feat: internet access to the private compute instances

2025-12-30 14:45:11 -05:00
parent 61e0166ee6
commit 32580ec4a5
4 changed files with 56 additions and 4 deletions
--- a/playbooks/configure_nat.yml
+++ b/playbooks/configure_nat.yml
@@ -2,4 +2,21 @@
  hosts: gateways
  gather_facts: false
  tasks:
-    - ansible.builtin.raw: hostname -I
+    - name: Enable IPv4 forwarding.
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: true
+
+    - name: Update and upgrade packages.
+      ansible.builtin.apt:
+        update_cache: true
+        upgrade: true
+
+    - name: Add routing.
+      ansible.builtin.iptables:
+        table: nat
+        chain: POSTROUTING
+        source: 10.0.0.0/16
+        out_interface: eth0
+        jump: MASQUERADE
--- a/playbooks/configure_servers.yml
+++ b/playbooks/configure_servers.yml
@@ -0,0 +1,36 @@
+- name: Configure NAT
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Uninstall Hetzner Cloud Utils.
+      ansible.builtin.apt:
+        state: absent
+        name: [hc-utils]
+
+    - name: Check if default route exists.
+      ansible.builtin.command: ip route
+      changed_when: "'default' in route_output.stdout"
+      register: route_output
+      notify:
+        - Disable default IP route.
+
+    - name: Configure networking.
+      ansible.builtin.blockinfile:
+        path: /etc/network/interfaces
+        marker: "# {mark} CONFIGURE NETWORKING"
+        block: |
+          auto enp7s0
+          iface enp7s0 inet dhcp
+              post-up ip route add default via 10.0.0.1
+          dns-nameservers 8.8.8.8 1.1.1.1
+
+    - name: Restart networking module.
+      ansible.builtin.systemd:
+        state: restarted
+        name: networking
+
+  handlers:
+    - name: Disable default IP route.
+      ansible.builtin.command:
+        ip route del default
+      changed_when: true