diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 5c121a6..4a29445 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -9,6 +9,7 @@ - imagemagick - keychain - libarchive-tools + - lsof - mg - nmap - nvi diff --git a/roles/development/tasks/main.yml b/roles/development/tasks/main.yml index 62c5086..7f26653 100644 --- a/roles/development/tasks/main.yml +++ b/roles/development/tasks/main.yml @@ -10,6 +10,7 @@ - cmake - devscripts - gcc + - ghc - git - golang-google-genproto-dev - golang-goprotobuf-dev diff --git a/roles/server/defaults/main.yaml b/roles/server/defaults/main.yaml index 8487512..4d58ff6 100644 --- a/roles/server/defaults/main.yaml +++ b/roles/server/defaults/main.yaml @@ -1,2 +1,2 @@ router_server: False - +router_if: eth0 diff --git a/roles/server/files/20-router.yaml.j2 b/roles/server/files/20-router.yaml.j2 new file mode 100644 index 0000000..dc75bc8 --- /dev/null +++ b/roles/server/files/20-router.yaml.j2 @@ -0,0 +1,8 @@ +network: + version: 2 + ethernets: + "{{ router_if }}": + dhcp4: False + dhcp6: False + addresses: + - "192.168.3.254/24" \ No newline at end of file diff --git a/roles/server/files/dnsmasq.conf.j2 b/roles/server/files/dnsmasq.conf.j2 new file mode 100644 index 0000000..a650ab5 --- /dev/null +++ b/roles/server/files/dnsmasq.conf.j2 @@ -0,0 +1,11 @@ +listen-address=::1,127.0.0.1,192.168.3.254 +interface={{ router_if }} +domain=wntrmute.lan +expand-hosts +server=8.8.8.8 +server=8.8.4.4 + +dhcp-range=192.168.3.1,192.168.3.30,24h +dhcp-option=option:router,192.168.3.254 +dhcp-option=option:dns-server,8.8.8.8 +dhcp-authoritative \ No newline at end of file diff --git a/roles/server/files/hosts b/roles/server/files/hosts new file mode 100644 index 0000000..0b4ed71 --- /dev/null +++ b/roles/server/files/hosts @@ -0,0 +1,4 @@ +127.0.0.1 localhost + +192.168.3.1 cdev +192.168.3.254 orion \ No newline at end of file diff --git a/roles/server/files/resolv.conf b/roles/server/files/resolv.conf new file mode 100644 index 0000000..0bb9939 --- /dev/null +++ b/roles/server/files/resolv.conf @@ -0,0 +1,2 @@ +nameserver 8.8.8.8 +nameserver 8.8.4.4 \ No newline at end of file diff --git a/roles/server/tasks/router.yaml b/roles/server/tasks/router.yaml index f06958d..db513b1 100644 --- a/roles/server/tasks/router.yaml +++ b/roles/server/tasks/router.yaml @@ -1,16 +1,54 @@ -- name: set up netplan +- name: set up IPv4 forwarding become: true - ansible.builtin.file: - content: | - network: - version: 2 - ethernets: - eth0: - dhcp4: False - dhcp6: False - addresses: - - "192.168.4.254/24" - dest: /etc/netplan/20-router-eth0.yaml + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: true + state: present + reload: true + +# # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +- name: set up NAT table + become: true + ansible.builtin.iptables: + table: nat + chain: POSTROUTING + jump: MASQUERADE + in_interface: "{{ router_if }}" + +# iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT +- name: set up forwarding from {{ router_if }} to wlo1 + become: true + ansible.builtin.iptables: + chain: FORWARD + in_interface: "{{ router_if }}" + out_interface: wlo1 + ctstate: ESTABLISHED,RELATED + jump: ACCEPT + +# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT +- name: set up forwarding + become: true + ansible.builtin.iptables: + chain: FORWARD + in_interface: "{{ router_if }}" + out_interface: wlo1 + jump: ACCEPT + +- name: copy hosts + become: true + ansible.builtin.copy: + src: "{{ role_path }}/files/hosts" + dest: /etc/hosts + mode: 0644 + owner: root + group: root + +- name: set up netplan for {{ router_if }} + become: true + ansible.builtin.template: + src: "{{ role_path }}/files/20-router.yaml.j2" + dest: /etc/netplan/20-router-{{ router_if }}.yaml mode: 0644 owner: root group: root @@ -22,16 +60,29 @@ - name: copy dnsmasq.conf become: true - ansible.builtin.copy: - src: "{{ role_path }}/files/dnsmasq.conf" + ansible.builtin.template: + src: "{{ role_path }}/files/dnsmasq.conf.j2" dest: /etc/dnsmasq.conf mode: 0644 owner: root group: root -- name: install netmasq +- name: disable systemd-resolved + become: true + ansible.builtin.service: + name: systemd-resolved + enabled: false + state: stopped + +- name: install dnsmasq become: true ansible.builtin.apt: name: dnsmasq state: present +- name: enable dnsmasq + become: true + ansible.builtin.service: + name: dnsmasq + enabled: true + state: restarted diff --git a/site.yml b/site.yml index 4e123ce..bee2ca9 100644 --- a/site.yml +++ b/site.yml @@ -40,3 +40,5 @@ dev_virt: True dev_embedded: True dev_rust: True + router_server: true + router_if: enp89s0