+require "yaml"
+
+package "netplan.io"
+
+netplan = {
+ "network" => {
+ "version" => 2,
+ "renderer" => "networkd",
+ "ethernets" => {},
+ "bonds" => {},
+ "vlans" => {}
+ }
+}
+
+node[:networking][:interfaces].each do |name, interface|
+ if interface[:interface]
+ if interface[:role] && (role = node[:networking][:roles][interface[:role]])
+ if role[interface[:family]]
+ node.default[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix]
+ node.default[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway]
+ node.default[:networking][:interfaces][name][:routes] = role[interface[:family]][:routes]
+ end
+
+ node.default[:networking][:interfaces][name][:metric] = role[:metric]
+ node.default[:networking][:interfaces][name][:zone] = role[:zone]
+ end
+
+ if interface[:address]
+ prefix = node[:networking][:interfaces][name][:prefix]
+
+ node.default[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
+ node.default[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
+ end
+
+ interface = node[:networking][:interfaces][name]
+
+ deviceplan = if interface[:interface] =~ /^(.*)\.(\d+)$/
+ netplan["network"]["vlans"][interface[:interface]] ||= {
+ "id" => Regexp.last_match(2).to_i,
+ "link" => Regexp.last_match(1),
+ "accept-ra" => false,
+ "addresses" => [],
+ "routes" => []
+ }
+ elsif interface[:interface] =~ /^bond\d+$/
+ netplan["network"]["bonds"][interface[:interface]] ||= {
+ "accept-ra" => false,
+ "addresses" => [],
+ "routes" => []
+ }
+ else
+ netplan["network"]["ethernets"][interface[:interface]] ||= {
+ "accept-ra" => false,
+ "addresses" => [],
+ "routes" => []
+ }
+ end
+
+ if interface[:address]
+ deviceplan["addresses"].push("#{interface[:address]}/#{prefix}")
+ end
+
+ if interface[:mtu]
+ deviceplan["mtu"] = interface[:mtu]
+ end
+
+ if interface[:bond]
+ deviceplan["interfaces"] = interface[:bond][:slaves].to_a
+
+ deviceplan["parameters"] = {
+ "mode" => interface[:bond][:mode] || "active-backup",
+ "primary" => interface[:bond][:slaves].first,
+ "mii-monitor-interval" => interface[:bond][:miimon] || 100,
+ "down-delay" => interface[:bond][:downdelay] || 200,
+ "up-delay" => interface[:bond][:updelay] || 200
+ }
+
+ deviceplan["parameters"]["transmit-hash-policy"] = interface[:bond][:xmithashpolicy] if interface[:bond][:xmithashpolicy]
+ deviceplan["parameters"]["lacp-rate"] = interface[:bond][:lacprate] if interface[:bond][:lacprate]
+ end
+
+ if interface[:gateway]
+ if interface[:family] == "inet"
+ default_route = "0.0.0.0/0"
+ elsif interface[:family] == "inet6"
+ default_route = "::/0"
+ end
+
+ deviceplan["routes"].push(
+ "to" => default_route,
+ "via" => interface[:gateway],
+ "metric" => interface[:metric],
+ "on-link" => true
+ )
+
+ # This ordering relies on systemd-networkd adding routes
+ # in reverse order and will need moving before the previous
+ # route once that is fixed:
+ #
+ # https://github.com/systemd/systemd/issues/5430
+ # https://github.com/systemd/systemd/pull/10938
+ if interface[:family] == "inet6" &&
+ !interface[:network].include?(interface[:gateway]) &&
+ !IPAddr.new("fe80::/64").include?(interface[:gateway])
+ deviceplan["routes"].push(
+ "to" => interface[:gateway],
+ "scope" => "link"
+ )
+ end
+
+ if interface[:role] == "internal" && interface[:gateway] != interface[:address]
+ search(:node, "networking_interfaces*address:#{interface[:gateway]}") do |gateway|
+ next unless gateway[:openvpn]
+
+ gateway[:openvpn][:tunnels].each_value do |tunnel|
+ if tunnel[:peer][:address]
+ deviceplan["routes"].push(
+ "to" => "#{tunnel[:peer][:address]}/32",
+ "via" => interface[:gateway]
+ )
+
+ route tunnel[:peer][:address] do
+ netmask "255.255.255.255"
+ gateway interface[:gateway]
+ device interface[:interface]
+ end
+ end
+
+ next unless tunnel[:peer][:networks]
+
+ tunnel[:peer][:networks].each do |network|
+ prefix = IPAddr.new("#{network[:address]}/#{network[:netmask]}").prefix
+
+ deviceplan["routes"].push(
+ "to" => "#{network[:address]}/#{prefix}",
+ "via" => interface[:gateway]
+ )
+
+ route network[:address] do
+ netmask network[:netmask]
+ gateway interface[:gateway]
+ device interface[:interface]
+ end
+ end
+ end
+ end
+ end
+ end