Commit 9f512fc0 authored by julian.gethmann's avatar julian.gethmann Committed by yuancun.nie

Fix KITnet config and add IPv6 stable secret

* Add nm-settings-ifcfg-rh files
* Add IPv6 stable secret
Fixes issue #91
parent 0b3a7b48
......@@ -40,10 +40,37 @@ desktop_software:
- perl-Clipboard
- perl-Capture-Tiny
# Networking
# this should be the IP or in the sshd_config the "UseDNS" must be set to yes
ansible_server: 129.13.238.126
ansible_server_ipv6: "2a00:1398:4:8200:6840:923e:1415:87f7"
nfs_server: 129.13.238.126
dns4:
- "129.13.64.5"
- "141.3.175.65" # extern
# use only two, so that IPv6 gets also at least one
# - "129.13.96.2"
dns6:
- "2a00:1398::1"
- "2a00:1398::2"
- "2a00:1398::e:1" # extern
domains:
- las.kit.edu
- scc.kit.edu
gw4: 129.13.238.65
ntp:
- ntp1.scc.kit.edu
- ntp2.scc.kit.edu
- ntp3.scc.kit.edu
- ntp4.scc.kit.edu
# Secure variables
# file: group_vars/all/vault.yml
sudoer: "{{ vault_sudoer }}"
......@@ -62,5 +89,3 @@ ipaserver3: "{{ vault_ipaserver3 }}"
ipa_users: "{{ vault_ipa_users }}"
undine_password: "{{ vault_undine_password }}"
nfs_server: 129.13.238.126
......@@ -92,3 +92,14 @@
name: dnf-automatic.service
state: restarted
enabled: yes
- name: reload nm
become: yes
command: "nmcli connection reload"
- name: restart network
become: yes
shell: |
nmcli connection down {{ ansible_default_ipv4.interface }}
nmcli connection up {{ ansible_default_ipv4.interface }}
exit 0
---
- name: Set secret for stable privacy
become: yes
template:
src: 60-ipv6-stable-secret.j2
dest: /etc/sysctl.d/60-ipv6-stable-secret.conf
backup: yes
---
- import_tasks: etckeeper.yml
- import_tasks: hostname.yml
# - import_tasks: networking.yml
- import_tasks: networking.yml
- import_tasks: ipv6.yml
- import_tasks: sshd.yml
when: "'laptop' not in group_names"
- import_tasks: sudoer.yml
......
---
- name: Install ifcfg-KITnet
become: yes
template:
src: KITnet.j2
dest: /etc/sysconfig/network-scripts/ifcfg-KITnet
backup: yes
notify:
- reload nm
- restart network
# {{ ansible_managed }}
net.ipv6.conf.default.stable_secret=fd00:0:0:0:0:0:0:{{ ip_suffix }}
# {{ ansible_managed }}
# https://developer.gnome.org/NetworkManager/stable/nm-settings-ifcfg-rh.html
#
{% if ansible_default_ipv6.interface.startswith('en') %}
DEVICE={{ ansible_default_ipv6.interface }}
HWADDR={{ ansible_default_ipv6.macaddress }}
{% else %}
DEVICE={{ ansible_default_ipv4.interface }}
HWADDR={{ ansible_default_ipv4.macaddress }}
{% endif %}
AUTOCONNECT_PRIORITY=500
BOOTPROTO=dhcp
BROWSER_ONLY=no
DEFROUTE=yes
DHCP_SEND_HOSTNAME=no
ETHTOOL_OPTS="autoneg on"
GATEWAY={{ gw4 }}
IPV4_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_PRIVACY=no
IPV6_PRIVACY_PREFER_PUBLIC_IP=yes
NAME=KITnet
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
PROXY_METHOD=none
TYPE=Ethernet
# ZONE=
{% for dns in dns4 %}
DNS{{ loop.index }}={{ dns }}
{% endfor %}
DOMAIN="{{ domains | join(' ')}}"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment