first working version with initialise.sh script

2024-11-21 22:23:10 +01:00 · 2021-11-06 14:17:50 +01:00 · 2021-11-06 14:17:50 +01:00 · af2c948bd8
commit af2c948bd8
parent afd79d48f5
4 changed files with 118 additions and 0 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -0,0 +1,50 @@
+# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+- hosts: innernet_server
+  remote_user: root
+  vars:
+    # interface/innernet parent network name
+    network_name: "fsfe"
+    # 10.200.0.1 to 10.200.255.254
+    # 65,536 usable IP addresses
+    network_cidr: "10.200.0.0/16"
+    # wiregaurd listening port
+    network_listen_port: "51820"
+    cidrs:
+      ## humans
+      ## 10.200.16.1 to 10.200.31.254
+      ## 4,096 usable IP addresses
+      - { "parent": "fsfe", "name": "humans", "cidr": "10.200.16.0/20" }
+
+      ### humans > admins
+      ### 10.200.16.1 to 10.200.19.254
+      ### 1,024 usable IP addresses
+      - { "parent": "humans", "name": "admins", "cidr": "10.200.16.0/22" }
+
+      ### humans > others
+      ### 10.200.20.1 to 10.200.23.254
+      ### 1,024 usable IP addresses
+      - { "parent": "humans", "name": "others", "cidr": "10.200.20.0/22" }
+
+      ## machines
+      ## 10.200.64.1 to 10.200.127.254
+      ## with 16,384 usable IP addresses
+      - { "parent": "fsfe", "name": "machines", "cidr": "10.200.64.0/18" }
+
+    admin_peers:
+      # humans > admins
+      - { "cidr": "admins", "name": "linus" }
+      - { "cidr": "admins", "name": "max-mehl" }
+      - { "cidr": "admins", "name": "albert" }
+
+    peers:
+      # machines
+      - { "cidr": "machines", "name": "meitner" }
+      - { "cidr": "machines", "name": "claus" }
+
+  roles:
+    - role: server
+      tags: [server]
--- a/roles/server/files/innernet-server_1.5.0_amd64.deb
+++ b/roles/server/files/innernet-server_1.5.0_amd64.deb
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+# - name: Install packages
+#   apt:
+#     package:
+#       - rsync
+#       - wireguard
+#       - wireguard-tools
+
+# - name: Transfer innernet-server release
+#   synchronize:
+#     src: "innernet-server_1.5.0_amd64.deb"
+#     dest: "/tmp/innernet-server.deb"
+
+# - name: Install innernet-server release
+#   apt: deb="/tmp/innernet-server.deb"
+
+- name: Copy initialisation script to server
+  template:
+    src: initialise.j2
+    dest: /root/initialise.sh
+    mode: "0755"
--- a/roles/server/templates/initialise.j2
+++ b/roles/server/templates/initialise.j2
@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -e
+
+innernet-server \
+    new \
+    --network-name "{{ network_name }}" \
+    --network-cidr "{{ network_cidr }}" \
+    --external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \
+    --listen-port {{ network_listen_port }}
+
+{% for item in cidrs %}
+innernet-server \
+    add-cidr "{{ network_name }}" \
+    --parent "{{ item.parent }}" \
+    --name "{{ item.name }}" \
+    --cidr "{{ item.cidr }}" \
+    --yes
+
+{% endfor %}
+{% for item in admin_peers %}
+innernet-server \
+    add-peer "{{ network_name }}" \
+    --name "{{ item.name }}" \
+    --cidr "{{ item.cidr }}" \
+    --admin true \
+    --save-config "{{ item.name }}.toml" \
+    --invite-expires "14d" \
+    --auto-ip \
+    --yes
+
+{% endfor %}
+{% for item in peers %}
+innernet-server \
+    add-peer "{{ network_name }}" \
+    --name "{{ item.name }}" \
+    --cidr "{{ item.cidr }}" \
+    --admin false \
+    --save-config "{{ item.name }}.toml" \
+    --invite-expires "14d" \
+    --auto-ip \
+    --yes
+
+{% endfor %}