Switch network management to systemd-networkd and iwd

ansible/roles/common/files/20-ethernet.network

@@ -0,0 +1,26 @@
+[Match]
+# Matching with "Type=ether" causes issues with containers because it also matches virtual Ethernet interfaces (veth*).
+# See https://bugs.archlinux.org/task/70892
+# Instead match by globbing the network interface name.
+Name=en*
+Name=eth*
+
+[Link]
+RequiredForOnline=routable
+
+[Network]
+DHCP=yes
+MulticastDNS=yes
+
+# systemd-networkd does not set per-interface-type default route metrics
+# https://github.com/systemd/systemd/issues/17698
+# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband.
+# Use values from NetworkManager. From nm_device_get_route_metric_default in
+# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c
+[DHCPv4]
+UseDNS=no
+RouteMetric=100
+
+[IPv6AcceptRA]
+UseDNS=no
+RouteMetric=100

ansible/roles/common/handlers/main.yml

@@ -1,6 +1,11 @@
 ---
 # Handlers for the 'common' role
 
+- name: Restart systemd-networkd
+  ansible.builtin.service:
+    name: systemd-networkd
+    state: restarted
+
 - name: Restart sshd
   ansible.builtin.service:
     name: sshd

ansible/roles/common/tasks/main.yml

@@ -6,27 +6,34 @@
     name: "{{ common_hostname }}"
   tags: [ 'common', 'hostname' ]
 
-- name: Configure WiFi connection '{{ common_wifi_connection_name }}'
+- name: Ensure systemd-networkd is enabled and running
-  become: true
+  ansible.builtin.service:
-  ansible.builtin.command:
+    name: systemd-networkd
-    cmd: >
+    enabled: yes
-      nmcli dev wifi connect "{{ common_wifi_ssid }}"
+    state: started
-      password "{{ common_wifi_password }}"
+  tags: [ 'common', 'network' ]
-      name "{{ common_wifi_connection_name }}"
+
-  args:
+- name: Ensure iwd is enabled and running
-    creates: "/etc/NetworkManager/system-connections/{{ common_wifi_connection_name }}.nmconnection"
+  ansible.builtin.service:
-  ignore_errors: true
+    name: iwd
+    enabled: yes
+    state: started
   tags: [ 'common', 'network', 'wifi' ]
 
-- name: Configure ethernet connection '{{ common_ethernet_con_name }}' with static IP, gateway, and DNS
+- name: Deploy ethernet network configuration
-  become: true
+  ansible.builtin.copy:
-  ansible.builtin.command:
+    src: files/20-ethernet.network
-    cmd: >
+    dest: /etc/systemd/network/20-ethernet.network
-      nmcli con add type ethernet ifname {{ common_ethernet_ifname }} con-name "{{ common_ethernet_con_name }}" ipv4.method manual ipv4.addresses {{ common_ethernet_ipv4_address }} ipv4.gateway {{ common_ethernet_ipv4_gateway }} ipv4.dns "{{ common_ethernet_ipv4_dns }}"
+    owner: root
-  args:
+    group: root
-    creates: "/etc/NetworkManager/system-connections/{{ common_ethernet_con_name }}.nmconnection"
+    mode: '0644'
-  ignore_errors: true
+  notify: Restart systemd-networkd
   tags: [ 'common', 'network', 'ethernet' ]
+
+- name: Configure WiFi (requires manual interaction or pre-seeded iwd config)
+  debug:
+    msg: "WiFi configuration via Ansible for iwd is complex. Ensure /var/lib/iwd/ contains correct .psk files."
+  tags: [ 'common', 'network', 'wifi' ]
 - name: Ensure user '{{ common_user_name }}' exists with specified password
   ansible.builtin.user:
     name: "{{ common_user_name }}"