
|
|
|
- name: Install keepalived
|
|
apt:
|
|
name: keepalived
|
|
update_cache: true
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
- name: configure keepalived for local router
|
|
template:
|
|
src: keepalived.conf
|
|
dest: /etc/keepalived/keepalived.conf
|
|
mode: 0644
|
|
notify: restart keepalived
|
|
when: "'routeur-aurore' not in ansible_hostname"
|
|
|
|
- name: configure keepalived for routeur-aurore*
|
|
template:
|
|
src: keepalived-aurore.conf
|
|
dest: /etc/keepalived/keepalived.conf
|
|
mode: 0644
|
|
notify: restart keepalived
|
|
when: "'routeur-aurore' in ansible_hostname"
|
|
|
|
- name: Configure cron
|
|
template:
|
|
src: cron.d/re2o-services
|
|
dest: /etc/cron.d/re2o-services
|
|
mode: 0644
|