ansible/router
ansible/router
2
0
Fork 0
Code Issues 1 Pull requests Activity
Ansible Role for managing an opiniated Alpine Router
27 commits 1 branch 0 tags 76 KiB
  • Jinja 100%
Find a file
Simon Cornet 1781bb5939 feat: add wireguard support
2026-02-17 14:02:35 +01:00
defaults feat: add wireguard support 2026-02-17 14:02:35 +01:00
handlers feat: add incoming fw rules, fixed routes and improved docs 2026-02-17 08:44:28 +01:00
meta chore: fix galaxy meta information 2026-02-16 14:50:40 +01:00
roles ci: add various configs and linter fixes 2026-02-16 17:51:23 +01:00
tasks fix: nftables file location 2026-02-17 08:59:03 +01:00
templates feat: add wireguard support 2026-02-17 14:02:35 +01:00
.ansible-lint chore: add basic role layout for ans-router 2026-02-16 14:15:02 +01:00
.gitignore chore: add basic role layout for ans-router 2026-02-16 14:15:02 +01:00
.gitlab-ci.yml ci: add initial config 2026-02-16 17:35:14 +01:00
.markdownlint-cli2.jsonc ci: add various configs and linter fixes 2026-02-16 17:51:23 +01:00
.yamllint chore: add basic role layout for ans-router 2026-02-16 14:15:02 +01:00
AGENTS.md chore: restructure tasks - install, routing, firewall, performance 2026-02-16 14:17:09 +01:00
playbook.yaml ci: add various configs and linter fixes 2026-02-16 17:51:23 +01:00
readme.md feat: add incoming fw rules, fixed routes and improved docs 2026-02-17 08:44:28 +01:00
renovate.json chore: add basic role layout for ans-router 2026-02-16 14:15:02 +01:00

readme.md

Overview

This role configures router functionality on Alpine Linux.

Supported Operating Systems

Operating System Version
Alpine 3.23

Tags

Tag Purpose
full Execute all tasks
routing Configure routing and iptables
firewall Configure firewall rules
performance Configure performance tuning

Role Variables

Interfaces

wan_interface: "eth0"
lan_interface: "eth1"

Static Routes

static_routes:

  - name: "route to internal network 10.0.0.0/8 via 192.168.1.1"
    destination: "10.0.0.0/8"
    gateway: "192.168.1.1"

  - name: "route to dmz with custom metric"
    destination: "172.16.0.0/12"
    gateway: "192.168.1.254"
    metric: 100

  - name: "route with specific interface"
    destination: "192.168.100.0/24"
    gateway: "192.168.1.1"
    interface: "eth1"

Incoming Firewall Rules

incoming_firewall_rules:

  - name: "allow ssh from lan"
    source: "192.168.1.0/24"
    protocol: "tcp"
    port: 22

  - name: "allow https from lan"
    source: "192.168.1.0/24"
    protocol: "tcp"
    port: 443

  - name: "allow dns from lan"
    source: "192.168.1.0/24"
    protocol: "udp"
    port: 53

  - name: "allow ping from lan"
    source: "192.168.1.0/24"
    protocol: "icmp"
    port: 0

NAT Port Forwards

nat_port_forwards:

  - name: "forward http to web server"
    dst: "192.168.1.10"
    port: 80
    protocol: "tcp"

  - name: "forward https to web server"
    dst: "192.168.1.10"
    port: 443
    protocol: "tcp"

  - name: "forward ssh to internal server"
    dst: "192.168.1.20"
    port: 2222
    protocol: "tcp"