Beginnings of ansible foo for iapetus and phobos, although just the qemu one for now.
--- /dev/null
+routers:
+ hosts:
+ qemu:
+ control_port: 2400
+ ansible_port: 2400
+ ansible_host: kosmos.sigsegv.be
+ lan_ip: "10.0.1.1/24"
+initial:
+ hosts:
+ poudriere-image:
+ control_port: 0
+
import_playbook: homeassistant.yaml
- name: libs7comm
import_playbook: libs7comm.yaml
+- name: routers
+ hosts: routers
+ roles:
+ - router
--- /dev/null
+- name: set subnet
+ community.general.sysrc:
+ name: ifconfig_vr0
+ value: "{{ lan_ip }} up"
+ become: true
+- name: gateway enable
+ community.general.sysrc:
+ name: gateway_enable
+ value: "YES"
+ become: true
+- name: pf enable
+ community.general.sysrc:
+ name: pf_enable
+ value: "YES"
+ become: true
+- name: install pf.conf
+ template:
+ src: pf.conf
+ dest: "/etc/pf.conf"
+ owner: root
+ group: wheel
+ mode: 0644
+ become: true
+- name: unbound enable
+ community.general.sysrc:
+ name: local_unbound_enable
+ value: "YES"
+ become: true
+- name: ntp enable
+ community.general.sysrc:
+ name: ntpd_enable
+ value: "YES"
+ become: true
+- name: ntpdate enable
+ community.general.sysrc:
+ name: ntpdate_enable
+ value: "YES"
--- /dev/null
+#!/sbin/pfctl -f
+
+#set timeout tcp.established 86400
+#set block-policy return
+
+set skip on lo0
+
+ext_if = "vr0"
+int_if = "vr1"
+
+scrub on $ext_if all fragment reassemble reassemble tcp
+
+nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)
+
+pass
projects / pennestraat-domotica / commitdiff