From 41d6fb0ff1ee7d14b9fa73e52b8d692cfe7ecf84 Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Sat, 30 Sep 2017 14:36:48 +0200
Subject: [PATCH] Add role system-sysctl-gateway

---
 playbooks/gateways.yml                     |  1 +
 roles/system-sysctl-gateway/README.md      | 12 ++++++++
 roles/system-sysctl-gateway/tasks/main.yml |  7 +++++
 roles/system-sysctl-gateway/vars/main.yml  | 34 ++++++++++++++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 roles/system-sysctl-gateway/README.md
 create mode 100644 roles/system-sysctl-gateway/tasks/main.yml
 create mode 100644 roles/system-sysctl-gateway/vars/main.yml

diff --git a/playbooks/gateways.yml b/playbooks/gateways.yml
index b9dc606..3ae578b 100755
--- a/playbooks/gateways.yml
+++ b/playbooks/gateways.yml
@@ -25,3 +25,4 @@
     - service-bird-icvpn
     - service-bird-ffrl
     - service-rclocal
+    - system-sysctl-gateway
diff --git a/roles/system-sysctl-gateway/README.md b/roles/system-sysctl-gateway/README.md
new file mode 100644
index 0000000..13c5d33
--- /dev/null
+++ b/roles/system-sysctl-gateway/README.md
@@ -0,0 +1,12 @@
+# Ansible role system-sysctl-gateway
+Diese Ansible role setzt Freifunk Gateway spezifische sysctl-Parameter.
+
+## Benötigte Variablen
+- List `sysctl_settings_gateway` (Rollen-Variable)
+```
+sysctl_settings_gateway:
+  - name:	# sysctl-Parameter
+    value:      # zu setzender Wert
+...
+
+´´´
diff --git a/roles/system-sysctl-gateway/tasks/main.yml b/roles/system-sysctl-gateway/tasks/main.yml
new file mode 100644
index 0000000..f46d562
--- /dev/null
+++ b/roles/system-sysctl-gateway/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+- name: set freifunk gateway sysctl settings
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+  with_items: "{{ sysctl_settings_gateway }}"
diff --git a/roles/system-sysctl-gateway/vars/main.yml b/roles/system-sysctl-gateway/vars/main.yml
new file mode 100644
index 0000000..c0e4223
--- /dev/null
+++ b/roles/system-sysctl-gateway/vars/main.yml
@@ -0,0 +1,34 @@
+---
+sysctl_settings_gateway:
+  - name: net.ipv4.ip_forward
+    value: 1
+  - name: net.ipv4.conf.default.rp_filter
+    value: 0
+  - name: net.ipv4.conf.all.rp_filter
+    value: 0
+  - name: net.ipv4.neigh.default.gc_thresh1
+    value: 1024
+  - name: net.ipv4.neigh.default.gc_thresh2
+    value: 2048
+  - name: net.ipv4.neigh.default.gc_thresh3
+    value: 4096
+  - name: net.netfilter.nf_conntrack_tcp_timeout_established
+    value: 86400
+  - name: net.netfilter.nf_conntrack_max
+    value: 262140
+  - name: net.ipv6.conf.all.forwarding
+    value: 1
+  - name: net.ipv6.conf.all.autoconf
+    value: 0
+  - name: net.ipv6.conf.default.autoconf
+    value: 0
+  - name: net.ipv6.conf.all.accept_ra
+    value: 0
+  - name: net.ipv6.conf.default.accept_ra
+    value: 0
+  - name: net.ipv6.neigh.default.gc_thresh1
+    value: 1024
+  - name: net.ipv6.neigh.default.gc_thresh2
+    value: 2048
+  - name: net.ipv6.neigh.default.gc_thresh3
+    value: 4096