dch-gw: Initial commit
The *dch-gw* role, and the corresponding `dch-gw.yml` playbook, apply all of the necessary configuration to the edge router on my home network.
This commit is contained in:
39
roles/dch-gw/tasks/main.yml
Normal file
39
roles/dch-gw/tasks/main.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
- name: ensure outside-address dhcpcd hook is installed
|
||||
copy:
|
||||
src=outside-address.dhcpcd-hook
|
||||
dest=/usr/libexec/dhcpcd-hooks/10-outside-address
|
||||
mode=0444
|
||||
notify: rebind dhcp leases
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: ensure ipv4 forwarding is enabled
|
||||
sysctl:
|
||||
name=net.ipv4.conf.all.forwarding
|
||||
value=1
|
||||
sysctl_file=/etc/sysctl.d/ip-forwarding.conf
|
||||
state=present
|
||||
- name: ensure ipv6 forwarding is enabled
|
||||
sysctl:
|
||||
name=net.ipv6.conf.all.forwarding
|
||||
value=1
|
||||
sysctl_file=/etc/sysctl.d/ip-forwarding.conf
|
||||
state=present
|
||||
|
||||
- name: ensure ipv4 nat rules are configured
|
||||
copy:
|
||||
src=ipv4-nat.nft
|
||||
dest=/etc/nftables/ruleset.d/10_ipv4-nat.nft
|
||||
mode=0644
|
||||
notify: reload nftables
|
||||
- name: ensure port forwards are configured
|
||||
template:
|
||||
src=port-forwards.nft.j2
|
||||
dest=/etc/nftables/ruleset.d/70_port-forwards.nft
|
||||
mode=0644
|
||||
notify: reload nftables
|
||||
- name: ensure ip masquerading is configured
|
||||
template:
|
||||
src=masquerade.nft.j2
|
||||
dest=/etc/nftables/ruleset.d/90_masquerade.nft
|
||||
mode=0644
|
||||
notify: reload nftables
|
||||
Reference in New Issue
Block a user