aboutsummaryrefslogtreecommitdiff
path: root/roles/network/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/network/tasks')
-rw-r--r--roles/network/tasks/dns.yaml14
-rw-r--r--roles/network/tasks/main.yaml11
-rw-r--r--roles/network/tasks/misc.yaml12
-rw-r--r--roles/network/tasks/vlans.yaml39
-rw-r--r--roles/network/tasks/vps.yaml0
5 files changed, 76 insertions, 0 deletions
diff --git a/roles/network/tasks/dns.yaml b/roles/network/tasks/dns.yaml
new file mode 100644
index 0000000..f80ec45
--- /dev/null
+++ b/roles/network/tasks/dns.yaml
@@ -0,0 +1,14 @@
+---
+- name: Ensure NetworkManager is installed
+ dnf:
+ name: NetworkManager
+ state: latest
+
+ become: true
+- name: Set DNS to Router
+ community.general.nmcli:
+ conn_name: "{{ ansible_default_ipv4.interface }}"
+ state: present
+ dns4:
+ - "{{ network.gateway }}"
+ become: true
diff --git a/roles/network/tasks/main.yaml b/roles/network/tasks/main.yaml
new file mode 100644
index 0000000..626197b
--- /dev/null
+++ b/roles/network/tasks/main.yaml
@@ -0,0 +1,11 @@
+- name: Setup VLANs
+ import_tasks: vlans.yaml
+ when: inventory_hostname in groups["router"] and network.router.enabled
+
+- name: Setup DNS
+ import_tasks: dns.yaml
+ when: inventory_hostname in groups["servers"]
+
+- name: Misc Print
+ import_tasks: misc.yaml
+
diff --git a/roles/network/tasks/misc.yaml b/roles/network/tasks/misc.yaml
new file mode 100644
index 0000000..bf9cb47
--- /dev/null
+++ b/roles/network/tasks/misc.yaml
@@ -0,0 +1,12 @@
+- name: Print Tomato Setup
+ debug:
+ msg: "To complete the rest of the setup, setup the upstream DNS on the router. Also disable DNS rebind protection. Don't forget to add the bridges to the router's DNSMASQ configuration in the form interface=brXX
+ Setup the following iptables on altaria:\n
+ -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.2
+-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.2
+-A PREROUTING -d 137.184.95.59/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.2
+-A PREROUTING -d 137.184.95.59/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.2
+-A PREROUTING -d 137.184.95.59/32 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 10.0.0.2:30022
+"
+ delegate_to: localhost
+ run_once: true
diff --git a/roles/network/tasks/vlans.yaml b/roles/network/tasks/vlans.yaml
new file mode 100644
index 0000000..f71d1e4
--- /dev/null
+++ b/roles/network/tasks/vlans.yaml
@@ -0,0 +1,39 @@
+- name: Add VLAN configuration
+ ansible.builtin.raw: "robocfg vlan {{ item }} ports '1t 5t'"
+ loop: "{{ network.vlans }}"
+
+- name: Bind VLANs to eth0
+ ansible.builtin.raw: "vconfig add eth0 {{ item }}"
+ loop: "{{ network.vlans }}"
+ ignore_errors: true
+
+- name: Bring VLANs up
+ ansible.builtin.raw: "ip link set dev vlan{{ item }} up"
+ loop: "{{ network.vlans }}"
+
+- name: Create bridges
+ ansible.builtin.raw: "brctl addbr br{{ item }}"
+ loop: "{{ network.vlans }}"
+ ignore_errors: true
+
+- name: Add vlans to bridges
+ ansible.builtin.raw: "brctl addif br{{ item }} vlan{{ item }}"
+ loop: "{{ network.vlans }}"
+ ignore_errors: true
+
+- name: Setup IP Ranges for VLANs
+ ansible.builtin.raw: "ip addr add 192.168.{{ item }}.1/24 dev br{{ item }}"
+ loop: "{{ network.vlans }}"
+ ignore_errors: true
+
+- name: Bring bridges up
+ ansible.builtin.raw: "ip link set dev br{{ item }} up"
+ loop: "{{ network.vlans }}"
+
+- name: Allow INPUT from bridges #This allows packets to reach the router
+ ansible.builtin.raw: "iptables -A INPUT -i br{{ item }} -j ACCEPT"
+ loop: "{{ network.vlans }}"
+
+- name: Allow INPUT from bridges #This allows packets to be forwarded to other interfaces
+ ansible.builtin.raw: "iptables -A FORWARD -i br{{ item }} -j ACCEPT"
+ loop: "{{ network.vlans }}"
diff --git a/roles/network/tasks/vps.yaml b/roles/network/tasks/vps.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/network/tasks/vps.yaml
generated by cgit (git 2.34.1) at 2025-09-07 10:44:20 +0000