network/roles/firewall/tasks/main.yml

- name: Update package cache
  package:
    update_cache: yes

- name: Install packages
  package:
    name: bash,bonding,iproute2
    state: latest

- name: Tell mdev to rename network interfaces
  lineinfile:
    path: /etc/mdev.conf
    line: '-net/.* root:root 600 @/sbin/nameif -s'
    insertafter: '^# net devices'
  notify: mkinitfs

- name: Configure interface names
  template:
    dest: /etc/mactab
    src: mactab.j2
    mode: 0644

- name: Create /etc/network/interfaces.d
  file:
    path: /etc/network/interfaces.d
    state: directory
    mode: 0755

- name: Set up interfaces
  template:
    dest: /etc/network/interfaces
    src: interfaces.j2
    mode: 0644
  notify: enable interfaces

- name: Set up management interfaces
  import_tasks: mgmt.yml

- name: Set up data interfaces
  template:
    dest: /etc/network/interfaces.d/fabric.intf
    src: fabric.intf.j2
    mode: 0644
  notify: enable interfaces

- name: Set up sysctls
  template:
    dest: /etc/sysctl.d/firewall.conf
    src: sysctl.conf.j2

- name: Set up FRR
  import_tasks: frr.yml

- name: Set up wireguard
  import_tasks: wireguard.yml

- name: Set up nftables
  import_tasks: nftables.yml

- name: Set up conntrackd
  import_tasks: conntrackd.yml

- name: Set up configuration channel
  import_tasks: config.yml
Initial commit, squashed 2023-12-18 10:22:14 +00:00			`- name: Update package cache`
			`package:`
			`update_cache: yes`

			`- name: Install packages`
			`package:`
			`name: bash,bonding,iproute2`
			`state: latest`

			`- name: Tell mdev to rename network interfaces`
			`lineinfile:`
			`path: /etc/mdev.conf`
			`line: '-net/.* root:root 600 @/sbin/nameif -s'`
			`insertafter: '^# net devices'`
			`notify: mkinitfs`

			`- name: Configure interface names`
			`template:`
			`dest: /etc/mactab`
			`src: mactab.j2`
			`mode: 0644`

			`- name: Create /etc/network/interfaces.d`
			`file:`
			`path: /etc/network/interfaces.d`
			`state: directory`
			`mode: 0755`

			`- name: Set up interfaces`
			`template:`
			`dest: /etc/network/interfaces`
			`src: interfaces.j2`
			`mode: 0644`
			`notify: enable interfaces`

			`- name: Set up management interfaces`
			`import_tasks: mgmt.yml`

			`- name: Set up data interfaces`
			`template:`
			`dest: /etc/network/interfaces.d/fabric.intf`
			`src: fabric.intf.j2`
			`mode: 0644`
			`notify: enable interfaces`

			`- name: Set up sysctls`
			`template:`
			`dest: /etc/sysctl.d/firewall.conf`
			`src: sysctl.conf.j2`

			`- name: Set up FRR`
			`import_tasks: frr.yml`

			`- name: Set up wireguard`
			`import_tasks: wireguard.yml`

			`- name: Set up nftables`
			`import_tasks: nftables.yml`

			`- name: Set up conntrackd`
			`import_tasks: conntrackd.yml`

			`- name: Set up configuration channel`
			`import_tasks: config.yml`