Enable ipv6 on homeserver.

This commit is contained in:
Tom Alexander 2024-07-12 21:44:43 -04:00
parent 0e2c7adaf9
commit 6be368a1e8
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
8 changed files with 24 additions and 12 deletions

View File

@ -25,6 +25,8 @@ users:
gitconfig: "gitconfig_home"
sshd_enabled: true
sshd_conf: "sshd_config"
prefer_ipv6: true
dummynet_config: "dnctl.conf"
pf_config: "homeserver_pf.conf"
pflog_conf:
- name: 0

View File

@ -1 +1,2 @@
dnctl_enable="YES"
dnctl_rules="/etc/dnctl.conf"

View File

@ -15,7 +15,8 @@ INIT_SCRIPT=$(cat <<EOF
;; Set default font
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
;; Set fallback font for unicode glyphs
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji"))
(when (display-graphic-p)
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(menu-bar-mode -1)
(when (fboundp 'tool-bar-mode)
(tool-bar-mode -1))

View File

@ -11,7 +11,8 @@
;; Set default font
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
;; Set fallback font for unicode glyphs
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji"))
(when (display-graphic-p)
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(menu-bar-mode -1)
(when (fboundp 'tool-bar-mode)
(tool-bar-mode -1))

View File

@ -4,6 +4,7 @@ jail_nat_v4 = "{ 10.215.1.0/24 }"
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
restricted_nat_v4 = "{ 10.215.2.0/24 }"
not_restricted_nat_v4 = "{ any, !10.215.2.0/24 }"
rfc1918 = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
dhcp = "{ bootpc, bootps }"
allow = "{ wgh wgf }"
@ -54,6 +55,10 @@ rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 1
block log all
pass out on $ext_if
# match in on jail_nat from any to any dnpipe 1
# match in on jail_nat from any to $rfc1918 dnpipe 2
# match in on restricted_nat from any to any dnpipe 1
pass in on jail_nat
# Allow traffic from my machine to the jails/virtual machines
pass out on jail_nat from $jail_nat_v4

View File

@ -28,8 +28,8 @@ block log all
pass out on $ext_if
pass in on jail_nat
match in on jail_nat from any to any dnpipe 1
match in on jail_nat from any to $rfc1918 dnpipe 2
# match in on jail_nat from any to any dnpipe 1
# match in on jail_nat from any to $rfc1918 dnpipe 2
# Allow traffic from my machine to the jails/virtual machines
pass out on jail_nat from $jail_nat_v4

View File

@ -1,3 +1,4 @@
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
ipv6_cpe_wanif="wlan0"

View File

@ -59,14 +59,15 @@
- name: Prefer ipv6
when: prefer_ipv6
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
sysctl_file: "/etc/rc.conf.d/ip6addrctl"
loop:
- name: ip6addrctl_policy
value: "ipv6_prefer"
blockinfile:
path: "/etc/rc.conf.d/ip6addrctl"
marker: "# {mark} ANSIBLE MANAGED BLOCK"
create: true
mode: 0600
owner: root
group: wheel
block: |
ip6addrctl_policy="ipv6_prefer"
- name: Don't Prefer ipv6
when: not prefer_ipv6