mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 13:46:59 +01:00
63 lines
1.5 KiB
YAML
63 lines
1.5 KiB
YAML
---
|
|
- name: Get the internet interface
|
|
shell: ip route get 1.1.1.1 | head -n1 | sed -E 's/^.+dev ([^ ]+).+$/\1/'
|
|
register: interface_result
|
|
changed_when: False
|
|
check_mode: False
|
|
|
|
- name: Set host interface facts
|
|
set_fact:
|
|
proxy_interface: "{{ interface_result.stdout | trim }}"
|
|
|
|
- name: Allow ip forwarding
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
sysctl_set: True
|
|
reload: True
|
|
when: inventory_hostname == tinc_primary_router
|
|
|
|
- name: Activate masquerade
|
|
iptables:
|
|
table: nat
|
|
chain: POSTROUTING
|
|
out_interface: "{{ proxy_interface }}"
|
|
jump: MASQUERADE
|
|
when: inventory_hostname == tinc_primary_router
|
|
|
|
- name: Allow packet forwarding from WAN to LAN
|
|
iptables:
|
|
chain: FORWARD
|
|
in_interface: tun0
|
|
out_interface: "{{ proxy_interface }}"
|
|
jump: ACCEPT
|
|
when: inventory_hostname == tinc_primary_router
|
|
|
|
- name: Check if incoming packets comme from an active connexion
|
|
iptables:
|
|
chain: FORWARD
|
|
in_interface: "{{ proxy_interface }}"
|
|
out_interface: tun0
|
|
ctstate:
|
|
- ESTABLISHED
|
|
- RELATED
|
|
jump: ACCEPT
|
|
when: inventory_hostname == tinc_primary_router
|
|
|
|
- name: Set up tinc
|
|
include_role:
|
|
name: tinc
|
|
|
|
- name: Set up keepalived
|
|
include: keepalived.yml
|
|
|
|
- name: Check for internet access
|
|
shell: |-
|
|
false \{% for url in proxy_test_urls %}
|
|
|| curl -IsSL -m{{ proxy_test_timeout }} {{ url }} \
|
|
{% endfor %}
|
|
|| false
|
|
args:
|
|
warn: False
|
|
check_mode: False
|
|
changed_when: no
|