finish

files/dnsmasq/dnsmasq.conf.j2

@@ -18,7 +18,7 @@ no-dhcp-interface=lo{% for br in bridges %}{% if not br.dhcp %},{{br.name}}{% en
 
 dhcp-range={{br.name}},{{br.dhcp.start}},{{br.dhcp.end}},{{br.dhcp.time}}
 
-{% if br.ipv6 %}
+{% if br.dhcpv6 %}
 dhcp-range=tag:{{br.name}},::,constructor:{{br.name}},ra-names,24h
 {% endif %}
 

files/interfaces.j2

@@ -60,6 +60,8 @@ bridge_stp on
 bridge_maxwait 3
 {% if br.type == "static" %}
 address {{br.address}}
+{% elif br.type == "dhcp" %}
+metric 9999
 {% endif %}
 post-up {{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}/post-up.sh
 pre-down {{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}/pre-down.sh

files/services/docker-compose.yml.j2

+version: '2.4'
+services:
+  dummy:
+    image: alpine
+    command: sleep infinity
+{% for br in bridges %}
+{% if br.dhcpv6 %}
+{% for ppp in ppps %}
+{% if ppp.dhcpv6 %}
+  dhcpv6-ppp{{ppp.id}}-{{br.name}}:
+    restart: always
+    image: git-registry.mycard.moe/nanahira/docker-dhcpv6-client
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+    environment:
+      WAN_INTERFACE: ppp{{ppp.id}}
+      LAN_INTERFACE: {{br.name}}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% for instance in services.ddns %}
+  ddns-{{instance.name}}:
+    restart: always
+    image: oznu/cloudflare-ddns
+    network_mode: host
+    environment:
+      EMAIL: {{instance.email}}
+      API_KEY: {{instance.apiKey}}
+      ZONE: {{instance.zone}}
+      SUBDOMAIN: {{instance.subdomain}}
+{% if instance.interface %}
+      INTERFACE: {{instance.interface}}
+{% endif %}
+      DNS_SERVER: 1.0.0.1
+{% if instance.ipv6 %}
+      RRTYPE: AAAA
+{% else %}
+      RRTYPE: A
+{% endif %}
+{% endfor %}
+{% for instance in services.tr069 %}
+  tr069-daemon-{{instance.interface}}:
+    restart: always
+    image: git-registry.mycard.moe/nanahira/tr069-daemon
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+    environment:
+      TRO69_INTERFACE: {{instance.interface}}
+      TABLE: {{instance.table}}
+{% endfor %}

files/utility.sh.j2

@@ -19,7 +19,7 @@ initialize_ipset() {
 {% for subnet in localnets %}
     ip rule add pref 80 to {{subnet}} lookup main && \
 {% endfor %}
-    ip rule add pref 80 172.16.0.0/12 lookup main
+    ip rule add pref 80 to 172.16.0.0/12 lookup main
   true
 }
 

network.yaml

@@ -65,16 +65,14 @@
         with_items: '{{bridges}}'
       - name: dhclient.conf
         become: true
-        blockinfile:
-          path: /etc/dhcp/dhclient.conf
-          block: |
-            {% for br in bridges %}
-            {% if br.type == "dhcp" %}
-            interface "{{br.name}}" {
-              request subnet-mask, broadcast-address;
-            }
-            {% endif %}
-            {% endfor %}
+        copy:
+          content: |
+            option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+            send host-name = gethostname();
+            request subnet-mask, broadcast-address;
+            timeout 300;
+
+          dest: /etc/dhcp/dhclient.conf
       - name: pppoe password
         become: true
         blockinfile:

services.yaml

@@ -14,6 +14,8 @@
         - my-card.in
         - mius.pro
     tasks:
+      - name: sysctl
+        include_tasks: ./tasks/sysctl.yaml
       - name: dnsmasq directory
         file:
           name: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq/smartdns'
@@ -42,6 +44,20 @@
         docker_compose:
           project_src: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq'
           remove_orphans: true
+      - name: other service directory
+        file:
+          name: '{{ansible_user_dir}}/nextgen-router/services/others'
+          state: directory
+          recurse: true
+      - name: service docker-compose
+        template:
+          src: ./files/services/docker-compose.yml.j2
+          dest: '{{ansible_user_dir}}/nextgen-router/services/others/docker-compose.yml'
+      - name: start services
+        docker_compose:
+          project_src: '{{ansible_user_dir}}/nextgen-router/services/others'
+          remove_orphans: true
+          pull: true
     handlers:
       - name: restart_dnsmasq
         docker_compose:

tasks/sysctl.yaml

@@ -53,7 +53,7 @@
     value: 2
     sysctl_set: true
   with_items: '{{bridges}}'
-  when: item.ipv6
+  when: item.dhcpv6
 - name: TCP BBR
   become: true
   sysctl:

variables.yaml

 vars:
   ansible_ssh_user: root
   localnets:
-    - 10.0.0.0/24
+    - 10.0.0.0/24 # 系统内的所有内网网段
   links:
-    - name: eno1
+    - name: eno1 # 物理网卡
   bonds:
-    - name: bond0
+    - name: bond0 # bond，一般用mode 4来LACP
       links:
         - eno1
       mode: 4
   vlans:
-    - link: bond0
+    - link: bond0 # vlan，只需要写link和tag，最后网卡名字会变成 link.tag
       tag: 2
     - link: bond0
       tag: 3
@@ -18,7 +18,7 @@ vars:
       tag: 41
     - link: bond0
       tag: 46
-  bridges:
+  bridges: # bridge，IP只能在这里配
     - name: brlan # 名称
       links:
         - bond0 # 上行链路
@@ -31,7 +31,7 @@ vars:
       up: echo "up" # 启动脚本和关闭脚本
       down: echo "down"
       mac: null # 自定义mac地址，否则bridge随机，注意dhcp会以原始mac请求dhcp，因此不建议dhcp模式使用
-      ipv6: true # DHCPv6落脚点，只能有1个LAN获得
+      dhcpv6: true # DHCPv6落脚点，只能有1个LAN获得
       dhcp: # 是否开启dhcp，不是的话直接没有这一栏
         start: 10.0.0.100
         end: 10.0.0.240
@@ -54,13 +54,14 @@ vars:
   ppps:
     - id: 0 # ppp id
       link: bond0.41 # 上行链路
-      username: user # 拨号用户名，密码在上面的pppoeUsers给出
+      username: user # 拨号用户名，密码在pppoeUsers给出
       mac: null # 给ISP看的mac地址，null为随机
-  pppoeUsers:
+      dhcpv6: false # 使用这里的DHCPv6，所有ppp只能有1个
+  pppoeUsers: # PPPoE帐号
     - username: user
       password: pass
   smartdns:
-    disable_ipv6: false
+    disable_ipv6: false # 是否禁用IPv6解析
     tls_dns:
       - 8.8.8.8
       - 1.1.1.1
@@ -70,3 +71,13 @@ vars:
     china_dns:
       - 114.114.114.114
       - 223.5.5.5
+  services:
+    tr069: [] # tr069 网卡名列表
+    ddns:
+      - name: test-ddns
+        email: name@example.com # cf邮箱
+        apiKey: qweqwe # api密钥
+        zone: mycard.moe # ddns主域名
+        subdomain: test # ddns子域名
+        ipv6: false # 是否解析ipv6
+        interface: brwan # 网卡名，可以是null，null则用公网解析结果