tinc.yml 2.72 KB
Newer Older
Alexander Withers's avatar
Alexander Withers committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
---

- name: find our public IP
  shell: wget -qO- http://ipecho.net/plain ; echo
  register: host_ip

- name: reload ansible_local
  setup: filter=ansible_local

- name: install tinc
  package: name=tinc state=present

- name: install avahi-autoipd
  package: name=avahi-autoipd state=present

- name: ensure tinc vpn name directory exists
  file: path=/etc/tinc/{{ vpn_name }}/hosts recurse=True state=directory

- name: ensure tinc.conf exists for vpn name
  template: >
    src=tinc.conf.j2
    dest=/etc/tinc/{{ vpn_name }}/tinc.conf

# -------
- name: ensure tinc address/key is properly set in tinc host file
  template: >
    src={{ vpn_start }}.j2
    dest=/etc/tinc/{{ vpn_name }}/hosts/{{ vpn_start }}
  notify:
    - restart tinc

# OR ----
#
#- name: ensure tinc address is properly set in tinc host file
#  lineinfile: >
#    dest=/etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
#    line="Address = {{ vpn_host }}"
#    create=yes
#  notify:
#    - restart tinc
#
# -------

- name: create /etc/tinc/nets.boot file from template
  template: >
    src=nets.boot.j2
    dest=/etc/tinc/nets.boot
  notify:
    - restart tinc

- name: create tinc private key
  shell: tincd -n {{ vpn_name }} -K4096
  args:
    creates: /etc/tinc/{{ vpn_name }}/rsa_key.priv

#- name: copy public key to hosts dir
#  shell: cp /etc/tinc/{{ vpn_name }}/rsa_key.pub /etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
#  args:
#    creates: /etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}

- name: create tinc-up file
  template: src=tinc-up.j2 dest=/etc/tinc/{{ vpn_name }}/tinc-up mode=0755

- name: create tinc-down file
  template: src=tinc-down.j2 dest=/etc/tinc/{{ vpn_name }}/tinc-down mode=0755
  notify:
    - restart tinc

# These three go together
- name: fetch tinc hosts file after private key creation
  fetch: >
    src=/etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
    dest=fetch/{{ ansible_hostname }}
    flat=yes
  notify:
    - restart tinc

#- name: ensure the fetched tinc hosts file are place on each server
#  file: >
#    src={{ item }}
#    dest=/etc/tinc/{{vpn_name }}/hosts/{{ item }}
#  with_fileglob:
#    - fetch/*
#  notify:
#    - restart tinc
#
#- name: sync the fetched hosts files on each host
#  synchronize: >
#    src=fetch/
#    dest=/etc/tinc/{{ vpn_name }}/hosts/
#  notify:
#    - restart tinc

- name: determine tinc service name
  set_fact:
        tincservice: "@{{ vpn_name }}"
  when: (ansible_distribution == "CentOS")

- name: determine tinc service name
  set_fact:
        tincservice: ""
  when: (ansible_distribution == "Ubuntu")

- name: start tinc
  service: name=tinc{{ tincservice }}  state=started

- name: enable tinc
  service: name=tinc{{ tincservice }}  enabled=yes state=started
  notify:
    - reload systemd