94 lines
2.4 KiB
YAML
94 lines
2.4 KiB
YAML
---
|
|
|
|
# remove cosmos VPN
|
|
- name: remove cosmos openvpn profile
|
|
shell: |
|
|
systemctl stop openvpn-client@cosmos-client.service
|
|
systemctl disable openvpn-client@cosmos-client.service
|
|
systemctl daemon-reload
|
|
|
|
- name: Install Packages
|
|
apt:
|
|
name:
|
|
- bridge-utils
|
|
state: present
|
|
|
|
- name: get current interface name
|
|
shell: cat /etc/network/interfaces | grep iface | grep -v loopback | awk '{print $2}'
|
|
register: current_iface_output
|
|
|
|
- name: set current_iface
|
|
set_fact:
|
|
current_iface: '{{ current_iface_output.stdout_lines[0] }}'
|
|
|
|
- name: display interface name
|
|
debug:
|
|
msg: "Current interface is {{ current_iface }}"
|
|
|
|
- name: update interfaces file
|
|
block:
|
|
|
|
- name: backup original interfaces file
|
|
shell: "cp /etc/network/interfaces /opt/interfaces-backup"
|
|
|
|
- name: Comment out allow-hotplug line for main interface
|
|
lineinfile:
|
|
dest: /etc/network/interfaces
|
|
regexp: '^#? *allow-hotplug {{ current_iface }}'
|
|
line: '# allow-hotplug {{ current_iface }}'
|
|
backrefs: yes
|
|
|
|
- name: Comment out iface line for main interface
|
|
lineinfile:
|
|
dest: /etc/network/interfaces
|
|
regexp: '^#? *iface {{ current_iface }} inet dhcp'
|
|
line: '# iface {{ current_iface }} inet dhcp'
|
|
backrefs: yes
|
|
|
|
# - name: Create auto iface line for main interface
|
|
# lineinfile:
|
|
# dest: /etc/network/interfaces
|
|
# regexp: '^#? *auto {{ current_iface }}'
|
|
# line: 'auto {{ current_iface }}'
|
|
# backrefs: yes
|
|
#
|
|
# - name: Create iface manual line for main interface
|
|
# lineinfile:
|
|
# dest: /etc/network/interfaces
|
|
# regexp: '^#? *iface {{ current_iface }} inet manual'
|
|
# line: 'iface {{ current_iface }} inet manual'
|
|
# backrefs: yes
|
|
|
|
- name: Create new bridge interface file
|
|
template:
|
|
src: bridge.j2
|
|
dest: /etc/network/interfaces.d/{{ bridge_name }}
|
|
|
|
- name: restart networking
|
|
shell: |
|
|
systemctl daemon-reload
|
|
systemctl restart networking
|
|
|
|
- name: show bridge
|
|
shell: |
|
|
brctl show
|
|
bridge link
|
|
register: bridge_status
|
|
|
|
# enable routing on bridge
|
|
- name: "Enable routing on {{ bridge_name }}"
|
|
shell: "iptables -A FORWARD -i {{ bridge_name }} -o {{ bridge_name }} -j ACCEPT"
|
|
|
|
# Make iptables rules persistent
|
|
- name: Persistence - iptables
|
|
shell: |
|
|
netfilter-persistent save
|
|
netfilter-persistent reload
|
|
|
|
- name: show bridge status
|
|
debug:
|
|
msg:
|
|
- "{{ bridge_status.stdout_lines }}"
|
|
|
|
|
|
... |