--- - name: FreeBSD | Install prerequisites package: name: - python3 - sudo vars: ansible_python_interpreter: /usr/local/bin/python2.7 - name: Set python3 as the interpreter to use set_fact: ansible_python_interpreter: /usr/local/bin/python3 - name: Gather facts setup: - name: Gather additional facts import_tasks: facts.yml - name: Set OS specific facts set_fact: config_prefix: /usr/local/ strongswan_shell: /usr/sbin/nologin strongswan_home: /var/empty root_group: wheel ssh_service_name: sshd apparmor_enabled: false strongswan_additional_plugins: - kernel-pfroute - kernel-pfkey tools: - git - subversion - screen - coreutils - openssl - bash - wget sysctl: - item: net.inet.ip.forwarding value: 1 - item: "{{ 'net.inet6.ip6.forwarding' if ipv6_support else none }}" value: 1 - name: Install tools package: name="{{ item }}" state=present with_items: - "{{ tools|default([]) }}" - name: Loopback included into the rc config blockinfile: dest: /etc/rc.conf create: true block: | cloned_interfaces="lo100" ifconfig_lo100="inet {{ local_service_ip }} netmask 255.255.255.255" ifconfig_lo100_ipv6="inet6 {{ local_service_ipv6 }}/128" notify: - restart loopback bsd - name: Enable the gateway features lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}' with_items: - { param: firewall_enable, value: '"YES"' } - { param: firewall_type, value: '"open"' } - { param: gateway_enable, value: '"YES"' } - { param: natd_enable, value: '"YES"' } - { param: natd_interface, value: '"{{ ansible_default_ipv4.device|default() }}"' } - { param: natd_flags, value: '"-dynamic -m"' } notify: - restart ipfw - name: FreeBSD | Activate IPFW shell: > kldstat -n ipfw.ko || kldload ipfw ; sysctl net.inet.ip.fw.enable=0 && bash /etc/rc.firewall && sysctl net.inet.ip.fw.enable=1 changed_when: false - meta: flush_handlers