Commit 407a0155 authored by Simon Cornet's avatar Simon Cornet
Browse files

feat: remove static routes

parent 55395d53

defaults/main.yaml

+0 −3
Original line number Diff line number Diff line
@@ -7,9 +7,6 @@ lan_interface: "eth1" 
# nat rules

nat_port_forwards: []



# static routes

static_routes: []



# incoming firewall rules

incoming_firewall_rules: []

handlers/main.yaml

+0 −9
Original line number Diff line number Diff line
@@ -5,12 +5,3 @@ 
  ansible.builtin.service:

    name: "nftables"

    state: "restarted"
 


# apply local routes

- name: "apply routes - add static routes"

  ansible.builtin.shell:

    cmd: |

      {% for route in static_routes %}

      ip route replace {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}{{ ' metric ' + route.metric if route.metric is defined else '' }}

      {% endfor %}

  when: "static_routes | length > 0"

readme.md

+0 −20
Original line number Diff line number Diff line
@@ -26,26 +26,6 @@ wan_interface: "eth0" 
lan_interface: "eth1"

```



### Static Routes



```yaml

static_routes:



  - name: "route to internal network 10.0.0.0/8 via 192.168.1.1"

    destination: "10.0.0.0/8"

    gateway: "192.168.1.1"



  - name: "route to dmz with custom metric"

    destination: "172.16.0.0/12"

    gateway: "192.168.1.254"

    metric: 100



  - name: "route with specific interface"

    destination: "192.168.100.0/24"

    gateway: "192.168.1.1"

    interface: "eth1"

```



### Incoming Firewall Rules



```yaml

tasks/routing.yaml

+0 −20
Original line number Diff line number Diff line
@@ -34,23 +34,3 @@ 
      value: "0"

    - name: "net.ipv4.conf.all.log_martians"

      value: "0"
 


# configure static routes

- name: "routing - static routes"

  ansible.builtin.blockinfile:

    path: "/etc/network/interfaces"

    marker: "  # {mark} ANSIBLE MANAGED STATIC ROUTES"

    block: |

      {% for route in static_routes %}

        # {{ route.name }}

        {% if route.metric is defined %}

        down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}

        up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}

        {% else %}

        down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}

        up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}

        {% endif %}

      {% endfor %}

    insertafter: "^iface {{ lan_interface }} inet.*\\n(\\s+.*\\n)*\\s+netmask"

    state: "{{ 'present' if static_routes | length > 0 else 'absent' }}"

  notify: "apply routes"