the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Decouple bridge from wireguard role

Browse Source
This commit is contained in:
Wojciech Kozlowski 2022-12-20 19:40:33 +01:00
parent c470ff8b86
commit abeaf9fe37
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
host_vars/yggdrasil/vars.yml
View File

@ -32,6 +32,11 @@ vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}" vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
vpn_wireguard_routing_table: 66 vpn_wireguard_routing_table: 66
# --------------------------------------------------------------------------------------------------
# vpn:bridge
# --------------------------------------------------------------------------------------------------
vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# backups:snapshots # backups:snapshots
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------

7
playbooks/roles/vpn/bridge/meta/argument_specs.yml
View File

@ -22,9 +22,6 @@ argument_specs:
vpn_bridge_netmask: vpn_bridge_netmask:
type: "str" type: "str"
required: true required: true
vpn_wireguard_role: vpn_bridge_routing_table:
type: "str"
required: true
vpn_wireguard_routing_table:
type: "int" type: "int"
required: "{{ vpn_wireguard_role == 'client' }}" required: false

8
playbooks/roles/vpn/bridge/templates/br0.j2
View File

@ -4,14 +4,14 @@ iface br0 inet static
post-up /usr/local/sbin/post-up-$IFACE-inet.nft post-up /usr/local/sbin/post-up-$IFACE-inet.nft
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
{% if vpn_wireguard_role == "client" %} {% if vpn_bridge_routing_table is defined %}
post-up ip rule add dev $IFACE table {{ vpn_wireguard_routing_table }} post-up ip rule add dev $IFACE table {{ vpn_bridge_routing_table }}
post-up ip rule add dev $IFACE to {{ local_network }} table main priority 1 post-up ip rule add dev $IFACE to {{ local_network }} table main priority 1
{% endif %} {% endif %}
{% if vpn_wireguard_role == "client" %} {% if vpn_bridge_routing_table is defined %}
pre-down ip rule del dev $IFACE to {{ local_network }} table main priority 1 pre-down ip rule del dev $IFACE to {{ local_network }} table main priority 1
pre-down ip rule del dev $IFACE table {{ vpn_wireguard_routing_table }} pre-down ip rule del dev $IFACE table {{ vpn_bridge_routing_table }}
{% endif %} {% endif %}
pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft