feat: add static routes

2026-02-16 17:21:12 +01:00 · 2026-02-16 17:21:12 +01:00 · 7939bb1b14
commit 7939bb1b14
parent 3b18a8a16f
4 changed files with 37 additions and 4 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -6,3 +6,6 @@ lan_interface: "eth1"

 # nat rules
 nat_port_forwards: []
+
+# static routes
+static_routes: []
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@ -5,3 +5,13 @@
  ansible.builtin.service:
    name: "iptables"
    state: "restarted"
+
+# apply local routes
+- name: "apply routes"
+  ansible.builtin.shell:
+    cmd: |
+      {% for route in static_routes %}
+      ip route replace {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}
+      {% endfor %}
+  when: "static_routes | length > 0"
+  changed_when: false
--- a/tasks/performance.yaml
+++ b/tasks/performance.yaml
@ -1,7 +1,7 @@
 ---

 # tcp performance tuning
- name: "configure tcp performance settings"
+- name: "performance - configure tcp"
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
--- a/tasks/routing.yaml
+++ b/tasks/routing.yaml
@ -1,7 +1,7 @@
 ---

 # install iptables
- name: "install iptables"
+- name: "routing - install ptables"
  community.general.apk:
    name:
      - "iptables"
@ -9,7 +9,7 @@
    update_cache: true

 # enable ipv4 forwarding
- name: "configure ipv4 forwarding"
+- name: "routing - configure ipv4 forwarding"
  ansible.posix.sysctl:
    name: "net.ipv4.conf.all.forwarding"
    value: "1"
@ -18,7 +18,7 @@
    reload: false

 # disable ipv4 redirects and source routing
- name: "disable ipv4 redirects and source routing"
+- name: "routing - disable ipv4 redirects and source routing"
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
@ -34,3 +34,23 @@
      value: "0"
    - name: "net.ipv4.conf.all.log_martians"
      value: "0"
+
+# configure static routes
+- name: "routing - static routes"
+  ansible.builtin.blockinfile:
+    path: "/etc/network/interfaces"
+    marker: "  # {mark} ANSIBLE MANAGED STATIC ROUTES"
+    block: |
+      {% for route in static_routes %}
+      # {{ route.name }}
+      {% if route.metric is defined %}
+        down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}
+        up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}
+      {% else %}
+        down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}
+        up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}
+      {% endif %}
+      {% endfor %}
+    insertafter: "^iface {{ lan_interface }} inet.*\\n(\\s+.*\\n)*\\s+netmask"
+    state: "{{ 'present' if static_routes | length > 0 else 'absent' }}"
+  notify: "apply routes"