extern/innernet-playbook
1
0
Fork 1
mirror of https://git.fsfe.org/fsfe-system-hackers/innernet-playbook.git synced 2024-11-07 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
A playbook that sets up an internal WireGuard network using innernet (as declaratively as possible)
24 Commits 1 Branch 0 Tags 13 MiB
Shell 71.5%
Jinja 16.8%
Dockerfile 11.7%
926835c2d5
Go to file
linus 926835c2d5 change the way in which the .deb packages are built 
The build environment must be based on bullseye. This is achieved by
using a docker container to build the .deb packages
2021-12-02 17:42:02 +01:00
group_vars put variables where they belong 2021-11-15 18:44:10 +01:00
innernet-src@9a59ac3094 checkout v1.5.1 in innernet submodule 2021-11-15 18:45:05 +01:00
inventory@873e2fd4cf bump inventory 2021-11-15 18:51:08 +01:00
roles add client role 2021-11-15 19:09:18 +01:00
.gitignore ignore binaries to avoid bloating the repo 2021-11-15 18:49:39 +01:00
.gitmodules add correct upstream as innernet-src 2021-11-15 11:38:49 +01:00
ansible.cfg adding ansible scaffolding 2021-11-05 15:20:44 +01:00
build-debs.sh change the way in which the .deb packages are built 2021-12-02 17:42:02 +01:00
Dockerfile change the way in which the .deb packages are built 2021-12-02 17:42:02 +01:00
fsfe-innernet.png change picture background 2021-11-16 10:04:48 +01:00
open_the_vault.sh adding ansible scaffolding 2021-11-05 15:20:44 +01:00
playbook.yml put variables where they belong 2021-11-15 18:44:10 +01:00
README.md update README.md 2021-12-02 17:41:46 +01:00
vault_passphrase.gpg adding ansible scaffolding 2021-11-05 15:20:44 +01:00
vault_passphrase.gpg.license adding ansible scaffolding 2021-11-05 15:20:44 +01:00

README.md

Table of Contents

Motivation

There is a need for some of our servers to connect to other IPv6-only hosts. Since this is not always possible without introducing major painpoints elsewhere, we simply create an internal WireGuard network so that the machines in question can communicate securely using IPv4.

An overview

Preparation

Clone the repo

git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/innernet-playbook.git
cd innernet-playbook

Build binaries from submodule at ./innernet-src

Since innernet is new software, it is not yet included in the Debian repositories. Thus, before running the playbook we need to build the innernet and innernet-server binaries. At the moment, we are using 1.5.1, but you can choose any other available version by setting the environment variable accordingly. Please also note that you need cargo-deb installed to successfully compile the Debian packages.

./build-debs.sh

You can learn more about innernet by looking at its source code or reading this informative blog post of its creator.

Preparing ansible

To ensure this playbook works on different machines, pipenv is used to pin the version of ansible. So, to use the same version of Ansible that this playbook was tested with, simply run:

pipenv install --dev # for developing or
pipenv install       # for simply running this playbook
pipenv shell

Now, you should be in a shell that is running the correct version of the ansible and ansible-playbook executable.

Execution

Run the playbook

ansible-playbook deploy.yml

Distribute the invitation files

Some invitation files are for humans, so you need to send these files to them securely. I suggest using someting like wormohle.

sudo apt install magic-wormhole
cd roles/client/files
wormhole send <name_of_peer>.toml

Development