Enable ipv6 on homeserver.

2024-07-12 21:44:43 -04:00 · 2024-07-12 21:44:43 -04:00 · 6be368a1e8
parent 0e2c7adaf9
commit 6be368a1e8
8 changed files with 24 additions and 12 deletions
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@ -25,6 +25,8 @@ users:
    gitconfig: "gitconfig_home"
 sshd_enabled: true
 sshd_conf: "sshd_config"
+prefer_ipv6: true
+dummynet_config: "dnctl.conf"
 pf_config: "homeserver_pf.conf"
 pflog_conf:
  - name: 0
--- a/ansible/roles/dummynet/files/dnctl_rc.conf
+++ b/ansible/roles/dummynet/files/dnctl_rc.conf
@ -1 +1,2 @@
 dnctl_enable="YES"
+dnctl_rules="/etc/dnctl.conf"
--- a/ansible/roles/emacs/files/plainmacs
+++ b/ansible/roles/emacs/files/plainmacs
@ -15,7 +15,8 @@ INIT_SCRIPT=$(cat <<EOF
  ;; Set default font
  (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
  ;; Set fallback font for unicode glyphs
-  (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji"))
+  (when (display-graphic-p)
+    (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
  (menu-bar-mode -1)
  (when (fboundp 'tool-bar-mode)
    (tool-bar-mode -1))
--- a/ansible/roles/emacs/files/plainmacs_init.el
+++ b/ansible/roles/emacs/files/plainmacs_init.el
@ -11,7 +11,8 @@
  ;; Set default font
  (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
  ;; Set fallback font for unicode glyphs
-  (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji"))
+  (when (display-graphic-p)
+    (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
  (menu-bar-mode -1)
  (when (fboundp 'tool-bar-mode)
    (tool-bar-mode -1))
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@ -4,6 +4,7 @@ jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
 restricted_nat_v4 = "{ 10.215.2.0/24 }"
 not_restricted_nat_v4 = "{ any, !10.215.2.0/24 }"
+rfc1918 = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"

 dhcp = "{ bootpc, bootps }"
 allow = "{ wgh wgf }"
@ -54,6 +55,10 @@ rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 1
 block log all
 pass out on $ext_if

+# match in on jail_nat from any to any dnpipe 1
+# match in on jail_nat from any to $rfc1918 dnpipe 2
+# match in on restricted_nat from any to any dnpipe 1
+
 pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from $jail_nat_v4
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@ -28,8 +28,8 @@ block log all
 pass out on $ext_if

 pass in on jail_nat
-match in on jail_nat from any to any dnpipe 1
-match in on jail_nat from any to $rfc1918 dnpipe 2
+# match in on jail_nat from any to any dnpipe 1
+# match in on jail_nat from any to $rfc1918 dnpipe 2
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from $jail_nat_v4

--- a/ansible/roles/network/files/homeserver_network.conf
+++ b/ansible/roles/network/files/homeserver_network.conf
@ -1,3 +1,4 @@
 wlans_ath0="wlan0"
 ifconfig_wlan0="WPA DHCP"
 ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+ipv6_cpe_wanif="wlan0"
--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@ -59,14 +59,15 @@

 - name: Prefer ipv6
  when: prefer_ipv6
-  sysctl:
-    name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    state: present
-    sysctl_file: "/etc/rc.conf.d/ip6addrctl"
-  loop:
-    - name: ip6addrctl_policy
-      value: "ipv6_prefer"
+  blockinfile:
+    path: "/etc/rc.conf.d/ip6addrctl"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    create: true
+    mode: 0600
+    owner: root
+    group: wheel
+    block: |
+      ip6addrctl_policy="ipv6_prefer"

 - name: Don't Prefer ipv6
  when: not prefer_ipv6