9 files changed, 45 insertions, 179 deletions

diff --git a/roles/vm/network/tasks/lan.yml b/roles/vm/network/tasks/lan.yml
deleted file mode 100644
index ec436e9b..00000000
--- a/roles/vm/network/tasks/lan.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: install interface config (LAN only)
-  template:
-    src: interfaces_lan.j2
-    dest: /etc/network/interfaces
-    mode: 0644
diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/network/tasks/main.yml
index 222a350b..3d51fff2 100644
--- a/roles/vm/network/tasks/main.yml
+++ b/roles/vm/network/tasks/main.yml
@@ -1,9 +1,37 @@
 ---
-- import_tasks: systemd-link.yml
-  when: srv_network.systemd_link is defined
+- block:
+    - name: remove legacy systemd.link units
+      with_items:
+        - 50-virtio-kernel-names.link
+        - 99-default.link
+      file:
+        name: "/etc/systemd/network/{{ item }}"
+        state: absent
 
-- import_tasks: public.yml
-  when: srv_network.public is defined
+    - name: install systemd network link units
+      with_items: "{{ vm_network.systemd_link.interfaces }}"
+      loop_control:
+        index_var: interface_index
+      template:
+        src: systemd.link.j2
+        dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link"
+      notify: rebuild initramfs
 
-- import_tasks: lan.yml
-  when: srv_network.public is not defined
+  when: vm_network.systemd_link is defined
+
+- name: install basic interface config
+  template:
+    src: interfaces.j2
+    dest: /etc/network/interfaces
+    mode: 0644
+
+- name: remove resolvconf package
+  apt:
+    name: resolvconf
+    state: absent
+    purge: yes
+
+- name: generate resolv.conf
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
diff --git a/roles/vm/network/tasks/public.yml b/roles/vm/network/tasks/public.yml
deleted file mode 100644
index 8b0e317a..00000000
--- a/roles/vm/network/tasks/public.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: set routing table names
-  with_items:
-  - { regexp: '^89\s',  line: '89      mur-default' }
-  - { regexp: '^212\s', line: '212     upc-default' }
-  lineinfile:
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-    dest: /etc/iproute2/rt_tables
-
-- name: calculate address lists
-  set_fact:
-    srv_network_public_firewall_ipv4:
-    - "{{ srv_network.public.ip_mur }}"
-    - "{{ srv_network.public.ip_upc }}"
-    srv_network_public_firewall_ipv6:
-    - "{{ srv_network.public.ip_mur6 }}"
-
-- name: install firewall scripts
-  with_items:
-  - 4
-  - 6
-  template:
-    src: firewall.sh_public.j2
-    dest: "/etc/network/firewall{{ item }}.sh"
-    mode: 0755
-  when: srv_network.public.firewall is defined
-
-- name: install interface config (Public)
-  template:
-    src: interfaces_public.j2
-    dest: /etc/network/interfaces
-    mode: 0644
diff --git a/roles/vm/network/tasks/systemd-link.yml b/roles/vm/network/tasks/systemd-link.yml
deleted file mode 100644
index ad12cd37..00000000
--- a/roles/vm/network/tasks/systemd-link.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: remove legacy systemd.link units
-  file:
-    name: "/etc/systemd/network/{{ item }}"
-    state: absent
-  with_items:
-  - 50-virtio-kernel-names.link
-  - 99-default.link
-
-- name: install systemd network link units
-  template:
-    src: systemd.link.j2
-    dest: "/etc/systemd/network/{{ '%02d' | format(item.idx + 10) }}-{{ item.name }}.link"
-  with_items: "{{ srv_network.systemd_link.interfaces }}"
-  notify: rebuild initramfs
diff --git a/roles/vm/network/templates/firewall.sh_public.j2 b/roles/vm/network/templates/firewall.sh_public.j2
deleted file mode 100644
index df5b1373..00000000
--- a/roles/vm/network/templates/firewall.sh_public.j2
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-
-PUBLIC_IPS="{% if item == 4 %}{{ srv_network_public_firewall_ipv4 | join(' ') }}{% else %}{{ srv_network_public_firewall_ipv6 | join(' ') }}{% endif %}"
-PUBLIC_IF="$2"
-TCP_PORTS="{{ srv_network.public.firewall.tcp_ports | default([]) | join(' ') }}"
-UDP_PORTS="{{ srv_network.public.firewall.udp_ports | default([]) | join(' ') }}"
-
-#####
-IPTABLES="/sbin/ip{% if item == 6 %}6{% endif %}tables"
-ICMP="icmp{% if item == 6 %}v6{% endif %}"
-
-case "$1" in
-  start)
-    $IPTABLES -A INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT
-    $IPTABLES -A INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT
-    for port in $TCP_PORTS; do
-      for ip in $PUBLIC_IPS; do
-        $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT
-      done
-    done
-    for port in $UDP_PORTS; do
-      for ip in $PUBLIC_IPS; do
-        $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT
-      done
-    done
-    $IPTABLES -A INPUT -i $PUBLIC_IF -j DROP
-  ;;
-  stop)
-    $IPTABLES -D INPUT -i $PUBLIC_IF -j DROP
-    for port in $UDP_PORTS; do
-      for ip in $PUBLIC_IPS; do
-        $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT
-      done
-    done
-    for port in $TCP_PORTS; do
-      for ip in $PUBLIC_IPS; do
-        $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT
-      done
-    done
-    $IPTABLES -D INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT
-    $IPTABLES -D INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT
-  ;;
-  *)
-    echo "Usage: $0 (start|stop)"
-    exit 1
-  ;;
-esac
-
-exit 0
diff --git a/roles/vm/network/templates/interfaces_lan.j2 b/roles/vm/network/templates/interfaces.j2
index 36ae2883..542e18d6 100644
--- a/roles/vm/network/templates/interfaces_lan.j2
+++ b/roles/vm/network/templates/interfaces.j2
@@ -7,11 +7,11 @@ source /etc/network/interfaces.d/*
 auto lo
 iface lo inet loopback
 
-# The internal network interface
-auto {{ srv_network.internal.interface }}
-iface {{ srv_network.internal.interface }} inet static
-  address {{ srv_network.internal.ip }}
-  netmask 255.255.255.0
-  gateway 192.168.1.254
+# The primary network interface
+auto {{ vm_network.primary.interface }}
+iface {{ vm_network.primary.interface }} inet static
+  address {{ vm_network.primary.ip }}
+  netmask {{ vm_network.primary.mask }}
+  gateway {{ vm_network.primary.gateway }}
   pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
   pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
diff --git a/roles/vm/network/templates/interfaces_public.j2 b/roles/vm/network/templates/interfaces_public.j2
deleted file mode 100644
index 2e8583ab..00000000
--- a/roles/vm/network/templates/interfaces_public.j2
+++ /dev/null
@@ -1,63 +0,0 @@
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-source /etc/network/interfaces.d/*
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
-
-# The internal network interface
-auto {{ srv_network.internal.interface }}
-iface {{ srv_network.internal.interface }} inet static
-  address {{ srv_network.internal.ip }}
-  netmask 255.255.255.0
-  pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
-  pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
-  up ip route add default via 192.168.1.254 table default
-  up ip rule add pref 42000 lookup default
-  up ip rule del pref 32767
-  down ip rule add pref 32767 lookup default
-  down ip rule del pref 42000
-  down ip route del default via 192.168.1.254 table default
-
-
-# The public network interface
-auto {{ srv_network.public.interface }}
-iface {{ srv_network.public.interface }} inet static
-  address {{ srv_network.public.ip }}
-  netmask 255.255.255.0
-  pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
-  pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
-  ## mur.at
-  up ip addr add dev $IFACE {{ srv_network.public.ip_mur }}/28
-  up ip route add default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default
-  up ip rule add pref 33000 from {{ srv_network.public.ip_mur }} lookup mur-default
-  ## upc
-  up ip addr add dev $IFACE {{ srv_network.public.ip_upc }}/32
-  up ip route add default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default
-  up ip rule add pref 35000 from {{ srv_network.public.ip_upc }} lookup upc-default
-  ### firewall
-  up /etc/network/firewall4.sh start $IFACE
-  ##########
-  down /etc/network/firewall4.sh stop $IFACE
-  ## upc
-  down ip rule del pref 35000
-  down ip route del default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default
-  down ip addr del dev $IFACE {{ srv_network.public.ip_upc }}/32
-  ## mur.at
-  down ip rule del pref 33000
-  down ip route del default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default
-  down ip addr del dev $IFACE {{ srv_network.public.ip_mur }}/28
-
-iface {{ srv_network.public.interface }} inet6 static
-  address {{ srv_network.public.ip_mur6 }}
-  netmask 64
-  pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
-  pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
-  up ip -6 route add default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default
-  up ip -6 rule add pref 33000 from {{ srv_network.public.ip_mur6 }} lookup mur-default
-  up /etc/network/firewall6.sh start $IFACE
-  down /etc/network/firewall6.sh stop $IFACE
-  down ip -6 rule del pref 33000
-  down ip -6 route del default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default
diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2
new file mode 100644
index 00000000..86d4201e
--- /dev/null
+++ b/roles/vm/network/templates/resolv.conf.j2
@@ -0,0 +1,4 @@
+{% for nsrv in vm_network.nameservers %}
+nameserver {{ nsrv }}
+{% endfor %}
+search {{ vm_network.domain }}
diff --git a/roles/vm/network/templates/systemd.link.j2 b/roles/vm/network/templates/systemd.link.j2
index 753fd586..7093e164 100644
--- a/roles/vm/network/templates/systemd.link.j2
+++ b/roles/vm/network/templates/systemd.link.j2
@@ -1,5 +1,5 @@
 [Match]
-Path=pci-0000:01:{{ "%02d" | format(item.idx) }}.0
+Path=*pci-0000:01:{{ "%02d" | format(interface_index + 1) }}.0
 
 [Link]
 Name={{ item.name }}