the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Move all veth interfaces to IPv6

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-07-29 14:38:57 +02:00
parent ab683be7f7
commit b32142d4c7
33 changed files with 80 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inventory/group_vars/asgard/vars.yml
View File

@ -109,4 +109,5 @@ services:
# --------------------------------------------------------------------------------------------------
# services:user_setup
# --------------------------------------------------------------------------------------------------
services_bridge_gateway: "{{ vpn_bridge_address }}"
services_bridge_inet_gateway: "{{ vpn_bridge_inet_address }}"
services_bridge_inet6_gateway: "{{ vpn_bridge_inet6_address }}"

2
playbooks/files/services/deploy/lrproxy/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name archive.music.wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name archive.music.wojciechkozlowski.eu;

2
playbooks/files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name cloud.wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name cloud.wojciechkozlowski.eu;

2
playbooks/files/services/deploy/lrproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name git.wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name git.wojciechkozlowski.eu;

2
playbooks/files/services/deploy/lrproxy/nginx-conf.d/music.wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name music.wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name music.wojciechkozlowski.eu;

2
playbooks/files/services/deploy/lrproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name notes.wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name notes.wojciechkozlowski.eu;

2
playbooks/files/services/deploy/lrproxy/stream.conf
View File

@ -11,7 +11,7 @@ stream {
}
upstream lrproxy {
server 127.0.0.1:443;
server localhost:443;
}
server {

1
playbooks/files/services/deploy/rproxy/nginx-conf.d/http-default.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name _;

2
playbooks/files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name wojciechkozlowski.eu;

2
playbooks/files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf
View File

@ -1,4 +1,5 @@
server {
listen [::]:80;
listen 80;
server_name www.wojciechkozlowski.eu;
@ -13,6 +14,7 @@ server {
}
server {
listen [::1]:443 ssl;
listen 127.0.0.1:443 ssl;
server_name www.wojciechkozlowski.eu;

2
playbooks/files/services/deploy/rproxy/stream.conf
View File

@ -7,7 +7,7 @@ stream {
}
upstream rproxy {
server 127.0.0.1:443;
server localhost:443;
}
upstream lrproxy {

1
playbooks/files/system/base/logs/asgard
View File

@ -1,3 +1,4 @@
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ conmon\[[0-9]+\]: .*$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ restic-batch\[[0-9]+\]: Backing up [-_[:alnum:]]+$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Podman auto-update service|Pod service auto-update service|Prune dangling podman images|Backup snapshots using restic)\.$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: var-lib-containers-storage-overlay\.mount: Succeeded\.$

4
playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-cron.service
View File

@ -20,8 +20,10 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \

4
playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service
View File

@ -20,8 +20,10 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \

1
playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nginx.service
View File

@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \

1
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-cloud up)" ] ; do echo "veth-cloud is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id
PIDFile=%t/pod-cloud.pid

1
playbooks/roles/services/deploy/database/templates/systemd/container-database-postgres.service
View File

@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-database.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/database.password:/run/secrets/database.password:ro \

1
playbooks/roles/services/deploy/database/templates/systemd/pod-database.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-database up)" ] ; do echo "veth-database is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
PIDFile=%t/pod-database.pid

4
playbooks/roles/services/deploy/git/templates/systemd/container-git-gitea.service
View File

@ -19,8 +19,10 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-git.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \

1
playbooks/roles/services/deploy/git/templates/systemd/pod-git.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-git up)" ] ; do echo "veth-git is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
PIDFile=%t/pod-git.pid

1
playbooks/roles/services/deploy/music/templates/systemd/container-music-archive.service
View File

@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-music.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-music/archive/_data:/data \

1
playbooks/roles/services/deploy/music/templates/systemd/container-music-collection.service
View File

@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-music.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-music/collection/_data:/data \

1
playbooks/roles/services/deploy/music/templates/systemd/pod-music.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-music.pid %t/pod-music.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-music.pid --pod-id-file %t/pod-music.pod-id --name=music --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-music.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" music) > {{ services_containers_directory }}/pod-music/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-music up)" ] ; do echo "veth-music is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-music.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-music.pod-id
PIDFile=%t/pod-music.pid

4
playbooks/roles/services/deploy/notes/templates/systemd/container-notes-joplin.service
View File

@ -20,8 +20,10 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-notes.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \

1
playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-notes up)" ] ; do echo "veth-notes is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id
PIDFile=%t/pod-notes.pid

4
playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service
View File

@ -19,8 +19,10 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
{{ services_rproxy_nginx_add_hosts }} \
{{ services_rproxy_nginx_add_inet_hosts }} \
{{ services_rproxy_nginx_add_inet6_hosts }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \

1
playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ service
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-{{ services_service_name }} up)" ] ; do echo "veth-{{ services_service_name }} is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id
PIDFile=%t/pod-{{ services_service_name }}.pid

10
playbooks/roles/services/deploy/rproxy/vars/nginx.yml
View File

@ -1,7 +1,13 @@
---
services_rproxy_nginx_add_hosts: "\
services_rproxy_nginx_add_inet_hosts: "\
{% set add_host_list = [] %}\
{% for service in ( services_all_services | dict2items ) %}\
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.address) }}\
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet_address) }}\
{% endfor %}\
{{ add_host_list | join(' ') }}"
services_rproxy_nginx_add_inet6_hosts: "\
{% set add_host_list = [] %}\
{% for service in ( services_all_services | dict2items ) %}\
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet6_address) }}\
{% endfor %}\
{{ add_host_list | join(' ') }}"

1
playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service
View File

@ -20,6 +20,7 @@ ExecStart=/usr/bin/podman run \
%t/pod-www.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \

1
playbooks/roles/services/deploy/www/templates/systemd/pod-www.service
View File

@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile'
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-www up)" ] ; do echo "veth-www is not ready yet" && sleep 1 ; done'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id
PIDFile=%t/pod-www.pid

5
playbooks/roles/services/setup/user/meta/argument_specs.yml
View File

@ -24,6 +24,9 @@ argument_specs:
type: "dict"
elem: "dict"
required: true
services_bridge_gateway:
services_bridge_inet_gateway:
type: "str"
required: true
services_bridge_inet6_gateway:
type: "str"
required: true

5
playbooks/roles/services/setup/user/tasks/include/veth.yml
View File

@ -15,7 +15,10 @@
fi'
vars:
services_service_iface_name: "veth-{{ services_service_name }}"
services_service_iface_address: "{{ services_host_services[services_service_name].address }}"
services_service_iface_inet_address: "\
{{ services_host_services[services_service_name].inet_address }}"
services_service_iface_inet6_address: "\
{{ services_host_services[services_service_name].inet6_address }}"
- name: "{{ services_service_name }} : veth : enable the path trigger"
ansible.builtin.systemd:

24
playbooks/roles/services/setup/user/templates/veth/interface
View File

@ -1,17 +1,27 @@
iface {{ services_service_iface_name }} inet manual
iface {{ services_service_iface_name }} inet6 manual
pre-up mkdir -p /run/netns
pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }}
pre-up ip link set $IFACE master br0
post-up ip -n {{ services_service_user_name }} link set veth0 up
post-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_address }}/24 dev veth0
post-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_gateway }} dev veth0
pre-up ip -n {{ services_service_user_name }} link set veth0 up
pre-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_gateway }} dev veth0
pre-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_address }}/24 dev veth0
pre-down ip -n {{ services_service_user_name }} link set veth0 down
pre-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_inet_address }}/24 dev veth0
pre-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_inet_gateway }} dev veth0
pre-up ip -6 -n {{ services_service_user_name }} address add {{ services_service_iface_inet6_address }}/64 dev veth0 nodad
pre-up ip -6 -n {{ services_service_user_name }} route add default via {{ services_bridge_inet6_gateway }} dev veth0
post-down rm {{ services_service_user_containers }}/veth0
post-down ip -6 -n {{ services_service_user_name }} route del default via {{ services_bridge_inet6_gateway }} dev veth0
post-down ip -6 -n {{ services_service_user_name }} address del {{ services_service_iface_inet6_address }}/64 dev veth0
post-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_inet_gateway }} dev veth0
post-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_inet_address }}/24 dev veth0
post-down ip -n {{ services_service_user_name }} link set veth0 down
post-down ip link set $IFACE nomaster
post-down ip link del dev $IFACE