Upload Ansible Files

2024-05-08 13:03:34 +02:00
parent 56902d524e
commit 9b520fbcfb
44 changed files with 1334 additions and 0 deletions
@@ -0,0 +1,130 @@
+# - name: Install Pfsense-Sudo Package
+#   ansible.builtin.shell:
+#     cmd:  pkg install -y pfsense-pkg-sudo
+
+- name: Set Hostname to "{{ kundenkürzel }}-ROU01"
+  pfsensible.core.pfsense_setup:
+    hostname: "{{ kundenkürzel }}-ROU01"
+    domain: "{{ kundendomain }}"
+
+- name: Set timezone and language
+  pfsensible.core.pfsense_setup:
+    timezone: Europe/Berlin
+    language: de_DE
+
+- name: Enable Interface vtnet1 (Privat-Network)
+  pfsensible.core.pfsense_interface:
+      descr: LAN
+      interface: vtnet1
+      ipv4_address: "{{ privatip }}.1"
+      ipv4_prefixlen: 24
+      ipv4_type: static
+      enable: true
+
+- name: "Add NAT port 25 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 25'
+    interface: wan
+    source: any
+    destination: any:25
+    target: "{{ privatip }}.2:25"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 80 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 80'
+    interface: wan
+    source: any
+    destination: any:80
+    target: "{{ privatip }}.3:80"
+    associated_rule: associated
+    state: present
+    
+- name: "Add NAT port 443 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 443'
+    interface: wan
+    source: any
+    destination: any:443
+    target: "{{ privatip }}.3:443"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 465 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 465'
+    interface: wan
+    source: any
+    destination: any:465
+    target: "{{ privatip }}.2:465"
+    associated_rule: associated
+    state: present
+    
+- name: "Add NAT port 993 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 993'
+    interface: wan
+    source: any
+    destination: any:993
+    target: "{{ privatip }}.2:993"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 587 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 587'
+    interface: wan
+    source: any
+    destination: any:587
+    target: "{{ privatip }}.2:587"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 4500 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 4500'
+    interface: wan
+    source: any
+    destination: any:4500
+    target: "{{ privatip }}.1:4500"
+    associated_rule: associated
+    state: present
+    protocol: udp
+
+- name: "Add NAT port 500 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 500'
+    interface: wan
+    source: any
+    destination: any:500
+    target: "{{ privatip }}.1:500"
+    associated_rule: associated
+    state: present
+    protocol: udp
+
+- name: Add IPSEC "{{ kundenkürzel }} - Tunnel"
+  pfsensible.core.pfsense_ipsec:
+    state: present
+    descr: "{{ kundenkürzel }} - Tunnel"
+    interface: wan
+    remote_gateway: "{{ kunde_public_ip }}"
+    iketype: ikev1
+    mode: main
+    authentication_method: pre_shared_key
+    preshared_key: "{{ lookup('community.general.random_string', base64=True, length=32) }}"
+
+- name: Add Phases 1 to IPSEC "{{ kundenkürzel }} - Tunnel"
+  pfsensible.core.pfsense_ipsec_p2:
+    p1_descr: "{{ kundenkürzel }} - Tunnel"
+    descr: "{{ kundenkürzel }} - Phase 2"
+    state: present
+    apply: False  
+    mode: tunnel
+    local: "{{ privatip }}.1/24"
+    remote: "{{ kundennetz }}/24"
+    aes: True
+    aes256gcm: true
+    aes_len: auto
+    aes256gcm_len: auto
+    sha256: True