From bb66321355327b035bb0cfaba9dddf3810a669be Mon Sep 17 00:00:00 2001 From: Linus Sehn Date: Thu, 20 Jan 2022 17:52:37 +0100 Subject: [PATCH] set listening port and minor fixes --- roles/client/tasks/main.yml | 40 ++++++++++++++++++++++++++++++------- roles/server/tasks/main.yml | 28 +++++++++++++++++++------- 2 files changed, 54 insertions(+), 14 deletions(-) diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml index 98468a4..b708069 100644 --- a/roles/client/tasks/main.yml +++ b/roles/client/tasks/main.yml @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-or-later --- -- name: Install needed packages +- name: Install needed packages for uninstalling innernet tags: [never, uninstall] apt: package: @@ -17,27 +17,29 @@ (?i)delete: "yes" - name: Install needed packages - tags: [update] + tags: [always, update] apt: package: + - ufw - rsync - wireguard - wireguard-tools - name: Copy package to host - tags: [update] + tags: [never, update] synchronize: src: "innernet.deb" dest: "/tmp/innernet.deb" - name: Install package - tags: [update] + tags: [never, update] apt: deb: "/tmp/innernet.deb" update_cache: true install_recommends: true - name: Copy non-admin invitation to hosts + tags: [new_peer] synchronize: src: "{{ item.name }}.toml" dest: "/tmp/{{ item.name }}.toml" @@ -49,6 +51,7 @@ loop: "{{ peers }}" - name: Install non-admin invitation on hosts + tags: [new_peer] shell: | innernet install /tmp/{{ item.name }}.toml \ --default-name \ @@ -60,8 +63,31 @@ - item.name in ansible_host|replace('.', '-') loop: "{{ peers }}" -- name: Enable innernet daemon - systemd: +- name: Set listen port + tags: [listen_port] + community.general.ini_file: + path: "/etc/innernet/{{ network_name }}.conf" + section: interface + option: listen-port + value: "{{ network_listen_port }}" + mode: 600 + backup: yes + +- name: Allow UDP traffic on WireGuard port + tags: [listen_port, firewall] + ufw: + to_port: "{{ network_listen_port }}" + rule: allow + proto: udp + +- name: Just force systemd to reread configs (2.4 and above) + tags: [systemd, daemon] + ansible.builtin.systemd: + daemon_reload: yes + +- name: Restart and enable innernet daemon + tags: [systemd, daemon] + ansible.builtin.systemd: name: "innernet@{{ network_name }}" - state: started + state: restarted enabled: true diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index e17468c..c090ffb 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -25,33 +25,36 @@ - wireguard-tools - name: Copy package to server - tags: [update] + tags: [never, update] synchronize: src: "innernet-server.deb" dest: "/tmp/innernet-server.deb" - name: Install package - tags: [update] + tags: [never, update] apt: deb: "/tmp/innernet-server.deb" update_cache: true install_recommends: true - name: Check if network is initialised + tags: [base] stat: - path: "/var/lib/innernet-server/{{ network_name }}.db" - register: db_file + path: "/etc/innernet-server/{{ network_name }}.conf" + register: conf_file - name: Create base network + tags: [base] shell: | innernet-server new \ --network-name "{{ network_name }}" \ --network-cidr "{{ network_cidr }}" \ --external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \ --listen-port {{ network_listen_port }} - when: not db_file.stat.exists + when: not conf_file.stat.exists - name: Create CIDRs + tags: [cidr] shell: | innernet-server add-cidr "{{ network_name }}" \ --parent "{{ item.parent }}" \ @@ -63,6 +66,7 @@ - item.name not in existing_cidrs - name: Create peers + tags: [peers] shell: | innernet-server add-peer "{{ network_name }}" \ --name "{{ item.name }}" \ @@ -77,16 +81,19 @@ - item.name not in existing_peers - name: Check for actual peer invitation files + tags: [peers] shell: ls | grep .toml register: toml_files ignore_errors: true - name: Custom error message + tags: [peers] fail: msg: "Could not find any new invitation files. Have you added a new peer?" when: toml_files.rc == 1 - name: Copy invitation files of peers to controller + tags: [peers] synchronize: src: "/root/{{ item.name }}.toml" dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml" @@ -94,7 +101,8 @@ when: toml_files.stdout.find(item.name) != -1 loop: "{{ peers }}" -- name: Make sure invitation files are absent on innernet-server +- name: Make sure invitation files are deleted on innernet-server + tags: [peers] file: state: absent path: "/root/{{ item.name }}.toml" @@ -102,8 +110,14 @@ when: - item.name not in existing_peers +- name: Just force systemd to reread configs (2.4 and above) + tags: [systemd, daemon] + ansible.builtin.systemd: + daemon_reload: yes + - name: Enable innernet-server daemon + tags: [systemd, daemon] systemd: name: "innernet-server@{{ network_name }}" - state: started + state: restarted enabled: true