Commit 7939bb1b authored by Simon Cornet's avatar Simon Cornet
Browse files

feat: add static routes

parent 3b18a8a1

defaults/main.yaml

+3 −0
Original line number Diff line number Diff line
@@ -6,3 +6,6 @@ lan_interface: "eth1" 


# nat rules

nat_port_forwards: []



# static routes

static_routes: []

handlers/main.yaml

+10 −0
Original line number Diff line number Diff line
@@ -5,3 +5,13 @@ 
  ansible.builtin.service:

    name: "iptables"

    state: "restarted"



# apply local routes

- name: "apply routes"

  ansible.builtin.shell:

    cmd: |

      {% for route in static_routes %}

      ip route replace {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}

      {% endfor %}

  when: "static_routes | length > 0"

  changed_when: false

tasks/performance.yaml

+1 −1
Original line number Diff line number Diff line 
---



# tcp performance tuning

- name: "configure tcp performance settings"

- name: "performance - configure tcp"

  ansible.posix.sysctl:

    name: "{{ item.name }}"

    value: "{{ item.value }}"

tasks/routing.yaml

+23 −3
Original line number Diff line number Diff line 
---



# install iptables

- name: "install iptables"

- name: "routing - install ptables"

  community.general.apk:

    name:

      - "iptables"
@@ -9,7 +9,7 @@ 
    update_cache: true



# enable ipv4 forwarding

- name: "configure ipv4 forwarding"

- name: "routing - configure ipv4 forwarding"

  ansible.posix.sysctl:

    name: "net.ipv4.conf.all.forwarding"

    value: "1"
@@ -18,7 +18,7 @@ 
    reload: false



# disable ipv4 redirects and source routing

- name: "disable ipv4 redirects and source routing"

- name: "routing - disable ipv4 redirects and source routing"

  ansible.posix.sysctl:

    name: "{{ item.name }}"

    value: "{{ item.value }}"
@@ -34,3 +34,23 @@ 
      value: "0"

    - name: "net.ipv4.conf.all.log_martians"

      value: "0"



# configure static routes

- name: "routing - static routes"

  ansible.builtin.blockinfile:

    path: "/etc/network/interfaces"

    marker: "  # {mark} ANSIBLE MANAGED STATIC ROUTES"

    block: |

      {% for route in static_routes %}

      # {{ route.name }}

      {% if route.metric is defined %}

        down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}

        up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}

      {% else %}

        down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}

        up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}

      {% endif %}

      {% endfor %}

    insertafter: "^iface {{ lan_interface }} inet.*\\n(\\s+.*\\n)*\\s+netmask"

    state: "{{ 'present' if static_routes | length > 0 else 'absent' }}"

  notify: "apply routes"