From 9018bc3c8804c3fb70aa20bbf67fc6495e5ab2ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20B=C3=B6hm?= <alexander.boehm@malbolge.net>
Date: Sat, 16 Oct 2021 16:05:05 +0200
Subject: [PATCH] Initial commit

---
 README.md                                   | 52 +++++++++++++++++++++
 defaults/main.yml                           |  7 +++
 handlers/main.yml                           |  2 +
 meta/main.yml                               | 52 +++++++++++++++++++++
 tasks/main.yml                              | 40 ++++++++++++++++
 templates/etc-network-interface.d-bridge.j2 | 35 ++++++++++++++
 tests/inventory                             |  2 +
 tests/test.yml                              |  5 ++
 vars/main.yml                               |  2 +
 9 files changed, 197 insertions(+)
 create mode 100644 README.md
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/etc-network-interface.d-bridge.j2
 create mode 100644 tests/inventory
 create mode 100644 tests/test.yml
 create mode 100644 vars/main.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..34c59a7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,52 @@
+Role Name
+=========
+
+Configure a network bridge with BATMAN support
+
+Requirements
+------------
+
+* Debian buster/bullseye
+
+Role Variables
+--------------
+
+TBD
+
+Dependencies
+------------
+
+TBD
+
+Example Playbook
+-------
+
+```yaml
+- hosts: servers
+  become: yes
+  vars:
+    # name of the bridge (default br-mesh)
+    batman_bridge_name: br-mesh
+    # name of the batman interface (default bat0)
+    batman_bridge_batman_interface: bat0
+    # interfaces added to the bridge and to provide batman
+    batman_bridge_ports:
+        - eth1
+        - wlan0
+    # IPv4/6 addresses of the bridge
+    batman_bridge_addresses:
+        - 172.16.1.3
+        - fd00:1234:5678::3
+  roles:
+     - batman-bridge-setup
+```
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Alexander Böhm (alexander.boehm@malbolge.net)
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..2a2be1f
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# defaults file for batman-bridge-setup
+
+batman_bridge_name: br-mesh
+batman_bridge_batman_interface: bat0
+batman_bridge_ports: []
+batman_bridge_addresses: []
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..cd21505
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..c572acc
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..c181d6f
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+
+- package:
+    name:
+      - batctl
+    state: present
+
+- copy:
+    content: |
+      # ansible managed
+      batman-adv
+    dest: /etc/modules-load.d/batman.conf
+    owner: root
+    group: root
+    mode: o=rw,g=r,o=r
+  register: batman_mod_conf
+
+# immediately reload modules or the network configuration will fail
+- name: Reload kernel modules
+  service:
+    name: systemd-modules-load.service
+    state: restarted
+  when:
+    - batman_mod_conf.changed 
+
+- name: set configuration for batman bridge
+  template:
+    src: etc-network-interface.d-bridge.j2
+    dest: "/etc/network/interfaces.d/{{ batman_bridge_name }}"
+    owner: root
+    group: root
+    mode: o=rw,g=r,o=r
+  register: batman_bridge_net_conf
+
+# immediately reconfigure the network
+- name: Reconfigure mesh bridge
+  shell: "ifdown --force {{ batman_bridge_name }} || true ; ifup {{ batman_bridge_name }} || true"
+  when:
+    - batman_bridge_net_conf.changed
+
diff --git a/templates/etc-network-interface.d-bridge.j2 b/templates/etc-network-interface.d-bridge.j2
new file mode 100644
index 0000000..755ae71
--- /dev/null
+++ b/templates/etc-network-interface.d-bridge.j2
@@ -0,0 +1,35 @@
+# ansible managed
+auto {{ batman_bridge_name }}
+iface {{ batman_bridge_name }} inet6 auto
+{% if batman_bridge_mtu |d(False) %}
+    mtu {{ batman_bridge_mtu }}
+{% endif %}
+    pre-up    batctl -m {{ batman_bridge_batman_interface }} interface create
+    pre-up    ip link add $IFACE type bridge
+    pre-up    ip link set {{ batman_bridge_batman_interface }} master $IFACE
+{% for dev in batman_bridge_ports %}
+    pre-up    ip link set {{ dev }} master $IFACE
+    pre-up    batctl -m {{ batman_bridge_batman_interface }} if add {{ dev }}
+    pre-up    ip link set {{ dev }} up
+{% endfor %}
+    pre-up    batctl -m {{ batman_bridge_batman_interface }} gw_mode server
+    pre-up    ip link set {{ batman_bridge_batman_interface }} up
+    pre-up    ip link set $IFACE up
+    pre-up    sysctl -w "net.ipv6.conf.$IFACE.forwarding=0"
+{% if batman_bridge_addresses |ipv6 %}
+    # enable ipv6 explicitly (required such as vagrant)
+    pre-up    sysctl -w "net.ipv6.conf.$IFACE.accept_ra=0"
+    pre-up    sysctl -w "net.ipv6.conf.$IFACE.disable_ipv6=0"
+{% endif %}
+{% for addr in batman_bridge_addresses |ipv4 %}
+    up        ip -4 addr add {{ addr |ipaddr('ipv4') }} dev $IFACE
+{% endfor %}
+{% for addr in batman_bridge_addresses |ipv6 %}
+    up        ip -6 addr add {{ addr |ipaddr('ipv6') }} dev $IFACE
+{% endfor %}
+    down      ip addr flush dev $IFACE
+    post-down ip link set $IFACE down
+    post-down ip link set {{ batman_bridge_batman_interface }} down
+    post-down ip link del $IFACE
+    post-down batctl -m {{ batman_bridge_batman_interface }} interface destroy
+
diff --git a/tests/inventory b/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..ab15766
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - batman-bridge-setup
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..594c43b
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for batman-bridge-setup