ansible-install-server/roles/fai/tasks/network.yml

- name: install packages
  apt:
    name: ['iptables', 'ifupdown']
    state: present

- name: ensure resolved is stopped and disabled
  service:
    name: systemd-resolved
    enabled: false
    state: stopped

- name: write config for lan interface
  copy:
    content: |
      auto {{ dhcp_interface }}
      allow-hotplug {{ dhcp_interface }}
      iface {{ dhcp_interface }} inet static
        address {{ server_ip }}
        netmask {{ server_netmask }}
    dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
    owner: root
    group: root
    mode: 0644
  register: lan_iface_cfg

- name: setup lan interface
  shell: |
    ifdown --force {{ dhcp_interface }} || true
    ifup {{ dhcp_interface }}
  when: lan_iface_cfg.changed

- name: enable permantent masquerading
  copy:
    content: |
      *nat
      :PREROUTING ACCEPT [0:0]
      :INPUT ACCEPT [0:0]
      :POSTROUTING ACCEPT [0:0]
      :OUTPUT ACCEPT [0:0]
      -A POSTROUTING -o {{wan_interface}} -j MASQUERADE
      COMMIT
    dest: /etc/network/iptables.up.rules
  register: iptables_up_rules

- name: apply iptables rules
  iptables:
    table: nat
    chain: POSTROUTING
    out_interface: "{{ wan_interface }}"
    jump: MASQUERADE

- name: enable ip forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes
    state: present
    reload: yes
Some extensions - add offline mode - removed wan config - add apt.faiserver.lan domain to unbound - website apt.faiserver.lan in nginx to point to apt-cacher apt-repo 2020-10-08 18:17:01 +00:00			`- name: install packages`
Initial 2020-08-26 10:10:36 +00:00			`apt:`
Some extensions - add offline mode - removed wan config - add apt.faiserver.lan domain to unbound - website apt.faiserver.lan in nginx to point to apt-cacher apt-repo 2020-10-08 18:17:01 +00:00			`name: ['iptables', 'ifupdown']`
Initial 2020-08-26 10:10:36 +00:00			`state: present`

Some extensions - add offline mode - removed wan config - add apt.faiserver.lan domain to unbound - website apt.faiserver.lan in nginx to point to apt-cacher apt-repo 2020-10-08 18:17:01 +00:00			`- name: ensure resolved is stopped and disabled`
			`service:`
			`name: systemd-resolved`
			`enabled: false`
			`state: stopped`

			`- name: write config for lan interface`
			`copy:`
			`content: \|`
			`auto {{ dhcp_interface }}`
			`allow-hotplug {{ dhcp_interface }}`
			`iface {{ dhcp_interface }} inet static`
			`address {{ server_ip }}`
			`netmask {{ server_netmask }}`
			`dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`register: lan_iface_cfg`

			`- name: setup lan interface`
			`shell: \|`
WIP 2020-10-14 22:20:05 +00:00			`ifdown --force {{ dhcp_interface }} \|\| true`
Some extensions - add offline mode - removed wan config - add apt.faiserver.lan domain to unbound - website apt.faiserver.lan in nginx to point to apt-cacher apt-repo 2020-10-08 18:17:01 +00:00			`ifup {{ dhcp_interface }}`
			`when: lan_iface_cfg.changed`

Initial 2020-08-26 10:10:36 +00:00			`- name: enable permantent masquerading`
			`copy:`
			`content: \|`
			`*nat`
			`:PREROUTING ACCEPT [0:0]`
			`:INPUT ACCEPT [0:0]`
			`:POSTROUTING ACCEPT [0:0]`
			`:OUTPUT ACCEPT [0:0]`
			`-A POSTROUTING -o {{wan_interface}} -j MASQUERADE`
			`COMMIT`
			`dest: /etc/network/iptables.up.rules`
			`register: iptables_up_rules`

			`- name: apply iptables rules`
			`iptables:`
			`table: nat`
			`chain: POSTROUTING`
WIP 2020-10-14 22:20:05 +00:00			`out_interface: "{{ wan_interface }}"`
Initial 2020-08-26 10:10:36 +00:00			`jump: MASQUERADE`

			`- name: enable ip forwarding`
			`sysctl:`
			`name: net.ipv4.ip_forward`
			`value: '1'`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`