From 9168cc51cf163562eee460d370662633b227c3c3 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 29 Oct 2022 21:47:32 -0400
Subject: [PATCH] Rename the interfaces to make the separate levels more clear.

---
 ansible/roles/base/tasks/freebsd.yaml         |  1 +
 .../roles/firewall/files/odofreebsd_pf.conf   |  6 ++---
 ansible/roles/jail/files/jails/cloak.conf     |  2 +-
 ansible/roles/jail/files/setup_netgraph_odo   | 22 ++++++++++---------
 4 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml
index 88a6e65..0b3dbc8 100644
--- a/ansible/roles/base/tasks/freebsd.yaml
+++ b/ansible/roles/base/tasks/freebsd.yaml
@@ -2,6 +2,7 @@
   package:
     name:
       - pstree
+      - gsed
     state: present
 
 - name: See if the alacritty termcap has been added
diff --git a/ansible/roles/firewall/files/odofreebsd_pf.conf b/ansible/roles/firewall/files/odofreebsd_pf.conf
index 4d6f688..f7649ff 100644
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@@ -2,7 +2,7 @@ ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
 jail_net_v4 = "10.193.223.0/24"
 
 dhcp = "{ bootpc, bootps }"
-# allow = "{ nat_uplink0 }"
+# allow = "{ host_uplink0 }"
 
 tcp_pass_in = "{ 22 }"
 udp_pass_in = "{ 53 51820 }"
@@ -15,7 +15,7 @@ set skip on lo
 # redirections
 nat on $ext_if inet from $jail_net_v4 to { any, !$jail_net_v4 } tag ALLOWED -> (wlan0)
 
-rdr on nat_uplink0 inet proto {tcp, udp} from any to 10.193.223.1 port 53 tag ALLOWED -> 1.1.1.1 port 53
+rdr on host_uplink0 inet proto {tcp, udp} from any to 10.193.223.1 port 53 tag ALLOWED -> 1.1.1.1 port 53
 
 # filtering
 block log all
@@ -37,4 +37,4 @@ pass in on $ext_if proto udp to any port $udp_pass_in
 
 pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp
 
-pass in on nat_uplink0 proto udp from any to any port { 53 51820 }
+pass in on host_uplink0 proto udp from any to any port { 53 51820 }
diff --git a/ansible/roles/jail/files/jails/cloak.conf b/ansible/roles/jail/files/jails/cloak.conf
index 7026d39..9c413c3 100644
--- a/ansible/roles/jail/files/jails/cloak.conf
+++ b/ansible/roles/jail/files/jails/cloak.conf
@@ -1,7 +1,7 @@
 cloak {
     path = "/jail/main/jails/cloak";
     vnet;
-    vnet.interface += "nat_link2";
+    vnet.interface += "host_link2";
     devfs_ruleset = 13;
     mount.devfs; # To expose tun device
 
diff --git a/ansible/roles/jail/files/setup_netgraph_odo b/ansible/roles/jail/files/setup_netgraph_odo
index 86eefb0..10a6dfe 100644
--- a/ansible/roles/jail/files/setup_netgraph_odo
+++ b/ansible/roles/jail/files/setup_netgraph_odo
@@ -1,9 +1,9 @@
 #!/usr/local/bin/bash
 
 cleanup() {
-    ngctl shutdown nat_link2:
-    ngctl shutdown nat_uplink0:
-    ngctl shutdown jail_nat_wg0:
+    ngctl shutdown host_link2:
+    ngctl shutdown host_uplink0:
+    ngctl shutdown host_bridge0:
 }
 
 setup_netgraph_start() {
@@ -11,21 +11,23 @@ setup_netgraph_start() {
 
     ngctl -d -f - <<EOF
 mkpeer . eiface hook ether
-name .:hook nat_uplink0
+name .:hook host_uplink0
 EOF
 
     ngctl -d -f - <<EOF
-mkpeer nat_uplink0: bridge ether link0
-name nat_uplink0:ether jail_nat_wg0
+mkpeer host_uplink0: bridge ether link0
+name host_uplink0:ether host_bridge0
 EOF
 
     ngctl -d -f - <<EOF
-mkpeer jail_nat_wg0: eiface link2 ether
-name jail_nat_wg0:link2 nat_link2
+mkpeer host_bridge0: eiface link2 ether
+name host_bridge0:link2 host_link2
 EOF
 
-    ifconfig $(ngctl msg 'nat_uplink0:' getifname | grep Args | cut -d '"' -f 2) name nat_uplink0 10.193.223.1/24 up
-    ifconfig $(ngctl msg 'jail_nat_wg0:link2' getifname | grep Args | cut -d '"' -f 2) name nat_link2
+    ifconfig $(ngctl msg 'host_uplink0:' getifname | grep Args | cut -d '"' -f 2) name host_uplink0 10.193.223.1/24 up
+    ifconfig $(ngctl msg 'host_bridge0:link2' getifname | grep Args | cut -d '"' -f 2) name host_link2
+
+    # Create internal bridge for jails that are forced through wireguard
 }
 
 setup_netgraph_stop() {