talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Starting an rc file to set up netgraph.

Browse Source
This commit is contained in:
Tom Alexander 2022-10-29 17:45:06 -04:00
parent c6ed886f4c
commit 4e29c2e3d8
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
4 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/environments/laptop/host_vars/odofreebsd
View File

@ -10,6 +10,7 @@ pflog_conf:
network_rc: "odofreebsd_network.conf" network_rc: "odofreebsd_network.conf"
rc_conf: "odofreebsd_rc.conf" rc_conf: "odofreebsd_rc.conf"
loader_conf: "odofreebsd_loader.conf" loader_conf: "odofreebsd_loader.conf"
netgraph_config: "setup_netgraph_odo"
graphics_driver: "intel" graphics_driver: "intel"
cputype: "intel" cputype: "intel"
cpu_opt: tigerlake cpu_opt: tigerlake

23
ansible/roles/jail/files/setup_netgraph Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
# /usr/local/etc/rc.d/setup_netgraph
#
# REQUIRE: FILESYSTEM kld
# PROVIDE: setup_netgraph
# BEFORE: netif
. /etc/rc.subr
name=setup_netgraph
rcvar=${name}_enable
start_cmd="${name}_start"
stop_cmd="${name}_stop"
load_rc_config $name
setup_netgraph_start() {
/usr/local/bin/setup_netgraph start
}
setup_netgraph_stop() {
/usr/local/bin/setup_netgraph stop
}
run_rc_command "$1"

41
ansible/roles/jail/files/setup_netgraph_odo Normal file
View File

@ -0,0 +1,41 @@
#!/usr/local/bin/bash
cleanup() {
ngctl shutdown nat_link2:
ngctl shutdown nat_uplink0:
ngctl shutdown jail_nat_wg0:
}
setup_netgraph_start() {
cleanup
ngctl -d -f - <<EOF
mkpeer . eiface hook ether
name .:hook nat_uplink0
EOF
ngctl -d -f - <<EOF
mkpeer nat_uplink0: bridge ether link0
name nat_uplink0:ether jail_nat_wg0
EOF
ngctl -d -f - <<EOF
mkpeer jail_nat_wg0: eiface link2 ether
name jail_nat_wg0:link2 nat_link2
EOF
ifconfig $(ngctl msg 'nat_uplink0:' getifname | grep Args | cut -d '"' -f 2) name nat_uplink0 10.10.11.1/24 up
ifconfig $(ngctl msg 'jail_nat_wg0:link2' getifname | grep Args | cut -d '"' -f 2) name nat_link2
}
setup_netgraph_stop() {
cleanup
}
if [ "$1" = "start" ]; then
setup_netgraph_start
elif [ "$1" = "stop" ]; then
setup_netgraph_stop
else
>&2 echo "Unrecognized command"
fi

35
ansible/roles/jail/tasks/freebsd.yaml
View File

@ -90,3 +90,38 @@
state: absent state: absent
when: jail_list|community.general.json_query('[?enabled==`true`]')|length == 0 when: jail_list|community.general.json_query('[?enabled==`true`]')|length == 0
- name: Install rc script
when: netgraph_config is defined
copy:
src: "files/{{ item.src }}"
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
owner: root
group: wheel
mode: 0755
loop:
- src: setup_netgraph
- name: Install scripts
when: netgraph_config is defined
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: "{{ netgraph_config }}"
dest: /usr/local/bin/setup_netgraph
- name: Enable setup_netgraph
when: netgraph_config is defined
community.general.sysrc:
name: setup_netgraph_enable
value: "YES"
path: /etc/rc.conf.d/setup_netgraph
- name: Disable setup_netgraph
when: netgraph_config is not defined
file:
path: /etc/rc.conf.d/setup_netgraph
state: absent