From 83ad3362bd4a7daf180a9fc720a3df1138d43bd2 Mon Sep 17 00:00:00 2001 From: sonny Date: Sun, 6 Aug 2023 20:57:24 +0200 Subject: [PATCH] Remove bridge setup & use predictable network interace name --- tasks/network.yml | 10 +++------- templates/network/br0.netdev.j2 | 6 ------ templates/network/{br0.network.j2 => link1.link.j2} | 7 ++++--- .../network/{enp5s0.network.j2 => link1.network.j2} | 2 +- templates/nftables.j2 | 10 +++++----- vars/network.yml | 5 ++--- 6 files changed, 15 insertions(+), 25 deletions(-) delete mode 100644 templates/network/br0.netdev.j2 rename templates/network/{br0.network.j2 => link1.link.j2} (54%) rename templates/network/{enp5s0.network.j2 => link1.network.j2} (87%) diff --git a/tasks/network.yml b/tasks/network.yml index eea805d..78d1110 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -28,14 +28,10 @@ group: systemd-network mode: '0640' loop: - - { src: 'templates/network/br0.netdev.j2', dest: '/etc/systemd/network/br0.netdev' } + - { src: 'templates/network/link1.link.j2', dest: '/etc/systemd/network/link1.link' } - { - src: 'templates/network/br0.network.j2', - dest: '/etc/systemd/network/br0.network', - } - - { - src: 'templates/network/enp5s0.network.j2', - dest: '/etc/systemd/network/enp5s0.network', + src: 'templates/network/link1.network.j2', + dest: '/etc/systemd/network/link1.network', } - { src: 'templates/network/wg0.netdev.j2', dest: '/etc/systemd/network/wg0.netdev' } - { diff --git a/templates/network/br0.netdev.j2 b/templates/network/br0.netdev.j2 deleted file mode 100644 index f397806..0000000 --- a/templates/network/br0.netdev.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[NetDev] -Name={{ bridge_interface }} -Kind=bridge -MACAddress={{ bridge_mac }} diff --git a/templates/network/br0.network.j2 b/templates/network/link1.link.j2 similarity index 54% rename from templates/network/br0.network.j2 rename to templates/network/link1.link.j2 index 983c8c6..386ccb0 100644 --- a/templates/network/br0.network.j2 +++ b/templates/network/link1.link.j2 @@ -1,7 +1,8 @@ # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} [Match] -Name={{ bridge_source_interface }} +MACAddress={{ network_mac }} -[Network] -Bridge={{ bridge_interface }} +[Link] +NamePolicy= +Name={{ network_interface }} diff --git a/templates/network/enp5s0.network.j2 b/templates/network/link1.network.j2 similarity index 87% rename from templates/network/enp5s0.network.j2 rename to templates/network/link1.network.j2 index 63d30a5..bec9b4b 100644 --- a/templates/network/enp5s0.network.j2 +++ b/templates/network/link1.network.j2 @@ -1,7 +1,7 @@ # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} [Match] -Name={{ bridge_interface }} +Name={{ network_interface }} [Network] DHCP=ipv4 diff --git a/templates/nftables.j2 b/templates/nftables.j2 index 8ffe6d3..f234d92 100644 --- a/templates/nftables.j2 +++ b/templates/nftables.j2 @@ -19,12 +19,12 @@ table ip filter { # allow icmp ip protocol icmp accept - iifname "br0" tcp dport {{ ssh_port }} accept comment "SSH" - iifname "br0" tcp dport {{ gitlab_ssh_port }} accept comment "Gitlab SSH" - iifname "br0" tcp dport { {{ http_port }}, {{ https_port }} } accept comment "HTTP/HTTPS" - iifname "br0" tcp dport {{ transmission_port }} accept comment "Transmission" + iifname "{{ network_interface }}" tcp dport {{ ssh_port }} accept comment "SSH" + iifname "{{ network_interface }}" tcp dport {{ gitlab_ssh_port }} accept comment "Gitlab SSH" + iifname "{{ network_interface }}" tcp dport { {{ http_port }}, {{ https_port }} } accept comment "HTTP/HTTPS" + iifname "{{ network_interface }}" tcp dport {{ transmission_port }} accept comment "Transmission" - iifname "br0" udp dport {{ vpn_port }} accept comment "Wireguard" + iifname "{{ network_interface }}" udp dport {{ vpn_port }} accept comment "Wireguard" iifname "{{ vpn_interface }}" tcp dport { {{ http_port }}, {{ https_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "HTTP/HTTPS" iifname "{{ vpn_interface }}" tcp dport {{ transmission_web_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "Transmission Web" diff --git a/vars/network.yml b/vars/network.yml index c0b22c8..d1165cc 100644 --- a/vars/network.yml +++ b/vars/network.yml @@ -1,6 +1,5 @@ -bridge_interface: 'br0' -bridge_source_interface: 'enp5s0' -bridge_mac: '70:85:c2:5a:ce:91' +network_interface: 'link1' +network_mac: '70:85:c2:5a:ce:91' lan_ip_address: '192.168.178.185' wan_ip_address: '178.85.119.159'