systemd_networkd(role),router(host): support global config to fix forw.

With the router upgrade to Debian 13 the systemd version got upgraded as well breaking the current configuration for IP forwarding. Add a variable for global systemd-networkd configuration and use that to enable IPv4 and IPv6 forwarding on the router. The systemd_networkd role could be a bit nicer, not deploying/deleting the global configuration, if the variable is empty and reloading/restarting systemd-networkd at appropriate times. But as is works for now.
2026-01-18 19:21:33 +01:00 · 2026-01-18 19:21:33 +01:00 · d514688574
commit d514688574
parent d7b463ecb9
7 changed files with 28 additions and 4 deletions
--- a/inventories/chaosknoten/host_vars/router.yaml
+++ b/inventories/chaosknoten/host_vars/router.yaml
@ -1,4 +1,5 @@
 systemd_networkd__config_dir: 'resources/chaosknoten/router/systemd_networkd/'
+systemd_networkd__global_config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/systemd_networkd_global_config.conf') }}"
 nftables__config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/nftables/nftables.conf') }}"
 ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
 ansible_pull__timer_randomized_delay_sec: 0min
--- a/resources/chaosknoten/router/systemd_networkd/20-net1.network
+++ b/resources/chaosknoten/router/systemd_networkd/20-net1.network
@ -3,7 +3,6 @@ Name=net1

 [Network]
 DNS=212.12.50.158
-IPForward=ipv4
 IPv6AcceptRA=no

 [Address]
@ -11,4 +10,3 @@ Address=212.12.48.123/24

 [Route]
 Gateway=212.12.48.55
-
--- a/resources/chaosknoten/router/systemd_networkd/20-net2.network
+++ b/resources/chaosknoten/router/systemd_networkd/20-net2.network
@ -3,7 +3,6 @@ Name=net2

 [Network]
 #DNS=212.12.50.158
-IPForward=ipv6
 IPv6AcceptRA=no

 [Address]
@ -11,4 +10,3 @@ Address=2a00:14b0:4200:3500::130:2/112

 [Route]
 Gateway=2a00:14b0:4200:3500::130:1
-
--- a/resources/chaosknoten/router/systemd_networkd_global_config.conf
+++ b/resources/chaosknoten/router/systemd_networkd_global_config.conf
@ -0,0 +1,3 @@
+[Network]
+IPv4Forwarding=true
+IPv6Forwarding=true
--- a/roles/systemd_networkd/README.md
+++ b/roles/systemd_networkd/README.md
@ -9,3 +9,8 @@ Should work on Debian-based distributions.
 ## Required Arguments

 - `systemd_networkd__config_dir`: Directory with systemd-networkd configs to deploy.
+
+## Optional Arguments
+
+- `systemd_networkd__global_config`: systemd-networkd global configuration to deploy (see `man 5 networkd.conf`).  
+  Defaults to `` (the empty string);
--- a/roles/systemd_networkd/defaults/main.yaml
+++ b/roles/systemd_networkd/defaults/main.yaml
@ -0,0 +1 @@
+systemd_networkd__global_config: ""
--- a/roles/systemd_networkd/tasks/main.yaml
+++ b/roles/systemd_networkd/tasks/main.yaml
@ -12,3 +12,21 @@
    recursive: true
    delete: true
  become: true
+
+- name: ensure global systemd-networkd config directory exists
+  ansible.builtin.file:
+    path: "/etc/systemd/networkd.conf.d"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  become: true
+
+- name: ensure global systemd-networkd config is deployed
+  ansible.builtin.copy:
+    content: "{{ systemd_networkd__global_config }}"
+    dest: "/etc/systemd/networkd.conf.d/20-ansible.conf"
+    mode: "0644"
+    owner: root
+    group: root
+  become: true