+ if interface[:address]
+ prefix = node[:networking][:interfaces][name][:prefix]
+
+ node.default[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
+ node.default[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
+ end
+
+ interface = node[:networking][:interfaces][name]
+
+ deviceplan = if interface[:interface] =~ /^(.*)\.(\d+)$/
+ netplan["network"]["vlans"][interface[:interface]] ||= {
+ "id" => Regexp.last_match(2).to_i,
+ "link" => Regexp.last_match(1),
+ "accept-ra" => false,
+ "addresses" => [],
+ "routes" => []
+ }
+ elsif interface[:interface] =~ /^bond\d+$/
+ netplan["network"]["bonds"][interface[:interface]] ||= {
+ "accept-ra" => false,
+ "addresses" => [],
+ "routes" => []
+ }
+ else
+ netplan["network"]["ethernets"][interface[:interface]] ||= {
+ "accept-ra" => false,
+ "addresses" => [],
+ "routes" => []
+ }
+ end
+
+ if interface[:address]
+ deviceplan["addresses"].push("#{interface[:address]}/#{prefix}")
+ end
+
+ if interface[:mtu]
+ deviceplan["mtu"] = interface[:mtu]
+ end
+
+ if interface[:bond]
+ deviceplan["interfaces"] = interface[:bond][:slaves].to_a
+
+ deviceplan["parameters"] = {
+ "mode" => interface[:bond][:mode] || "active-backup",
+ "primary" => interface[:bond][:slaves].first,
+ "mii-monitor-interval" => interface[:bond][:miimon] || 100,
+ "down-delay" => interface[:bond][:downdelay] || 200,
+ "up-delay" => interface[:bond][:updelay] || 200
+ }
+
+ deviceplan["parameters"]["transmit-hash-policy"] = interface[:bond][:xmithashpolicy] if interface[:bond][:xmithashpolicy]
+ deviceplan["parameters"]["lacp-rate"] = interface[:bond][:lacprate] if interface[:bond][:lacprate]
+ end
+
+ if interface[:gateway]
+ if interface[:family] == "inet"
+ default_route = "0.0.0.0/0"
+ elsif interface[:family] == "inet6"
+ default_route = "::/0"
+ end
+
+ deviceplan["routes"].push(
+ "to" => default_route,
+ "via" => interface[:gateway],
+ "metric" => interface[:metric],
+ "on-link" => true
+ )
+
+ # This ordering relies on systemd-networkd adding routes
+ # in reverse order and will need moving before the previous
+ # route once that is fixed:
+ #
+ # https://github.com/systemd/systemd/issues/5430
+ # https://github.com/systemd/systemd/pull/10938
+ if interface[:family] == "inet6" &&
+ !interface[:network].include?(interface[:gateway]) &&
+ !IPAddr.new("fe80::/64").include?(interface[:gateway])
+ deviceplan["routes"].push(
+ "to" => interface[:gateway],
+ "scope" => "link"
+ )
+ end
+
+ if interface[:role] == "internal" && interface[:gateway] != interface[:address]
+ search(:node, "networking_interfaces*address:#{interface[:gateway]}") do |gateway|
+ next unless gateway[:openvpn]
+
+ gateway[:openvpn][:tunnels].each_value do |tunnel|
+ if tunnel[:peer][:address]
+ deviceplan["routes"].push(
+ "to" => "#{tunnel[:peer][:address]}/32",
+ "via" => interface[:gateway]
+ )
+
+ route tunnel[:peer][:address] do
+ netmask "255.255.255.255"
+ gateway interface[:gateway]
+ device interface[:interface]
+ end
+ end
+
+ next unless tunnel[:peer][:networks]
+
+ tunnel[:peer][:networks].each do |network|
+ prefix = IPAddr.new("#{network[:address]}/#{network[:netmask]}").prefix
+
+ deviceplan["routes"].push(
+ "to" => "#{network[:address]}/#{prefix}",
+ "via" => interface[:gateway]
+ )
+
+ route network[:address] do
+ netmask network[:netmask]
+ gateway interface[:gateway]
+ device interface[:interface]
+ end
+ end
+ end
+ end
+ end
+ end
+
+ if interface[:routes]
+ interface[:routes].each do |to, parameters|
+ route = {
+ "to" => to
+ }
+
+ route["type"] = parameters[:type] if parameters[:type]
+ route["via"] = parameters[:via] if parameters[:via]
+ route["metric"] = parameters[:metric] if parameters[:metric]
+
+ deviceplan["routes"].push(route)
+ end
+ end
+ else
+ node.rm(:networking, :interfaces, name)
+ end
+end
+
+netplan["network"]["bonds"].each_value do |bond|
+ bond["interfaces"].each do |interface|
+ netplan["network"]["ethernets"][interface] ||= { "accept-ra" => false }
+ end
+end
+
+netplan["network"]["vlans"].each_value do |vlan|
+ unless vlan["link"] =~ /^bond\d+$/
+ netplan["network"]["ethernets"][vlan["link"]] ||= { "accept-ra" => false }