# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe # # SPDX-License-Identifier: AGPL-3.0-or-later --- - name: Convert hostname to innernet peer name tags: [peers] # we want the mere host name before the domain, so e.g. # * server1.fsfe.org -> server1 # * cont1.noris.fsfeurope.org -> cont1-noris set_fact: innernet_client: "{{ innernet_client | replace(item.0, item.1) }}" vars: - innernet_client: "{{ ansible_host }}" loop: - ['.', '-'] - ['-fsfeurope-org', ''] - ['-fsfe-org', ''] - ['-fsfe-be', ''] - name: Gather which packages are installed on the client tags: [update] package_facts: manager: auto - name: Make sure needed packages for innernet and wireguard are installed apt: package: - python3-pexpect - rsync - wireguard - wireguard-tools - ufw - name: Remove existing innernet tags: [never, uninstall] expect: command: "innernet uninstall {{ network_name }}" responses: (?i)delete: "yes" - name: Install innernet package on client tags: [update] block: - name: Copy innernet package to client synchronize: src: "innernet.deb" dest: "/tmp/innernet.deb" - name: Install innernet client package apt: deb: "/tmp/innernet.deb" update_cache: true install_recommends: true # If 1. innernet not installed or 2. `update` tag executed when: "'innernet' not in ansible_facts.packages or 'update' in ansible_run_tags" - name: Get existing peers from innernet-server database shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from peers;"' register: existing_peers delegate_to: "{{ innernet_server }}" run_once: true - name: Add machine as innernet peer tags: [peers] include_role: name: server tasks_from: add_peer args: apply: tags: [peers] delegate_to: "{{ innernet_server }}" vars: peer_name: "{{ innernet_client }}" # Value of the CIDR we defined as the CIDR for machines peer_cidr: "{{ cidrs[machine_cidr]['name'] }}" # machines are never admins peer_admin: "false" when: - innernet_client not in existing_peers.stdout_lines - name: Install innernet peer invitation on machine tags: [peers] block: - name: Copy peer invitation file from controller to client copy: src: "{{ innernet_client }}.toml" dest: "/root/{{ innernet_client }}.toml" - name: Install peer invitation on client shell: | innernet install /root/{{ innernet_client }}.toml \ --default-name \ --delete-invite when: - innernet_client not in existing_peers.stdout_lines - name: Set listen port tags: [listen_port] ini_file: path: "/etc/innernet/{{ network_name }}.conf" section: interface option: listen-port value: "{{ network_listen_port }}" mode: 600 backup: yes - name: Allow UDP traffic on WireGuard port tags: [listen_port, firewall] ufw: to_port: "{{ network_listen_port }}" rule: allow proto: udp - name: Restart and enable innernet daemon systemd: name: "innernet@{{ network_name }}" state: restarted enabled: yes daemon_reload: yes