89 lines
1.9 KiB
YAML
89 lines
1.9 KiB
YAML
- name: set up IPv4 forwarding
|
|
become: true
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: true
|
|
state: present
|
|
reload: true
|
|
|
|
# # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
- name: set up NAT table
|
|
become: true
|
|
ansible.builtin.iptables:
|
|
table: nat
|
|
chain: POSTROUTING
|
|
jump: MASQUERADE
|
|
in_interface: "{{ router_if }}"
|
|
|
|
# iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
- name: set up forwarding from {{ router_if }} to wlo1
|
|
become: true
|
|
ansible.builtin.iptables:
|
|
chain: FORWARD
|
|
in_interface: "{{ router_if }}"
|
|
out_interface: wlo1
|
|
ctstate: ESTABLISHED,RELATED
|
|
jump: ACCEPT
|
|
|
|
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
|
- name: set up forwarding
|
|
become: true
|
|
ansible.builtin.iptables:
|
|
chain: FORWARD
|
|
in_interface: "{{ router_if }}"
|
|
out_interface: wlo1
|
|
jump: ACCEPT
|
|
|
|
- name: copy hosts
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: "{{ role_path }}/files/hosts"
|
|
dest: /etc/hosts
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: set up netplan for {{ router_if }}
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/files/20-router.yaml.j2"
|
|
dest: /etc/netplan/20-router-{{ router_if }}.yaml
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: apply netplan
|
|
become: true
|
|
ansible.builtin.command:
|
|
cmd: netplan apply
|
|
|
|
- name: copy dnsmasq.conf
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/files/dnsmasq.conf.j2"
|
|
dest: /etc/dnsmasq.conf
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: disable systemd-resolved
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: systemd-resolved
|
|
enabled: false
|
|
state: stopped
|
|
|
|
- name: install dnsmasq
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: dnsmasq
|
|
state: present
|
|
|
|
- name: enable dnsmasq
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: dnsmasq
|
|
enabled: true
|
|
state: restarted
|