mirror of
https://git.fsfe.org/fsfe-system-hackers/innernet-playbook.git
synced 2024-11-25 16:13:11 +01:00
96 lines
2.4 KiB
YAML
96 lines
2.4 KiB
YAML
# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
---
|
|
- name: Install needed packages
|
|
tags: [update]
|
|
apt:
|
|
package:
|
|
- rsync
|
|
- wireguard
|
|
- wireguard-tools
|
|
|
|
- name: Copy package to server
|
|
tags: [never, update]
|
|
synchronize:
|
|
src: "innernet-server.deb"
|
|
dest: "/tmp/innernet-server.deb"
|
|
|
|
- name: Install package
|
|
tags: [never, update]
|
|
apt:
|
|
deb: "/tmp/innernet-server.deb"
|
|
update_cache: true
|
|
install_recommends: true
|
|
|
|
- name: Check if network is initialised
|
|
stat:
|
|
path: "/var/lib/innernet-server/{{ network_name }}.db"
|
|
register: db_file
|
|
|
|
- name: Create base network
|
|
shell: |
|
|
innernet-server new \
|
|
--network-name "{{ network_name }}" \
|
|
--network-cidr "{{ network_cidr }}" \
|
|
--external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \
|
|
--listen-port {{ network_listen_port }}
|
|
when: not db_file.stat.exists
|
|
|
|
- name: Create CIDRs
|
|
shell: |
|
|
innernet-server add-cidr "{{ network_name }}" \
|
|
--parent "{{ item.parent }}" \
|
|
--name "{{ item.name }}" \
|
|
--cidr "{{ item.cidr }}" \
|
|
--yes
|
|
loop: "{{ cidrs }}"
|
|
when:
|
|
- item.name not in existing_cidrs
|
|
|
|
- name: Create peers
|
|
shell: |
|
|
innernet-server add-peer "{{ network_name }}" \
|
|
--name "{{ item.name }}" \
|
|
--cidr "{{ item.cidr }}" \
|
|
--admin "{{ item.admin }}" \
|
|
--save-config "{{ item.name }}.toml" \
|
|
--invite-expires "14d" \
|
|
--auto-ip \
|
|
--yes
|
|
loop: "{{ peers }}"
|
|
when:
|
|
- item.name not in existing_peers
|
|
|
|
- name: Check for actual peer invitation files
|
|
shell: ls | grep .toml
|
|
register: toml_files
|
|
ignore_errors: true
|
|
|
|
- name: Custom error message
|
|
fail:
|
|
msg: "Could not find any new invitation files. Have you added a new peer?"
|
|
when: toml_files.rc == 1
|
|
|
|
- name: Copy invitation files of peers to controller
|
|
synchronize:
|
|
src: "/root/{{ item.name }}.toml"
|
|
dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml"
|
|
mode: pull
|
|
when: toml_files.stdout.find(item.name) != -1
|
|
loop: "{{ peers }}"
|
|
|
|
- name: Make sure invitation files are absent on innernet-server
|
|
file:
|
|
state: absent
|
|
path: "/root/{{ item.name }}.toml"
|
|
loop: "{{ peers }}"
|
|
when:
|
|
- item.name not in existing_peers
|
|
|
|
- name: Enable innernet-server daemon
|
|
systemd:
|
|
name: "innernet-server@{{ network_name }}"
|
|
state: started
|