alpine: add support for VRF interfaces

Mostly so we can merge the firewall role from the network repo, there
aren’t any other current users.

roles/alpine/templates/interfaces.j2

@@ -5,6 +5,16 @@ iface lo
 
 {% endif -%}
 
+{# Define VRFs. #}
+{% for vrf in interfaces | selectattr("vrf") | map(attribute="vrf.name") %}
+auto {{ vrf }}
+iface {{ vrf }}
+    pre-up ip link add $IFACE type vrf table {{ 100 + loop.index }}
+    up ip link set dev $IFACE up
+    post-down ip link del $IFACE
+
+{% endfor -%}
+
 {# Skip disabled and OOB management interfaces. #}
 {# For VMs we have to set the attribute manually (to false) so rejectattr works. #}
 {% for iface in interfaces
@@ -13,6 +23,10 @@ iface lo
     | selectattr('enabled') %}
 auto {{ iface.name }}
 iface {{ iface.name }}
+{% if iface.vrf %}
+    requires {{ iface.vrf.name }}
+    pre-up ip link set $IFACE master {{ iface.vrf.name }}
+{% endif %}
 {% if iface.mtu %}
     mtu {{ iface.mtu }}
 {% endif %}
@@ -23,9 +37,13 @@ iface {{ iface.name }}
 {% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
 {% set gateway = prefix.custom_fields.gateway.address %}
 {% if gateway is defined and gateway != address.address %}
+{% if iface.vrf %}
+    up ip route add default via {{ gateway | ipaddr('address') }} {% if iface.vrf.name %}vrf {{ iface.vrf.name }}{% endif +%}
+{% else %}
     gateway {{ gateway | ipaddr('address') }}
 {% endif %}
 {% endif %}
+{% endif %}
 {% endfor -%}
 
 {# disable SLAAC if we have a manually set IPv6 address #}