From 99ce768a7d6fe9e828caf932554c4e095c1d00b2 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Fri, 11 Jan 2019 07:45:58 +0100
Subject: lxc-host: Moving to its own playbook. Adding arius-test1. Only
 configuring ipv4/6 forwarding for the created interface. Adding configurable
 ipv6 address too. wireguard: Tagging old nets with never. nftables: Trying
 out portforwarding on arius.

---
 ansible/roles/lxc-host/tasks/networkd.yml | 30 ++++++++++--------------------
 ansible/roles/lxc-host/tasks/per-host.yml |  3 +++
 2 files changed, 13 insertions(+), 20 deletions(-)

(limited to 'ansible/roles/lxc-host')

diff --git a/ansible/roles/lxc-host/tasks/networkd.yml b/ansible/roles/lxc-host/tasks/networkd.yml
index f7ae410..526fc29 100644
--- a/ansible/roles/lxc-host/tasks/networkd.yml
+++ b/ansible/roles/lxc-host/tasks/networkd.yml
@@ -10,32 +10,12 @@
     - debug: var=br_if
     - debug: var=internal_if
 
-    - name: Configure sysctl, enable ipv4 and ipv6 forwarding
-      sysctl:
-        name: "{{ item }}"
-        value: 1
-      with_items:
-        - net.ipv4.ip_forward
-        - net.ipv6.conf.all.forwarding
-
     - name: enable systemd-networkd
       service:
         name: systemd-networkd
         enabled: yes
         state: started
 
-#    - name: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network"
-#      notify: systemctl restart systemd-networkd
-#      copy:
-#        dest: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network"
-#        content: |
-#          [Match]
-#          Name={{ lxc_host__hardware_if }}
-#
-#          [Network]
-#          Address={{ hardware_if.ipv4.address }}/{{ hardware_if.ipv4.netmask }}
-#          Gateway={{ hardware_if.ipv4.gateway }}
-
     - name: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
       notify: systemctl restart systemd-networkd
       copy:
@@ -80,3 +60,13 @@
           {% if internal_if.ipv6 is defined %}
           Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }}
           {% endif %}
+
+    - meta: flush_handlers
+
+    - name: Configure sysctl, enable ipv4 and ipv6 forwarding for {{ br_if }}
+      sysctl:
+        name: "{{ item }}"
+        value: 1
+      with_items:
+        - net.ipv4.conf.{{ br_if }}.forwarding
+        - net.ipv6.conf.{{ br_if }}.forwarding
diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml
index 3bc9d24..ca33685 100644
--- a/ansible/roles/lxc-host/tasks/per-host.yml
+++ b/ansible/roles/lxc-host/tasks/per-host.yml
@@ -60,6 +60,9 @@
           {% if lan.ipv6 is defined %}
           lxc.net.0.ipv6.address = {{ lan.ipv6.address }}/{{ lan.ipv6.netmask }}
           {% endif %}
+          {% if lan.ipv6.gateway is defined %}
+          lxc.net.0.ipv6.gateway = {{ lan.ipv6.gateway }}
+          {% endif %}
 
           # 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, and 8 = fatal.
           lxc.log.level = 1
-- 
cgit v1.2.3