Remove bridge setup & use predictable network interace name

2023-08-06 20:57:24 +02:00 · 2023-08-06 20:57:24 +02:00 · 83ad3362bd
commit 83ad3362bd
parent ed7bf5a46c
6 changed files with 15 additions and 25 deletions
--- a/tasks/network.yml
+++ b/tasks/network.yml
@ -28,14 +28,10 @@
    group: systemd-network
    mode: '0640'
  loop:
-    - { src: 'templates/network/br0.netdev.j2', dest: '/etc/systemd/network/br0.netdev' }
+    - { src: 'templates/network/link1.link.j2', dest: '/etc/systemd/network/link1.link' }
    - {
-        src: 'templates/network/br0.network.j2',
+        src: 'templates/network/link1.network.j2',
-        dest: '/etc/systemd/network/br0.network',
+        dest: '/etc/systemd/network/link1.network',
      }
    - {
        src: 'templates/network/enp5s0.network.j2',
        dest: '/etc/systemd/network/enp5s0.network',
      }
    - { src: 'templates/network/wg0.netdev.j2', dest: '/etc/systemd/network/wg0.netdev' }
    - {
--- a/templates/network/br0.netdev.j2
+++ b/templates/network/br0.netdev.j2
@ -1,6 +0,0 @@
 # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
 [NetDev]
 Name={{ bridge_interface }}
 Kind=bridge
 MACAddress={{ bridge_mac }}
--- a/templates/network/br0.network.j2
+++ b/templates/network/br0.network.j2
@ -1,7 +1,8 @@
 # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
 [Match]
-Name={{ bridge_source_interface }}
+MACAddress={{ network_mac }}
-[Network]
+[Link]
-Bridge={{ bridge_interface }}
+NamePolicy=
 Name={{ network_interface }}
--- a/templates/network/enp5s0.network.j2
+++ b/templates/network/enp5s0.network.j2
@ -1,7 +1,7 @@
 # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
 [Match]
-Name={{ bridge_interface }}
+Name={{ network_interface }}
 [Network]
 DHCP=ipv4
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@ -19,12 +19,12 @@ table ip filter {
    # allow icmp
    ip protocol icmp accept
-    iifname "br0" tcp dport {{ ssh_port }} accept comment "SSH"
+    iifname "{{ network_interface }}" tcp dport {{ ssh_port }} accept comment "SSH"
-    iifname "br0" tcp dport {{ gitlab_ssh_port }} accept comment "Gitlab SSH"
+    iifname "{{ network_interface }}" tcp dport {{ gitlab_ssh_port }} accept comment "Gitlab SSH"
-    iifname "br0" tcp dport { {{ http_port }}, {{ https_port }} } accept comment "HTTP/HTTPS"
+    iifname "{{ network_interface }}" tcp dport { {{ http_port }}, {{ https_port }} } accept comment "HTTP/HTTPS"
-    iifname "br0" tcp dport {{ transmission_port }} accept comment "Transmission"
+    iifname "{{ network_interface }}" tcp dport {{ transmission_port }} accept comment "Transmission"
-    iifname "br0" udp dport {{ vpn_port }} accept comment "Wireguard"
+    iifname "{{ network_interface }}" udp dport {{ vpn_port }} accept comment "Wireguard"
    iifname "{{ vpn_interface }}" tcp dport { {{ http_port }}, {{ https_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "HTTP/HTTPS"
    iifname "{{ vpn_interface }}" tcp dport {{ transmission_web_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "Transmission Web"
--- a/vars/network.yml
+++ b/vars/network.yml
@ -1,6 +1,5 @@
-bridge_interface: 'br0'
+network_interface: 'link1'
-bridge_source_interface: 'enp5s0'
+network_mac: '70:85:c2:5a:ce:91'
 bridge_mac: '70:85:c2:5a:ce:91'
 lan_ip_address: '192.168.178.185'
 wan_ip_address: '178.85.119.159'