Add role system-sysctl-gateway

playbooks/gateways.yml

@@ -25,3 +25,4 @@
     - service-bird-icvpn
     - service-bird-ffrl
     - service-rclocal
+    - system-sysctl-gateway

roles/system-sysctl-gateway/README.md

@@ -0,0 +1,12 @@
+# Ansible role system-sysctl-gateway
+Diese Ansible role setzt Freifunk Gateway spezifische sysctl-Parameter.
+
+## Benötigte Variablen
+- List `sysctl_settings_gateway` (Rollen-Variable)
+```
+sysctl_settings_gateway:
+  - name:	# sysctl-Parameter
+    value:      # zu setzender Wert
+...
+
+´´´

roles/system-sysctl-gateway/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- name: set freifunk gateway sysctl settings
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+  with_items: "{{ sysctl_settings_gateway }}"

roles/system-sysctl-gateway/vars/main.yml

@@ -0,0 +1,34 @@
+---
+sysctl_settings_gateway:
+  - name: net.ipv4.ip_forward
+    value: 1
+  - name: net.ipv4.conf.default.rp_filter
+    value: 0
+  - name: net.ipv4.conf.all.rp_filter
+    value: 0
+  - name: net.ipv4.neigh.default.gc_thresh1
+    value: 1024
+  - name: net.ipv4.neigh.default.gc_thresh2
+    value: 2048
+  - name: net.ipv4.neigh.default.gc_thresh3
+    value: 4096
+  - name: net.netfilter.nf_conntrack_tcp_timeout_established
+    value: 86400
+  - name: net.netfilter.nf_conntrack_max
+    value: 262140
+  - name: net.ipv6.conf.all.forwarding
+    value: 1
+  - name: net.ipv6.conf.all.autoconf
+    value: 0
+  - name: net.ipv6.conf.default.autoconf
+    value: 0
+  - name: net.ipv6.conf.all.accept_ra
+    value: 0
+  - name: net.ipv6.conf.default.accept_ra
+    value: 0
+  - name: net.ipv6.neigh.default.gc_thresh1
+    value: 1024
+  - name: net.ipv6.neigh.default.gc_thresh2
+    value: 2048
+  - name: net.ipv6.neigh.default.gc_thresh3
+    value: 4096