1 files changed, 30 insertions, 67 deletions

diff --git a/ansible/roles/lxc-host/tasks/networkd.yml b/ansible/roles/lxc-host/tasks/networkd.yml
index 41ddb3f..f7ae410 100644
--- a/ansible/roles/lxc-host/tasks/networkd.yml
+++ b/ansible/roles/lxc-host/tasks/networkd.yml
@@ -3,59 +3,20 @@
     - lxc-host-network
   become: yes
   vars:
-    hardware_if: "{{ host_database | json_query(ansible_hostname + '.interfaces.' + lxc_host__hardware_if) }}"
+    file_prefix: "/etc/systemd/network/{{ lxc_host__networkd_number }}-lxc-host"
     br_if: "{{ lxc_host__br_if }}"
-    internal_if: "{{ host_database | json_query(ansible_hostname + '.interfaces.' + lxc_host__internal_if) }}"
+    internal_if: "{{ host_database[ansible_hostname].interfaces[lxc_host__internal_if] }}"
   block:
-    - debug: var=hardware_if
     - debug: var=br_if
     - debug: var=internal_if
 
     - name: Configure sysctl, enable ipv4 and ipv6 forwarding
-      become: yes
-      copy:
-        dest: /etc/sysctl.d/99-lxc-host.conf
-        content: |
-          net.ipv4.ip_forward=1
-          net.ipv6.conf.all.forwarding=1
-      notify: restart sysctl
-
-    - name: Enable UFW
-      become: yes
-      ufw:
-        state: enabled
-
-    - become: yes
-      ufw:
-        policy: allow
-        direction: outgoing
-
-    - become: yes
-      ufw:
-        policy: allow
-        direction: routed
-
-    - become: yes
-      ufw:
-        policy: deny
-        direction: incoming
-
-    - name: Enable NAT configuration through UFW
-      become: yes
-      notify: reload ufw
-      blockinfile:
-        path: /etc/ufw/before.rules
-        insertbefore: "# Don't delete these required lines, otherwise there will be errors"
-        block: |
-          # NAT table rules
-          *nat
-          :POSTROUTING ACCEPT [0:0]
-
-          # Forward traffic through eth0 - Change to match you out-interface
-          -A POSTROUTING -s {{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }} -o {{ lxc_host__hardware_if }} -j MASQUERADE
-
-          # don't delete the 'COMMIT' line or these nat table rules won't be processed
-          COMMIT
+      sysctl:
+        name: "{{ item }}"
+        value: 1
+      with_items:
+        - net.ipv4.ip_forward
+        - net.ipv6.conf.all.forwarding
 
     - name: enable systemd-networkd
       service:
@@ -63,31 +24,31 @@
         enabled: yes
         state: started
 
-    - name: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network"
+#    - name: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network"
+#      notify: systemctl restart systemd-networkd
+#      copy:
+#        dest: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network"
+#        content: |
+#          [Match]
+#          Name={{ lxc_host__hardware_if }}
+#
+#          [Network]
+#          Address={{ hardware_if.ipv4.address }}/{{ hardware_if.ipv4.netmask }}
+#          Gateway={{ hardware_if.ipv4.gateway }}
+
+    - name: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
       notify: systemctl restart systemd-networkd
       copy:
-        dest: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network"
-        content: |
-          [Match]
-          Name={{ lxc_host__hardware_if }}
-
-          [Network]
-          Address={{ hardware_if.ipv4.address }}/{{ hardware_if.ipv4.netmask }}
-          Gateway={{ hardware_if.ipv4.gateway }}
-
-    - name: "/etc/systemd/network/50-1-lxc-host-{{ lxc_host__internal_if }}.netdev"
-      notify: systemctl restart systemd-networkd
-      copy:
-        dest: "/etc/systemd/network/50-1-lxc-host-{{ lxc_host__internal_if }}.netdev"
+        dest: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
         content: |
           [NetDev]
           Name={{ lxc_host__internal_if }}
           Kind=dummy
 
-    - name: "/etc/systemd/network/50-2-lxc-host-{{ lxc_host__internal_if }}.network"
+    - name: "{{ file_prefix }}-2-{{ lxc_host__internal_if }}.network"
       notify: systemctl restart systemd-networkd
       copy:
-        dest: "/etc/systemd/network/50-2-lxc-host-{{ lxc_host__internal_if }}.network"
+        dest: "{{ file_prefix }}-2-{{ lxc_host__internal_if }}.network"
         content: |
           [Match]
           Name={{ lxc_host__internal_if }}
@@ -95,25 +56,27 @@
           [Network]
           Bridge={{ br_if }}
 
-    - name: "/etc/systemd/network/50-3-lxc-host-{{ br_if }}.netdev"
+    - name: "{{ file_prefix }}-3-{{ br_if }}.netdev"
       notify: systemctl restart systemd-networkd
       copy:
-        dest: "/etc/systemd/network/50-3-lxc-host-{{ br_if }}.netdev"
+        dest: "{{ file_prefix }}-3-{{ br_if }}.netdev"
         content: |
           [NetDev]
           Name={{ br_if }}
           Kind=bridge
 
-    - name: "/etc/systemd/network/50-4-lxc-host-{{ br_if }}.network"
+    - name: "{{ file_prefix }}-4-{{ br_if }}.network"
       notify: systemctl restart systemd-networkd
       copy:
-        dest: "/etc/systemd/network/50-4-lxc-host-{{ br_if }}.network"
+        dest: "{{ file_prefix }}-4-{{ br_if }}.network"
         content: |
           [Match]
           Name={{ br_if }}
 
           [Network]
+          {% if internal_if.ipv4 is defined %}
           Address={{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }}
+          {% endif %}
           {% if internal_if.ipv6 is defined %}
           Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }}
           {% endif %}