From 79c40fec07d7ea906cf1375fa93a4b202766ba79 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 24 May 2018 23:40:30 +0200 Subject: move vm roles to subdir --- roles/vm-network/templates/firewall.sh_public.j2 | 49 ------------------ roles/vm-network/templates/interfaces_lan.j2 | 17 ------- roles/vm-network/templates/interfaces_public.j2 | 63 ------------------------ roles/vm-network/templates/systemd.link.j2 | 5 -- 4 files changed, 134 deletions(-) delete mode 100644 roles/vm-network/templates/firewall.sh_public.j2 delete mode 100644 roles/vm-network/templates/interfaces_lan.j2 delete mode 100644 roles/vm-network/templates/interfaces_public.j2 delete mode 100644 roles/vm-network/templates/systemd.link.j2 (limited to 'roles/vm-network/templates') diff --git a/roles/vm-network/templates/firewall.sh_public.j2 b/roles/vm-network/templates/firewall.sh_public.j2 deleted file mode 100644 index df5b1373..00000000 --- a/roles/vm-network/templates/firewall.sh_public.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -PUBLIC_IPS="{% if item == 4 %}{{ srv_network_public_firewall_ipv4 | join(' ') }}{% else %}{{ srv_network_public_firewall_ipv6 | join(' ') }}{% endif %}" -PUBLIC_IF="$2" -TCP_PORTS="{{ srv_network.public.firewall.tcp_ports | default([]) | join(' ') }}" -UDP_PORTS="{{ srv_network.public.firewall.udp_ports | default([]) | join(' ') }}" - -##### -IPTABLES="/sbin/ip{% if item == 6 %}6{% endif %}tables" -ICMP="icmp{% if item == 6 %}v6{% endif %}" - -case "$1" in - start) - $IPTABLES -A INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - $IPTABLES -A INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - $IPTABLES -A INPUT -i $PUBLIC_IF -j DROP - ;; - stop) - $IPTABLES -D INPUT -i $PUBLIC_IF -j DROP - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - $IPTABLES -D INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - $IPTABLES -D INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - ;; - *) - echo "Usage: $0 (start|stop)" - exit 1 - ;; -esac - -exit 0 diff --git a/roles/vm-network/templates/interfaces_lan.j2 b/roles/vm-network/templates/interfaces_lan.j2 deleted file mode 100644 index 36ae2883..00000000 --- a/roles/vm-network/templates/interfaces_lan.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - gateway 192.168.1.254 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf diff --git a/roles/vm-network/templates/interfaces_public.j2 b/roles/vm-network/templates/interfaces_public.j2 deleted file mode 100644 index 2e8583ab..00000000 --- a/roles/vm-network/templates/interfaces_public.j2 +++ /dev/null @@ -1,63 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip route add default via 192.168.1.254 table default - up ip rule add pref 42000 lookup default - up ip rule del pref 32767 - down ip rule add pref 32767 lookup default - down ip rule del pref 42000 - down ip route del default via 192.168.1.254 table default - - -# The public network interface -auto {{ srv_network.public.interface }} -iface {{ srv_network.public.interface }} inet static - address {{ srv_network.public.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - ## mur.at - up ip addr add dev $IFACE {{ srv_network.public.ip_mur }}/28 - up ip route add default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - up ip rule add pref 33000 from {{ srv_network.public.ip_mur }} lookup mur-default - ## upc - up ip addr add dev $IFACE {{ srv_network.public.ip_upc }}/32 - up ip route add default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - up ip rule add pref 35000 from {{ srv_network.public.ip_upc }} lookup upc-default - ### firewall - up /etc/network/firewall4.sh start $IFACE - ########## - down /etc/network/firewall4.sh stop $IFACE - ## upc - down ip rule del pref 35000 - down ip route del default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - down ip addr del dev $IFACE {{ srv_network.public.ip_upc }}/32 - ## mur.at - down ip rule del pref 33000 - down ip route del default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - down ip addr del dev $IFACE {{ srv_network.public.ip_mur }}/28 - -iface {{ srv_network.public.interface }} inet6 static - address {{ srv_network.public.ip_mur6 }} - netmask 64 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip -6 route add default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default - up ip -6 rule add pref 33000 from {{ srv_network.public.ip_mur6 }} lookup mur-default - up /etc/network/firewall6.sh start $IFACE - down /etc/network/firewall6.sh stop $IFACE - down ip -6 rule del pref 33000 - down ip -6 route del default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default diff --git a/roles/vm-network/templates/systemd.link.j2 b/roles/vm-network/templates/systemd.link.j2 deleted file mode 100644 index 753fd586..00000000 --- a/roles/vm-network/templates/systemd.link.j2 +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -Path=pci-0000:01:{{ "%02d" | format(item.idx) }}.0 - -[Link] -Name={{ item.name }} -- cgit v1.2.3