enhance update of listen-port on clients

The server cannot change its port. Therefore we set two different ports. We also remove the redundant firewall tag
2024-11-24 15:43:19 +01:00 · 2022-03-04 12:36:00 +01:00 · 2022-03-04 12:36:00 +01:00 · bfec9af6f0
commit bfec9af6f0
parent 3d0f79110d
4 changed files with 12 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -109,6 +109,5 @@ available ones:

 * `cidr`: configure CIDRs
 * `update`: update the innernet binaries
-* `firewall`: configure firewall settings
 * `listen_port`: edit/set the listen port between server and clients
 * `uninstall`: delete innernet configuration and packages from systems
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -5,7 +5,8 @@ network_name: "fsfe"
 # 65,536 usable IP addresses
 network_cidr: "10.200.0.0/16"
 # wiregaurd listening port
-network_listen_port: "51820"
+network_listen_port_clients: "51820"
+network_listen_port_server: "51820"
 cidrs:
  ## humans
  ## 10.200.16.1 to 10.200.31.254
--- a/roles/client/tasks/main.yml
+++ b/roles/client/tasks/main.yml
@ -100,24 +100,22 @@
  when:
    - innernet_client not in existing_peers.stdout_lines

- name: Set listen port
+- name: Set listen port on client
  tags: [listen_port]
-  ini_file:
-    path: "/etc/innernet/{{ network_name }}.conf"
-    section: interface
-    option: listen-port
-    value: "{{ network_listen_port }}"
-    mode: 600
-    backup: yes
+  shell: |
+        innernet set-listen-port {{ network_name }} \
+          -l {{ network_listen_port_clients }} \
+          --yes

 - name: Allow UDP traffic on WireGuard port
-  tags: [listen_port, firewall]
+  tags: [listen_port]
  ufw:
-    to_port: "{{ network_listen_port }}"
+    to_port: "{{ network_listen_port_clients }}"
    rule: allow
    proto: udp

 - name: Restart and enable innernet daemon
+  tags: [update, listen_port]
  systemd:
    name: "innernet@{{ network_name }}"
    state: restarted
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@ -101,7 +101,6 @@
    - item.key not in existing_peers.stdout_lines

 - name: Enable firewall and allow SSH
-  tags: [listen_port, firewall]
  ufw:
    state: enabled
    default: deny
@ -109,12 +108,12 @@
    rule: allow

 - name: Allow UDP traffic on WireGuard port
-  tags: [listen_port, firewall]
  ufw:
-    to_port: "{{ network_listen_port }}"
+    to_port: "{{ network_listen_port_server }}"
    rule: allow

 - name: Restart and enable innernet-server daemon
+  tags: [update, listen_port]
  systemd:
    name: "innernet-server@{{ network_name }}"
    state: restarted