Initial commit, squashed

2023-12-18 11:22:14 +01:00 · 2023-12-18 11:22:14 +01:00 · 158e8740b8
commit 158e8740b8
83 changed files with 2718 additions and 0 deletions
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@ -0,0 +1,64 @@
+- name: Update package cache
+  package:
+    update_cache: yes
+
+- name: Install packages
+  package:
+    name: bash,bonding,iproute2
+    state: latest
+
+- name: Tell mdev to rename network interfaces
+  lineinfile:
+    path: /etc/mdev.conf
+    line: '-net/.* root:root 600 @/sbin/nameif -s'
+    insertafter: '^# net devices'
+  notify: mkinitfs
+
+- name: Configure interface names
+  template:
+    dest: /etc/mactab
+    src: mactab.j2
+    mode: 0644
+
+- name: Create /etc/network/interfaces.d
+  file:
+    path: /etc/network/interfaces.d
+    state: directory
+    mode: 0755
+
+- name: Set up interfaces
+  template:
+    dest: /etc/network/interfaces
+    src: interfaces.j2
+    mode: 0644
+  notify: enable interfaces
+
+- name: Set up management interfaces
+  import_tasks: mgmt.yml
+
+- name: Set up data interfaces
+  template:
+    dest: /etc/network/interfaces.d/fabric.intf
+    src: fabric.intf.j2
+    mode: 0644
+  notify: enable interfaces
+
+- name: Set up sysctls
+  template:
+    dest: /etc/sysctl.d/firewall.conf
+    src: sysctl.conf.j2
+
+- name: Set up FRR
+  import_tasks: frr.yml
+
+- name: Set up wireguard
+  import_tasks: wireguard.yml
+
+- name: Set up nftables
+  import_tasks: nftables.yml
+
+- name: Set up conntrackd
+  import_tasks: conntrackd.yml
+
+- name: Set up configuration channel
+  import_tasks: config.yml