diff --git a/roles/core/network/files/FreeBSD/router.rc b/roles/core/network/files/FreeBSD/router.rc new file mode 100644 --- /dev/null +++ b/roles/core/network/files/FreeBSD/router.rc @@ -0,0 +1,16 @@ +# ------------------------------------------------------------- +# Network — rc configuration +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Project: Nasqueron +# License: Trivial work, not eligible to copyright +# Source file: roles/core/network/files/FreeBSD/router.rc +# ------------------------------------------------------------- +# +# +# This file is managed by our rOPS SaltStack repository. +# +# Changes to this file may cause incorrect behavior +# and will be lost if the state is redeployed. +# + +gateway_enable="YES" diff --git a/roles/core/network/routes.sls b/roles/core/network/routes.sls --- a/roles/core/network/routes.sls +++ b/roles/core/network/routes.sls @@ -19,6 +19,21 @@ - context: routes: {{ salt["node.get_routes"]() }} +# ------------------------------------------------------------- +# Enable packet forwarding for routers +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +{% if "router" in grains['roles'] %} +{% if grains['os'] == 'FreeBSD' %} + +/etc/rc.d/routing/router: + file.managed: + - source: salt://roles/core/network/files/FreeBSD/router.rc + - makedirs: True + +{% endif %} +{% endif %} + # ------------------------------------------------------------- # Systemd unit for Linux systems using our /etc/routes.conf # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/roles/core/sysctl/files/sysctl.conf b/roles/core/sysctl/files/sysctl.conf --- a/roles/core/sysctl/files/sysctl.conf +++ b/roles/core/sysctl/files/sysctl.conf @@ -13,13 +13,7 @@ # Changes to this file may cause incorrect behavior # and will be lost if the state is redeployed. # -{% if is_router %} -# ------------------------------------------------------------- -# Network -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -net.inet.ip.forwarding=1 -{% endif %} # ------------------------------------------------------------- # VFS — kernel interface to file systems # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/roles/core/sysctl/init.sls b/roles/core/sysctl/init.sls --- a/roles/core/sysctl/init.sls +++ b/roles/core/sysctl/init.sls @@ -18,6 +18,5 @@ - context: use_zfs: {{ use_zfs }} mem: {{ grains['mem_total'] }} - is_router: {{ "router" in grains['roles'] }} {% endif %}