self-hosting/roles/proxy/tasks/main.yml

---
- name: Get the internet interface
  shell: ip route get 1.1.1.1 | head -n1 | sed -E 's/^.+dev ([^ ]+).+$/\1/'
  register: interface_result
  changed_when: False
  check_mode: False

- name: Set host interface facts
  set_fact:
    proxy_interface: "{{ interface_result.stdout | trim }}"

- name: Allow ip forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: 1
    sysctl_set: True
    reload: True
  when: inventory_hostname == tinc_primary_router

- name: Activate masquerade
  iptables:
    table: nat
    chain: POSTROUTING
    out_interface: "{{ proxy_interface }}"
    jump: MASQUERADE
  when: inventory_hostname == tinc_primary_router

- name: Allow packet forwarding from WAN to LAN
  iptables:
    chain: FORWARD
    in_interface: tun0
    out_interface: "{{ proxy_interface }}"
    jump: ACCEPT
  when: inventory_hostname == tinc_primary_router

- name: Check if incoming packets comme from an active connexion
  iptables:
    chain: FORWARD
    in_interface: "{{ proxy_interface }}"
    out_interface: tun0
    ctstate: 
      - ESTABLISHED
      - RELATED
    jump: ACCEPT
  when: inventory_hostname == tinc_primary_router

- name: Set up tinc
  include_role:
    name: tinc

- name: Set up keepalived
  include: keepalived.yml

- name: Check for internet access
  shell: |-
    false \{% for url in proxy_test_urls %}
      || curl -IsSL -m{{ proxy_test_timeout }} {{ url }} \
    {% endfor %}
      || false
  args:
    warn: False
  check_mode: False
  changed_when: no
Tinc setup 2018-09-18 04:00:12 +02:00			`---`
			`- name: Get the internet interface`
			`shell: ip route get 1.1.1.1 \| head -n1 \| sed -E 's/^.+dev ([^ ]+).+$/\1/'`
			`register: interface_result`
			`changed_when: False`
			`check_mode: False`

			`- name: Set host interface facts`
			`set_fact:`
			`proxy_interface: "{{ interface_result.stdout \| trim }}"`

Use packer to create a base preconfigured base image 2018-10-18 22:45:01 +02:00			`- name: Allow ip forwarding`
Tinc setup 2018-09-18 04:00:12 +02:00			`sysctl:`
			`name: net.ipv4.ip_forward`
			`value: 1`
			`sysctl_set: True`
			`reload: True`
Remove old roles and fix idempotency issues 2018-09-26 19:24:36 +02:00			`when: inventory_hostname == tinc_primary_router`
Tinc setup 2018-09-18 04:00:12 +02:00
Use packer to create a base preconfigured base image 2018-10-18 22:45:01 +02:00			`- name: Activate masquerade`
Tinc setup 2018-09-18 04:00:12 +02:00			`iptables:`
			`table: nat`
			`chain: POSTROUTING`
			`out_interface: "{{ proxy_interface }}"`
			`jump: MASQUERADE`
Use packer to create a base preconfigured base image 2018-10-18 22:45:01 +02:00			`when: inventory_hostname == tinc_primary_router`
Tinc setup 2018-09-18 04:00:12 +02:00
Use packer to create a base preconfigured base image 2018-10-18 22:45:01 +02:00			`- name: Allow packet forwarding from WAN to LAN`
			`iptables:`
			`chain: FORWARD`
			`in_interface: tun0`
			`out_interface: "{{ proxy_interface }}"`
			`jump: ACCEPT`
			`when: inventory_hostname == tinc_primary_router`

			`- name: Check if incoming packets comme from an active connexion`
			`iptables:`
			`chain: FORWARD`
			`in_interface: "{{ proxy_interface }}"`
			`out_interface: tun0`
			`ctstate:`
			`- ESTABLISHED`
			`- RELATED`
			`jump: ACCEPT`
			`when: inventory_hostname == tinc_primary_router`
Tinc setup 2018-09-18 04:00:12 +02:00
			`- name: Set up tinc`
			`include_role:`
			`name: tinc`

			`- name: Set up keepalived`
			`include: keepalived.yml`

			`- name: Check for internet access`
			`shell: \|-`
			`false \{% for url in proxy_test_urls %}`
			`\|\| curl -IsSL -m{{ proxy_test_timeout }} {{ url }} \`
			`{% endfor %}`
			`\|\| false`
			`args:`
			`warn: False`
			`check_mode: False`
Use packer to create a base preconfigured base image 2018-10-18 22:45:01 +02:00			`changed_when: no`