From 6eacc2ad5539abf37dc90cd378b44320f7758869 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 7 Jul 2020 22:09:19 +0200
Subject: refactor vm role names

---
 .../vm/host/network/templates/bridge-interfaces.j2 | 53 ++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 roles/vm/host/network/templates/bridge-interfaces.j2

(limited to 'roles/vm/host/network/templates/bridge-interfaces.j2')

diff --git a/roles/vm/host/network/templates/bridge-interfaces.j2 b/roles/vm/host/network/templates/bridge-interfaces.j2
new file mode 100644
index 00000000..05144430
--- /dev/null
+++ b/roles/vm/host/network/templates/bridge-interfaces.j2
@@ -0,0 +1,53 @@
+{% set bridge_name = 'br-'+item.key %}
+{% set bridge = item.value %}
+{% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %}
+auto {{ bridge_name }}
+{% if 'address' in interface %}
+iface {{ bridge_name }} inet static
+  address {{ interface.address | ipaddr('address') }}
+  netmask {{ interface.address | ipaddr('netmask') }}
+{%   if 'gateway' in interface %}
+  gateway {{ interface.gateway }}
+{%   endif %}
+{% else %}
+iface {{ bridge_name }} inet manual
+{% endif %}
+{% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %}
+  bridge_ports {{ bridge.interfaces | join(' ') }}
+{% else %}
+  bridge_ports none
+{% endif %}
+  bridge_stp off
+  bridge_waitport 0
+  bridge_fd 0
+  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
+  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
+  up modprobe br_netfilter
+  up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0
+  up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
+  up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
+{% if 'address' in interface and 'prefix' in bridge %}
+{%   if 'nat' in bridge and bridge.nat %}
+  up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
+  up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
+  up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }}
+{%   endif %}
+{%   if 'overlay' in bridge %}
+{%     for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %}
+  up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }}  # {{ dest }}
+{%     endfor %}
+  up /bin/ip route add unreachable {{ bridge.overlay.prefix }}
+  down /sbin/ip route del {{ bridge.overlay.prefix }}
+{%   endif %}
+{%   if 'nat' in bridge and bridge.nat %}
+  down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }}
+{%   endif %}
+{% endif %}
+{% if 'address6' in interface %}
+
+iface {{ bridge_name }} inet6 static
+  address {{ interface.address6 }}
+{%   if 'gateway6' in interface %}
+  gateway {{ interface.gateway6 }}
+{%   endif %}
+{% endif %}
-- 
cgit v1.2.3