freifunk/Ansible-Configuration Changeset - 4994e224f8ce · Chaos Computer Club Lëtzebuerg Projects

Changeset - 4994e224f8ce

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 21 months ago 2023-08-15 02:08:50
xbr@c3l.lu

fix: icmp should use correct interface

1 file changed with 1 insertions and 0 deletions:

gateway/initial_gw_setup.yml

0 comments (0 inline, 0 general)

gateway/initial_gw_setup.yml

➞

Show inline comments

@@ @@ -29,96 +29,97 @@ @@
         - openvpn
         - fastd
         - build-essential
         - pkg-config
         - checkinstall
         - libnl-3-dev
         - libnl-genl-3-dev
         - linux-headers-amd64
         - dkms
         - lsb-release
         - ethtool
         - python3
 # Updating all packages to their latest version
     - name: Update all packages to their latest version
       apt:
         name: "*"
         state: latest
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # edit routing tables
     - name: add the routing table ports for freifunk
       blockinfile:
         path: /etc/iproute2/rt_tables
         backup: yes
         block: |
           # freifunk
 lux
 icvpn
 vpn
 # edit rsysctl config
     - name: add the freifunk settings to sysctl config
       blockinfile:
         path: /etc/sysctl.conf
         backup: yes
         block: |
           # Freifunk specific settings
           net.ipv4.ip_forward=1
           net.ipv4.icmp_errors_use_inbound_ifaddr=1
           net.bridge.bridge-nf-call-arptables = 0
           net.bridge.bridge-nf-call-ip6tables = 0
           net.bridge.bridge-nf-call-iptables = 0
           net.ipv6.conf.all.forwarding=1
           net.ipv6.conf.all.autoconf = 1
           net.ipv6.conf.default.autoconf = 0
           net.ipv6.conf.eth0.autoconf = 1
           net.ipv6.conf.all.accept_ra = 1
           net.ipv6.conf.default.accept_ra = 0
           net.ipv6.conf.eth0.accept_ra = 1
           net.ipv4.conf.default.rp_filter = 2
 # load kernel module
     - name: Load kernel module
       become: true
       become_user: root
       shell: modprobe br_netfilter
 # edit the module list
     - name: add nf conntrack to modules
       blockinfile:
         path: /etc/modules
         backup: yes
         block: |
           nf_conntrack
 # reload sysctl config
     - name: Reload sysctl config
       become: true
       become_user: root
       shell: sysctl -p /etc/sysctl.conf
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # create the Freifunk bridge interface file
 # copy default interface file to remote host

0 comments (0 inline, 0 general)