innernet-playbook/roles/client/tasks/main.yml

94 lines
2.3 KiB
YAML
Raw Normal View History

2021-11-15 19:09:18 +01:00
# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
2022-01-20 17:52:37 +01:00
- name: Install needed packages for uninstalling innernet
tags: [never, uninstall]
apt:
package:
- python3-pexpect
- name: Remove existing innernet
tags: [never, uninstall]
expect:
command: "innernet uninstall {{ network_name }}"
responses:
(?i)delete: "yes"
2021-11-15 19:09:18 +01:00
- name: Install needed packages
2022-01-20 17:52:37 +01:00
tags: [always, update]
2021-11-15 19:09:18 +01:00
apt:
package:
2022-01-20 17:52:37 +01:00
- ufw
2021-11-15 19:09:18 +01:00
- rsync
- wireguard
- wireguard-tools
- name: Copy package to host
2022-01-20 17:52:37 +01:00
tags: [never, update]
2021-11-15 19:09:18 +01:00
synchronize:
2021-12-02 17:46:40 +01:00
src: "innernet.deb"
dest: "/tmp/innernet.deb"
2021-11-15 19:09:18 +01:00
2021-12-02 17:46:40 +01:00
- name: Install package
2022-01-20 17:52:37 +01:00
tags: [never, update]
2021-12-02 17:46:40 +01:00
apt:
deb: "/tmp/innernet.deb"
update_cache: true
2021-12-02 17:46:40 +01:00
install_recommends: true
2021-11-15 19:09:18 +01:00
- name: Copy non-admin invitation to hosts
2022-01-20 17:52:37 +01:00
tags: [new_peer]
2021-11-15 19:09:18 +01:00
synchronize:
src: "{{ item.name }}.toml"
2021-12-02 17:46:40 +01:00
dest: "/tmp/{{ item.name }}.toml"
2021-11-15 19:09:18 +01:00
when:
# is not existing
- item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
# only if filename contains a part of the hostname
- item.name in ansible_host|replace('.', '-')
loop: "{{ peers }}"
2021-11-15 19:09:18 +01:00
- name: Install non-admin invitation on hosts
2022-01-20 17:52:37 +01:00
tags: [new_peer]
2021-11-15 19:09:18 +01:00
shell: |
2021-12-02 17:46:40 +01:00
innernet install /tmp/{{ item.name }}.toml \
--default-name \
--delete-invite
2021-11-15 19:09:18 +01:00
when:
# is not existing
- item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
# only if filename contains a part of the hostname
- item.name in ansible_host|replace('.', '-')
loop: "{{ peers }}"
2021-12-02 17:46:40 +01:00
2022-01-20 17:52:37 +01:00
- name: Set listen port
tags: [listen_port]
community.general.ini_file:
path: "/etc/innernet/{{ network_name }}.conf"
section: interface
option: listen-port
value: "{{ network_listen_port }}"
mode: 600
backup: yes
- name: Allow UDP traffic on WireGuard port
tags: [listen_port, firewall]
ufw:
to_port: "{{ network_listen_port }}"
rule: allow
proto: udp
- name: Just force systemd to reread configs (2.4 and above)
tags: [systemd, daemon]
ansible.builtin.systemd:
daemon_reload: yes
- name: Restart and enable innernet daemon
tags: [systemd, daemon]
ansible.builtin.systemd:
2021-12-02 17:46:40 +01:00
name: "innernet@{{ network_name }}"
2022-01-20 17:52:37 +01:00
state: restarted
enabled: true