<!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc -->

**Table of Contents**

- [Motivation](#motivation)
- [Install](#install)
  - [Clone the repo](#clone-the-repo)
  - [Build binaries from submodule at `./innernet-src`](#build-binaries-from-submodule-at-innernet-src)
  - [Run the playbook](#run-the-playbook)

<!-- markdown-toc end -->

# Motivation

There is a need for some of our servers to connect to other IPv6-only hosts. Since this is not always possible without introducing major painpoints elsewhere, we simply create an internal WireGuard network so that the machines in question can communicate securely using IPv4.

![An overview](fsfe-innernet.png)

# Install

## Clone the repo

```bash
git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/innernet-playbook.git
cd innernet-playbook
```

## Build binaries from submodule at `./innernet-src`

Since [innernet](https://github.com/tonarino/innernet) is new software, it is not yet included in the Debian repositories. Thus, before running the playbook we need to build the `innernet` and `innernet-server` binaries. At the moment, we are using `v1.5.1`, but you can choose any other available version by setting the environment variable accordingly.

```bash
INNERNET_VERSION=v1.5.1 ./build-binaries.sh
```

## Run the playbook

```bash
ansible-playbook playbook.yml
```

## Distribute the invitation files

Some invitation files are for humans, so you need to send these files to them securely. I suggest using someting like `wormohle`.

```bash
sudo apt install magic-wormhole
cd roles/client/files
wormhole send <name_of_peer>.toml
```