From bfbccb16d334af650601dfa7371a6d386cd1f5b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Max=20H=C3=B6sel?= <git@maxhoesel.de>
Date: Fri, 21 Jan 2022 19:39:48 +0100
Subject: [PATCH] feat(pterodactyl_wings): add ipv6 support (opt-in) (#24)

---
 roles/pterodactyl_wings/README.md             | 19 +++++++
 roles/pterodactyl_wings/defaults/main.yml     |  3 ++
 roles/pterodactyl_wings/handlers/main.yml     |  8 +++
 roles/pterodactyl_wings/tasks/docker.yml      |  4 ++
 roles/pterodactyl_wings/tasks/docker_ipv6.yml | 52 +++++++++++++++++++
 .../templates/docker-ipv6nat.service.j2       | 13 +++++
 6 files changed, 99 insertions(+)
 create mode 100644 roles/pterodactyl_wings/tasks/docker_ipv6.yml
 create mode 100644 roles/pterodactyl_wings/templates/docker-ipv6nat.service.j2

diff --git a/roles/pterodactyl_wings/README.md b/roles/pterodactyl_wings/README.md
index 08cd6c2..61d2a35 100644
--- a/roles/pterodactyl_wings/README.md
+++ b/roles/pterodactyl_wings/README.md
@@ -8,6 +8,7 @@ This role follows the official installation instructions on the pterodactyl [doc
 
 - The following distributions are currently supported:
   - Ubuntu 18.04 LTS or newer
+  - Newer debian distros should work too
   - There are no plans to support CentOS/RHEL-based distros right now
 - This role requires root access. Make sure to run this role with `become: yes` or equivalent
 - Docker is required to run Wings. If docker is not present, this role will install it automatically
@@ -40,6 +41,24 @@ This role follows the official installation instructions on the pterodactyl [doc
 - If this value is changed later, the role will automatically switch the installed Docker version. Note that this may cause downtime
 - Default: `stable`
 
+##### `pterodactyl_wings_docker_ipv6`
+- Whether to enable IPv6 support in docker using [docker-ipv6NAT](https://github.com/robbertkl/docker-ipv6nat#usage).
+  This allows you to connect to your containers using IPv6, as long as you have a correct allocation in pterodactyl
+  (0.0.0.0 works for me). See [this comment](https://github.com/pterodactyl/panel/issues/1778#issuecomment-619457907) for more details.
+- **WARNING**: Enabling IPv6 support using this approach requires a reboot - the role will perform this automatically.
+  **This may cause some downtime on the first run**.
+- Due to the "hacky" nature of this approach, it is disabled by default
+- Default: `false`
+
+##### `pterodactyl_wings_docker_ipv6_cidr`
+- CIDR range to use for the internal IPv6 ULA addresses
+- Has no effect if `pterodactyl_wings_docker_ipv6` is disabled
+- Default: `"fd00::/80"`
+
+##### `pterodactyl_wings_docker_ipv6nat_version`
+- Use the specified ipv6nat container tag
+- Default: `latest`
+
 ### Wings Configuration
 
 The `pterodactyl_wings_config` is a dictionary representing the configuration file of the wings daemon. This configuration
diff --git a/roles/pterodactyl_wings/defaults/main.yml b/roles/pterodactyl_wings/defaults/main.yml
index 2602967..85ec806 100644
--- a/roles/pterodactyl_wings/defaults/main.yml
+++ b/roles/pterodactyl_wings/defaults/main.yml
@@ -27,3 +27,6 @@ pterodactyl_wings_config:
 
 pterodactyl_wings_docker_install: true
 pterodactyl_wings_docker_source: stable
+pterodactyl_wings_docker_ipv6: false
+pterodactyl_wings_docker_ipv6_cidr: "fd00::/80"
+pterodactyl_wings_docker_ipv6nat_version: "latest"
diff --git a/roles/pterodactyl_wings/handlers/main.yml b/roles/pterodactyl_wings/handlers/main.yml
index a8053a7..bb4ac8c 100644
--- a/roles/pterodactyl_wings/handlers/main.yml
+++ b/roles/pterodactyl_wings/handlers/main.yml
@@ -4,3 +4,11 @@
   systemd:
     name: wings.service
     state: restarted
+
+- name: reload docker
+  systemd:
+    name: docker.service
+    state: reloaded
+
+- name: restart host
+  reboot:
diff --git a/roles/pterodactyl_wings/tasks/docker.yml b/roles/pterodactyl_wings/tasks/docker.yml
index 64a1a10..b005008 100644
--- a/roles/pterodactyl_wings/tasks/docker.yml
+++ b/roles/pterodactyl_wings/tasks/docker.yml
@@ -1,6 +1,10 @@
 - name: Install docker from {{ pterodactyl_wings_docker_source }}
   include_tasks: "docker_{{ pterodactyl_wings_docker_source }}.yml"
 
+- name: Enable IPv6 suppport
+  include_tasks: docker_ipv6.yml
+  when: pterodactyl_wings_docker_ipv6
+
 - name: Docker is enabled and running
   systemd:
     name: docker
diff --git a/roles/pterodactyl_wings/tasks/docker_ipv6.yml b/roles/pterodactyl_wings/tasks/docker_ipv6.yml
new file mode 100644
index 0000000..5ab029d
--- /dev/null
+++ b/roles/pterodactyl_wings/tasks/docker_ipv6.yml
@@ -0,0 +1,52 @@
+- name: Look for existing daemon.json
+  stat:
+    path: /etc/docker/daemon.json
+  register: _pterodactyl_wings_docker_daemon_config_file
+
+- name: Get existing daemon.json
+  command: cat /etc/docker/daemon.json
+  register: _pterodactyl_wings_docker_daemon_config
+  when: _pterodactyl_wings_docker_daemon_config_file.stat.exists
+
+- name: Apply required configuration options
+  set_fact:
+    _pterodactyl_wings_docker_daemon_config: "{{ current_config | combine(ipv6_config) }}"
+  vars:
+    current_config: "{{ _pterodactyl_wings_docker_daemon_config is skipped | ternary({}, (_pterodactyl_wings_docker_daemon_config.stdout)|d('{}')|from_json) }}"
+    ipv6_config:
+      userland-proxy: false
+      ipv6: true
+      fixed-cidr-v6: "{{ pterodactyl_wings_docker_ipv6_cidr }}"
+
+- name: Docker config directory exists
+  file:
+    path: /etc/docker
+    state: directory
+    owner: root
+    group: root
+    mode: "644"
+
+- name: daemon.json is present
+  copy:
+    content: "{{ _pterodactyl_wings_docker_daemon_config | to_nice_json }}"
+    dest: /etc/docker/daemon.json
+    owner: root
+    group: root
+    mode: "644"
+  notify: reload docker
+
+- name: ipv6NAT container unit file is present
+  template:
+    src: docker-ipv6nat.service.j2
+    dest: /etc/systemd/system/docker-ipv6nat.service
+    owner: root
+    group: root
+    mode: "644"
+
+- name: ipv6NAT unit is enabled and started
+  systemd:
+    name: docker-ipv6nat.service
+    state: started
+    enabled: yes
+    daemon_reload: yes
+  notify: restart host
diff --git a/roles/pterodactyl_wings/templates/docker-ipv6nat.service.j2 b/roles/pterodactyl_wings/templates/docker-ipv6nat.service.j2
new file mode 100644
index 0000000..97a5060
--- /dev/null
+++ b/roles/pterodactyl_wings/templates/docker-ipv6nat.service.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=IPv6 NAT for Docker containers
+After=docker.service
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+User=root
+ExecStart=/usr/bin/docker run --rm --name ipv6nat --privileged --network host -v /var/run/docker.sock:/var/run/docker.sock:ro -v /lib/modules:/lib/modules:ro robbertkl/ipv6nat:{{ pterodactyl_wings_docker_ipv6nat_version}}
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target