Starting an rc file to set up netgraph.

2022-10-29 17:45:06 -04:00 · 2022-10-29 17:45:06 -04:00 · 4e29c2e3d8
commit 4e29c2e3d8
parent c6ed886f4c
4 changed files with 100 additions and 0 deletions
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@ -10,6 +10,7 @@ pflog_conf:
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"
 loader_conf: "odofreebsd_loader.conf"
+netgraph_config: "setup_netgraph_odo"
 graphics_driver: "intel"
 cputype: "intel"
 cpu_opt: tigerlake
--- a/ansible/roles/jail/files/setup_netgraph
+++ b/ansible/roles/jail/files/setup_netgraph
@ -0,0 +1,23 @@
+#!/bin/sh
+# /usr/local/etc/rc.d/setup_netgraph
+#
+# REQUIRE: FILESYSTEM kld
+# PROVIDE: setup_netgraph
+# BEFORE: netif
+
+. /etc/rc.subr
+name=setup_netgraph
+rcvar=${name}_enable
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+load_rc_config $name
+
+setup_netgraph_start() {
+    /usr/local/bin/setup_netgraph start
+}
+
+setup_netgraph_stop() {
+    /usr/local/bin/setup_netgraph stop
+}
+
+run_rc_command "$1"
--- a/ansible/roles/jail/files/setup_netgraph_odo
+++ b/ansible/roles/jail/files/setup_netgraph_odo
@ -0,0 +1,41 @@
+#!/usr/local/bin/bash
+
+cleanup() {
+    ngctl shutdown nat_link2:
+    ngctl shutdown nat_uplink0:
+    ngctl shutdown jail_nat_wg0:
+}
+
+setup_netgraph_start() {
+    cleanup
+
+    ngctl -d -f - <<EOF
+mkpeer . eiface hook ether
+name .:hook nat_uplink0
+EOF
+
+    ngctl -d -f - <<EOF
+mkpeer nat_uplink0: bridge ether link0
+name nat_uplink0:ether jail_nat_wg0
+EOF
+
+    ngctl -d -f - <<EOF
+mkpeer jail_nat_wg0: eiface link2 ether
+name jail_nat_wg0:link2 nat_link2
+EOF
+
+    ifconfig $(ngctl msg 'nat_uplink0:' getifname | grep Args | cut -d '"' -f 2) name nat_uplink0 10.10.11.1/24 up
+    ifconfig $(ngctl msg 'jail_nat_wg0:link2' getifname | grep Args | cut -d '"' -f 2) name nat_link2
+}
+
+setup_netgraph_stop() {
+    cleanup
+}
+
+if [ "$1" = "start" ]; then
+    setup_netgraph_start
+elif [ "$1" = "stop" ]; then
+    setup_netgraph_stop
+else
+    >&2 echo "Unrecognized command"
+fi
--- a/ansible/roles/jail/tasks/freebsd.yaml
+++ b/ansible/roles/jail/tasks/freebsd.yaml
@ -90,3 +90,38 @@
    state: absent
  when: jail_list|community.general.json_query('[?enabled==`true`]')|length == 0

+- name: Install rc script
+  when: netgraph_config is defined
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
+    owner: root
+    group: wheel
+    mode: 0755
+  loop:
+    - src: setup_netgraph
+
+- name: Install scripts
+  when: netgraph_config is defined
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: "{{ netgraph_config }}"
+      dest: /usr/local/bin/setup_netgraph
+
+- name: Enable setup_netgraph
+  when: netgraph_config is defined
+  community.general.sysrc:
+    name: setup_netgraph_enable
+    value: "YES"
+    path: /etc/rc.conf.d/setup_netgraph
+
+- name: Disable setup_netgraph
+  when: netgraph_config is not defined
+  file:
+    path: /etc/rc.conf.d/setup_netgraph
+    state: absent