freifunk/Ansible-Configuration Changeset - 310348fbc682 · Chaos Computer Club Lëtzebuerg Projects

Changeset - 310348fbc682

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 21 months ago 2023-08-24 02:08:05
xbr@c3l.lu

feat: add br_netfilter as a persistent module

1 file changed with 1 insertions and 1 deletions:

gateway/initial_gw_setup.yml

0 comments (0 inline, 0 general)

gateway/initial_gw_setup.yml

➞

Show inline comments

@@ @@ -5,97 +5,97 @@ @@
   become_method: ansible.builtin.sudo
   tasks:
     # Update packages
     - name: Update all packages to their latest version
       ansible.builtin.apt:
         update_cache: true
         upgrade: "yes"
       tags: update
     - name: Install a list of packages
       ansible.builtin.apt:
         update_cache: true
         pkg:
           - git
           - bridge-utils
           - ntp
           - dnsmasq
           - iptables-persistent
           - openvpn
           - fastd
           - build-essential
           - pkg-config
           - checkinstall
           - libnl-3-dev
           - libnl-genl-3-dev
           - linux-headers-amd64
           - dkms
           - lsb-release
           - ethtool
           - python3
           - wget # for fastd-blacklist
       tags: update
     - name: Add the routing table for freifunk
       ansible.builtin.blockinfile:
         path: /etc/iproute2/rt_tables
         backup: true
         block: |
           # freifunk
 lux
 icvpn
 vpn
       tags: config
     # Modules
     - name: Load `br_netfilter` kernel module
       community.general.modprobe:
         name: "br_netfilter"
-        persistent: "disabled" # Initially just a modprobe? I don't understand why
+        persistent: "present"
         state: "present"
     - name: Add `nf_conntrack` to modules
       community.general.modprobe:
         name: "nf_conntrack"
         state: "present"
         persistent: "present"
       tags: config
     # Sysctl
     - name: Add the freifunk settings to sysctl config
       ansible.builtin.blockinfile:
         path: /etc/sysctl.conf
         block: |
           # Freifunk specific settings
           net.ipv4.ip_forward=1
           net.ipv4.icmp_errors_use_inbound_ifaddr=1
           net.bridge.bridge-nf-call-arptables = 0
           net.bridge.bridge-nf-call-ip6tables = 0
           net.bridge.bridge-nf-call-iptables = 0
           net.ipv6.conf.all.forwarding=1
           net.ipv6.conf.all.autoconf = 1
           net.ipv6.conf.default.autoconf = 0
           net.ipv6.conf.eth0.autoconf = 1
           net.ipv6.conf.all.accept_ra = 1
           net.ipv6.conf.default.accept_ra = 0
           net.ipv6.conf.eth0.accept_ra = 1
           net.ipv4.conf.default.rp_filter = 2
       tags: config
     - name: Reload sysctl config
       ansible.builtin.shell: sysctl -p /etc/sysctl.conf
       tags: config
     # Basic networking
     - name: Setup network interfaces (bridge + bat0)
       ansible.builtin.template:
         src: "{{ server_config_dir }}/interface/freifunk.j2"
         dest: /etc/network/interfaces.d/freifunk
         owner: root
         group: root
         mode: "0644"
       tags: config
     - name: Pull up new interfaces
       ansible.builtin.command: /usr/sbin/ifup -a
       tags: config

0 comments (0 inline, 0 general)