holm/innernet-playbook
1
0
Fork 0
forked from extern/innernet-playbook
Code Issues Pull Requests Packages Projects Releases Wiki Activity

set listening port and minor fixes

Browse Source
This commit is contained in:
Linus Sehn 2022-01-20 17:52:37 +01:00
parent 95ed8a98f2
commit bb66321355
2 changed files with 54 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
roles/client/tasks/main.yml
View File

@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
--- ---
- name: Install needed packages - name: Install needed packages for uninstalling innernet
tags: [never, uninstall] tags: [never, uninstall]
apt: apt:
package: package:
@ -17,27 +17,29 @@
(?i)delete: "yes" (?i)delete: "yes"
- name: Install needed packages - name: Install needed packages
tags: [update] tags: [always, update]
apt: apt:
package: package:
- ufw
- rsync - rsync
- wireguard - wireguard
- wireguard-tools - wireguard-tools
- name: Copy package to host - name: Copy package to host
tags: [update] tags: [never, update]
synchronize: synchronize:
src: "innernet.deb" src: "innernet.deb"
dest: "/tmp/innernet.deb" dest: "/tmp/innernet.deb"
- name: Install package - name: Install package
tags: [update] tags: [never, update]
apt: apt:
deb: "/tmp/innernet.deb" deb: "/tmp/innernet.deb"
update_cache: true update_cache: true
install_recommends: true install_recommends: true
- name: Copy non-admin invitation to hosts - name: Copy non-admin invitation to hosts
tags: [new_peer]
synchronize: synchronize:
src: "{{ item.name }}.toml" src: "{{ item.name }}.toml"
dest: "/tmp/{{ item.name }}.toml" dest: "/tmp/{{ item.name }}.toml"
@ -49,6 +51,7 @@
loop: "{{ peers }}" loop: "{{ peers }}"
- name: Install non-admin invitation on hosts - name: Install non-admin invitation on hosts
tags: [new_peer]
shell: | shell: |
innernet install /tmp/{{ item.name }}.toml \ innernet install /tmp/{{ item.name }}.toml \
--default-name \ --default-name \
@ -60,8 +63,31 @@
- item.name in ansible_host|replace('.', '-') - item.name in ansible_host|replace('.', '-')
loop: "{{ peers }}" loop: "{{ peers }}"
- name: Enable innernet daemon - name: Set listen port
systemd: tags: [listen_port]
community.general.ini_file:
path: "/etc/innernet/{{ network_name }}.conf"
section: interface
option: listen-port
value: "{{ network_listen_port }}"
mode: 600
backup: yes
- name: Allow UDP traffic on WireGuard port
tags: [listen_port, firewall]
ufw:
to_port: "{{ network_listen_port }}"
rule: allow
proto: udp
- name: Just force systemd to reread configs (2.4 and above)
tags: [systemd, daemon]
ansible.builtin.systemd:
daemon_reload: yes
- name: Restart and enable innernet daemon
tags: [systemd, daemon]
ansible.builtin.systemd:
name: "innernet@{{ network_name }}" name: "innernet@{{ network_name }}"
state: started state: restarted
enabled: true enabled: true

28
roles/server/tasks/main.yml
View File

@ -25,33 +25,36 @@
- wireguard-tools - wireguard-tools
- name: Copy package to server - name: Copy package to server
tags: [update] tags: [never, update]
synchronize: synchronize:
src: "innernet-server.deb" src: "innernet-server.deb"
dest: "/tmp/innernet-server.deb" dest: "/tmp/innernet-server.deb"
- name: Install package - name: Install package
tags: [update] tags: [never, update]
apt: apt:
deb: "/tmp/innernet-server.deb" deb: "/tmp/innernet-server.deb"
update_cache: true update_cache: true
install_recommends: true install_recommends: true
- name: Check if network is initialised - name: Check if network is initialised
tags: [base]
stat: stat:
path: "/var/lib/innernet-server/{{ network_name }}.db" path: "/etc/innernet-server/{{ network_name }}.conf"
register: db_file register: conf_file
- name: Create base network - name: Create base network
tags: [base]
shell: | shell: |
innernet-server new \ innernet-server new \
--network-name "{{ network_name }}" \ --network-name "{{ network_name }}" \
--network-cidr "{{ network_cidr }}" \ --network-cidr "{{ network_cidr }}" \
--external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \ --external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \
--listen-port {{ network_listen_port }} --listen-port {{ network_listen_port }}
when: not db_file.stat.exists when: not conf_file.stat.exists
- name: Create CIDRs - name: Create CIDRs
tags: [cidr]
shell: | shell: |
innernet-server add-cidr "{{ network_name }}" \ innernet-server add-cidr "{{ network_name }}" \
--parent "{{ item.parent }}" \ --parent "{{ item.parent }}" \
@ -63,6 +66,7 @@
- item.name not in existing_cidrs - item.name not in existing_cidrs
- name: Create peers - name: Create peers
tags: [peers]
shell: | shell: |
innernet-server add-peer "{{ network_name }}" \ innernet-server add-peer "{{ network_name }}" \
--name "{{ item.name }}" \ --name "{{ item.name }}" \
@ -77,16 +81,19 @@
- item.name not in existing_peers - item.name not in existing_peers
- name: Check for actual peer invitation files - name: Check for actual peer invitation files
tags: [peers]
shell: ls | grep .toml shell: ls | grep .toml
register: toml_files register: toml_files
ignore_errors: true ignore_errors: true
- name: Custom error message - name: Custom error message
tags: [peers]
fail: fail:
msg: "Could not find any new invitation files. Have you added a new peer?" msg: "Could not find any new invitation files. Have you added a new peer?"
when: toml_files.rc == 1 when: toml_files.rc == 1
- name: Copy invitation files of peers to controller - name: Copy invitation files of peers to controller
tags: [peers]
synchronize: synchronize:
src: "/root/{{ item.name }}.toml" src: "/root/{{ item.name }}.toml"
dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml" dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml"
@ -94,7 +101,8 @@
when: toml_files.stdout.find(item.name) != -1 when: toml_files.stdout.find(item.name) != -1
loop: "{{ peers }}" loop: "{{ peers }}"
- name: Make sure invitation files are absent on innernet-server - name: Make sure invitation files are deleted on innernet-server
tags: [peers]
file: file:
state: absent state: absent
path: "/root/{{ item.name }}.toml" path: "/root/{{ item.name }}.toml"
@ -102,8 +110,14 @@
when: when:
- item.name not in existing_peers - item.name not in existing_peers
- name: Just force systemd to reread configs (2.4 and above)
tags: [systemd, daemon]
ansible.builtin.systemd:
daemon_reload: yes
- name: Enable innernet-server daemon - name: Enable innernet-server daemon
tags: [systemd, daemon]
systemd: systemd:
name: "innernet-server@{{ network_name }}" name: "innernet-server@{{ network_name }}"
state: started state: restarted
enabled: true enabled: true