From 2454b7a82b277ffe97b1ad235424423e7526764f Mon Sep 17 00:00:00 2001
From: jack <e601809@gmail.com>
Date: Wed, 3 Aug 2016 00:22:49 +0300
Subject: [PATCH 1/3] Configure IPv6 on the VPN #8

---
 .gitignore               |  1 +
 config.cfg               |  5 +++-
 digiocean.yml            | 51 ++++++++++++++++++++++++++++++++++++++++
 inventory_users          |  3 +++
 templates/20-ipv6.cfg.j2 |  6 +++++
 templates/ipsec.conf.j2  |  2 +-
 6 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 templates/20-ipv6.cfg.j2

diff --git a/.gitignore b/.gitignore
index a309864..82ef7f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 configs/*.mobileconfig
 configs/*.p12
 configs/*.crt
+configs/*.tmp
diff --git a/config.cfg b/config.cfg
index 2c6c6c1..d8a8780 100644
--- a/config.cfg
+++ b/config.cfg
@@ -10,8 +10,11 @@ easyrsa_reinit_existent: True
 
 dns_servers:
   - 8.8.8.8
-  - 8.8.4.4  
+  - 8.8.4.4
+  - 2001:4860:4860::8888
+  - 2001:4860:4860::8844
 vpn_network: 10.19.48.0/24
+vpn_network_ipv6: fd9d:bc11:4021:69ce::/64
 server_name: "{{ ansible_ssh_host }}"
 
 users:
diff --git a/digiocean.yml b/digiocean.yml
index a100dd0..7f99629 100644
--- a/digiocean.yml
+++ b/digiocean.yml
@@ -83,5 +83,56 @@
 
   - name: Wait for SSH to become available
     local_action: "wait_for port=22 host={{ do.droplet.ip_address }} timeout=320"
+    
+  - name: Enable IPv6 on the droplet
+    uri:
+      url: "https://api.digitalocean.com/v2/droplets/{{ do.droplet.id }}/actions"
+      method: POST
+      body:
+        type: enable_ipv6
+      body_format: json
+      status_code: 201
+      HEADER_Authorization: "Bearer {{ do_access_token }}"
+      HEADER_Content-Type: "application/json"
+      
+  - name: Get Droplet networks
+    uri:
+      url: "https://api.digitalocean.com/v2/droplets/{{ do.droplet.id }}"
+      method: GET
+      status_code: 200
+      HEADER_Authorization: "Bearer {{ do_access_token }}"
+      HEADER_Content-Type: "application/json"
+    register: droplet_info
+    
+  - name: IPv6 template created
+    template: src=20-ipv6.cfg.j2 dest=configs/20-ipv6.tmp
+    with_items: "{{ droplet_info.json.droplet.networks.v6 }}"
+
+- name: Post-provisioning tasks
+  hosts: vpn-host
+  gather_facts: false
+  user: root
+  vars_files:
+    - config.cfg
+    
+  pre_tasks:
+    - name: Install prerequisites
+      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
+    - name: Configure defaults
+      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1    
+    
+  tasks:  
+    - name: IPv6 configured
+      copy: src=configs/20-ipv6.tmp dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644
+      
+    - name: IPv6 included into the network config
+      lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/20-ipv6.cfg' state=present
+      
+    - name: IPV6 is running
+      shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'
+
+    - name: Wait for SSH to become available
+      local_action: "wait_for port=22 host={{ inventory_hostname }} timeout=320"
+      become: false
 
 
diff --git a/inventory_users b/inventory_users
index cafed48..efb24e6 100644
--- a/inventory_users
+++ b/inventory_users
@@ -1 +1,4 @@
 [user-management]
+146.185.137.4
+95.85.28.206
+95.85.28.231
diff --git a/templates/20-ipv6.cfg.j2 b/templates/20-ipv6.cfg.j2
new file mode 100644
index 0000000..7db27bb
--- /dev/null
+++ b/templates/20-ipv6.cfg.j2
@@ -0,0 +1,6 @@
+iface eth0 inet6 static
+        address {{ item.ip_address }}
+        netmask {{ item.netmask }}
+        gateway {{ item.gateway }}
+        autoconf 0
+        dns-nameservers 2001:4860:4860::8844 2001:4860:4860::8888
diff --git a/templates/ipsec.conf.j2 b/templates/ipsec.conf.j2
index aadccda..8bb6181 100644
--- a/templates/ipsec.conf.j2
+++ b/templates/ipsec.conf.j2
@@ -22,7 +22,7 @@ conn %default
 
     right=%any
     rightauth=pubkey
-    rightsourceip="{{ vpn_network }}"
+    rightsourceip={{ vpn_network }},{{ vpn_network_ipv6 }}
 {% if service_dns is defined and service_dns == "N" %}
     rightdns={% for host in dns_servers %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}
 {% else %}    

From be146f3fd3ff3baca6caf2a6576f2117804a91fd Mon Sep 17 00:00:00 2001
From: jack <e601809@gmail.com>
Date: Wed, 3 Aug 2016 00:25:59 +0300
Subject: [PATCH 2/3] clean up

---
 inventory_users | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/inventory_users b/inventory_users
index efb24e6..cafed48 100644
--- a/inventory_users
+++ b/inventory_users
@@ -1,4 +1 @@
 [user-management]
-146.185.137.4
-95.85.28.206
-95.85.28.231

From 33c27eff1c45c60d794810a80dd0b0b0a3bf4f3f Mon Sep 17 00:00:00 2001
From: jack <e601809@gmail.com>
Date: Wed, 3 Aug 2016 00:26:13 +0300
Subject: [PATCH 3/3] clean up

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 82ef7f8..7d9d96c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ configs/*.mobileconfig
 configs/*.p12
 configs/*.crt
 configs/*.tmp
+inventory_users