feat: internet access to the private compute instances

2025-12-30 14:45:11 -05:00
parent 61e0166ee6
commit 32580ec4a5
4 changed files with 56 additions and 4 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -5,6 +5,7 @@ tasks:
  tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
  tf:destroy: ansible-playbook playbooks/destroy.yml {{.CLI_ARGS}}
  configure-nat: ansible-playbook playbooks/configure_nat.yml {{.CLI_ARGS}}
+  configure-servers: ansible-playbook playbooks/configure_servers.yml {{.CLI_ARGS}}

  enter:
    cmd: ssh -i {{.KEY}} -p 22 root@{{.IP}}
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -4,9 +4,7 @@ inventory = inventory.cfg
 localhost_warning = False
 vault_password_file = vault.key
 interpreter_python = /usr/bin/python3.11
-
-[inventory]
-inventory_unparsed_warning = False
+deprecation_warnings=False

 [ssh_connection]
 ssh_args = -F secrets/ssh.cfg -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
--- a/playbooks/configure_nat.yml
+++ b/playbooks/configure_nat.yml
@@ -2,4 +2,21 @@
  hosts: gateways
  gather_facts: false
  tasks:
-    - ansible.builtin.raw: hostname -I
+    - name: Enable IPv4 forwarding.
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: true
+
+    - name: Update and upgrade packages.
+      ansible.builtin.apt:
+        update_cache: true
+        upgrade: true
+
+    - name: Add routing.
+      ansible.builtin.iptables:
+        table: nat
+        chain: POSTROUTING
+        source: 10.0.0.0/16
+        out_interface: eth0
+        jump: MASQUERADE
--- a/playbooks/configure_servers.yml
+++ b/playbooks/configure_servers.yml
@@ -0,0 +1,36 @@
+- name: Configure NAT
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Uninstall Hetzner Cloud Utils.
+      ansible.builtin.apt:
+        state: absent
+        name: [hc-utils]
+
+    - name: Check if default route exists.
+      ansible.builtin.command: ip route
+      changed_when: "'default' in route_output.stdout"
+      register: route_output
+      notify:
+        - Disable default IP route.
+
+    - name: Configure networking.
+      ansible.builtin.blockinfile:
+        path: /etc/network/interfaces
+        marker: "# {mark} CONFIGURE NETWORKING"
+        block: |
+          auto enp7s0
+          iface enp7s0 inet dhcp
+              post-up ip route add default via 10.0.0.1
+          dns-nameservers 8.8.8.8 1.1.1.1
+
+    - name: Restart networking module.
+      ansible.builtin.systemd:
+        state: restarted
+        name: networking
+
+  handlers:
+    - name: Disable default IP route.
+      ansible.builtin.command:
+        ip route del default
+      changed_when: true