ansible-role-tinc/tasks/main.yml

90 lines
2.5 KiB
YAML

---
# Tinc VPN Setup and Configuration
- name: Main - Set different base dir for macOS
set_fact:
tinc_base_dir: /usr/local/etc/tinc
when: (override_os_family is defined) | ternary(override_os_family,ansible_os_family) == "Darwin"
- name: Main - Install tinc
include_tasks: "{{ item }}"
with_first_found:
- "setup-{{ ansible_distribution }}.yml"
- "setup-{{ (override_os_family is defined) | ternary(override_os_family,ansible_os_family) }}.yml"
- name: Main - Create tinc directories
become: yes
file:
path: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts"
state: directory
mode: "0755"
- name: Main - Create new host keypair
become: yes
shell: |
export PATH=/usr/local/sbin:/usr/local/bin:$PATH
tincd -n {{ tinc_vpn_id }} -K4096
args:
chdir: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}"
creates: rsa_key.priv
- name: Main - Create config
become: yes
template:
src: "{{ role_path }}/templates/tinc.conf.j2"
dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc.conf"
- name: Main - Fetch public key
become: yes
fetch:
src: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/rsa_key.pub"
dest: "{{ role_path }}/templates/tmp/rsa_key-{{ ansible_hostname }}.pub"
flat: yes
- name: Main - Create own hostfile
become: yes
template:
src: "{{ role_path }}/templates/hostfile.j2"
dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts/{{ ansible_hostname }}"
- name: Main - Create tinc-up script
become: yes
template:
src: "{{ role_path }}/templates/tinc-up.j2"
dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc-up"
mode: "0755"
- name: Main - Create tinc-down script
become: yes
template:
src: "{{ role_path }}/templates/tinc-down.j2"
dest: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/tinc-down"
mode: "0755"
- name: Main - Fetch all hostfiles
become: yes
fetch:
src: "{{ tinc_base_dir }}/{{ tinc_vpn_id }}/hosts/{{ ansible_hostname }}"
dest: "{{ role_path }}/files/tmp/{{ ansible_hostname }}"
flat: yes
- name: "Main - Enable {{ tinc_vpn_id }}"
become: yes
block:
- name: "Main - Enable {{ tinc_vpn_id }} in tinc config"
lineinfile:
name: "{{ tinc_base_dir }}/nets.boot"
line: "{{ tinc_vpn_id }}"
create: yes
- name: "Main - Enable and restart tinc service"
systemd:
name: tinc
state: restarted
enabled: yes
- name: "Main - Enable and restart tinc@{{ tinc_vpn_id }} service"
systemd:
name: "tinc@{{ tinc_vpn_id }}"
state: restarted
enabled: yes
when: inventory_hostname != 'localhost'