57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
---
|
|
- name: "Install networking packages"
|
|
ansible.builtin.package:
|
|
name:
|
|
- iptables
|
|
- iptables-persistent
|
|
- ifupdown
|
|
state: present
|
|
|
|
- name: "Ensure systemd-resolved is stopped and disabled"
|
|
service:
|
|
name: systemd-resolved
|
|
enabled: false
|
|
state: stopped
|
|
|
|
- name: "Write config for lan interface"
|
|
ansible.builtin.copy:
|
|
content: |
|
|
auto {{ dhcp_interface }}
|
|
allow-hotplug {{ dhcp_interface }}
|
|
iface {{ dhcp_interface }} inet static
|
|
address {{ server_ip }}
|
|
netmask {{ server_netmask }}
|
|
dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
register: dhcp_iface_config
|
|
|
|
- name: "Restart lan interface"
|
|
ansible.builtin.shell: |
|
|
ifdown --force {{ dhcp_interface }} || true
|
|
ifup {{ dhcp_interface }}
|
|
when:
|
|
- dhcp_iface_config.changed
|
|
|
|
- name: "Enable permantent masquerading for ipv4"
|
|
ansible.builtin.copy:
|
|
content: |
|
|
*nat
|
|
:PREROUTING ACCEPT [0:0]
|
|
:INPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A POSTROUTING -o {{wan_interface}} -j MASQUERADE
|
|
COMMIT
|
|
dest: "/etc/iptables/rules.v4"
|
|
notify: apply iptables
|
|
|
|
- name: "Enable ip forwarding"
|
|
ansible.builtin.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|