64 lines
1.4 KiB
YAML
64 lines
1.4 KiB
YAML
---
|
|
- name: "Install networking packages"
|
|
become: true
|
|
ansible.builtin.package:
|
|
name:
|
|
- iptables
|
|
- iptables-persistent
|
|
- ifupdown
|
|
state: latest
|
|
tags:
|
|
- network_packages_install
|
|
|
|
- name: "Write config for lan interface"
|
|
become: true
|
|
ansible.builtin.copy:
|
|
content: |
|
|
allow-hotplug {{ dhcp_interface }}
|
|
iface {{ dhcp_interface }} inet static
|
|
address {{ server_ip }}
|
|
dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
register: dhcp_iface_config
|
|
tags:
|
|
- network_
|
|
|
|
- name: "Restart lan interface"
|
|
become: true
|
|
ansible.builtin.shell: |
|
|
ifdown --force {{ dhcp_interface }} || true
|
|
ifup {{ dhcp_interface }}
|
|
when:
|
|
- dhcp_iface_config.changed
|
|
tags:
|
|
- network_iface_restart
|
|
|
|
- name: "Enable masquerading for ipv4 permanently"
|
|
become: true
|
|
ansible.builtin.copy:
|
|
content: |
|
|
*nat
|
|
:PREROUTING ACCEPT [0:0]
|
|
:INPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A POSTROUTING -o {{wan_interface}} -j MASQUERADE
|
|
COMMIT
|
|
dest: "/etc/iptables/rules.v4"
|
|
notify: apply iptables
|
|
tags:
|
|
- network_masquerade
|
|
|
|
- name: "Enable IP forwarding"
|
|
become: true
|
|
ansible.builtin.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: true
|
|
state: present
|
|
reload: true
|
|
tags:
|
|
- network_ip_forward
|