Deconsolidate network setup for proxmox and debian roles

They are just different enough to be annoying.
2024-08-28 12:37:41 +02:00 · 2024-08-28 12:37:41 +02:00 · 211d4bdb9a
commit 211d4bdb9a
parent c3d1a6c4b1
10 changed files with 104 additions and 19 deletions
--- a/roles/debian/files/sshd@mgmt.service
+++ b/roles/debian/files/sshd@mgmt.service
@ -1,16 +0,0 @@
-[Unit]
-Description=OpenBSD Secure Shell server (management VRF)
-After=network.target auditd.service
-
-[Service]
-ExecStartPre=/usr/sbin/sshd -t
-ExecStart=ip vrf exec mgmt /usr/sbin/sshd -f /etc/ssh/sshd_config.mgmt
-ExecReload=/usr/sbin/sshd -t
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-RestartPreventExitStatus=255
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/debian/files/sshd_config.mgmt
+++ b/roles/debian/files/sshd_config.mgmt
@ -1,14 +0,0 @@
-# This is for sshd in management VRF, for ansible and other not-really-OOB stuff.
-PidFile none
-UsePAM no
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Only allow pubkey auth.
-KbdInteractiveAuthentication no
-PasswordAuthentication no
-PermitRootLogin prohibit-password
-
-# Disable what we can.
-AllowTcpForwarding no
-GatewayPorts no
-X11Forwarding no
--- a/roles/debian/templates/10-network.rules.j2
+++ b/roles/debian/templates/10-network.rules.j2
@ -1,3 +0,0 @@
-{% for iface in hostvars[inventory_hostname].interfaces | selectattr('mac_address') %}
-SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="{{ iface.mac_address|lower }}", NAME="{{ iface.name }}"
-{% endfor %}
--- a/roles/debian/templates/ansible.intf.j2
+++ b/roles/debian/templates/ansible.intf.j2
@ -1,31 +0,0 @@
-{% for vrf in interfaces | selectattr('vrf') | map(attribute='vrf.name') | sort | unique %}
-auto {{ vrf }}
-iface {{ vrf }}
-    vrf-table auto
-    address 127.0.0.1/8
-    address ::1/128
-
-{%+ endfor %}
-
-{%- for iface in interfaces | selectattr('enabled') %}
-{% if iface.mgmt_only is not defined or not iface.mgmt_only %}
-auto {{ iface.name }}
-iface {{ iface.name }}{% if iface.name == 'lo' %} inet loopback{% endif +%}
-{% if iface.mtu %}
-    mtu {{ iface.mtu }}
-{% endif %}
-{% if iface.vrf %}
-    vrf {{ iface.vrf.name }}
-{% endif %}
-{% for ip in iface.ip_addresses %}
-    address {{ ip.address }}
-{% set subnet = ip.address | ipaddr('subnet') %}
-{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
-{% set gateway = prefix.custom_fields.gateway.address %}
-{% if gateway is defined %}
-    gateway {{ gateway | ipaddr('address') }}
-{% endif %}
-{% endfor %}
-
-{% endif %}
-{% endfor %}
--- a/roles/debian/templates/resolv.conf.j2
+++ b/roles/debian/templates/resolv.conf.j2
@ -1,4 +0,0 @@
-search {{ domain }}
-{% for server in dns %}
-nameserver {{ server }}
-{% endfor %}