holm/innernet-playbook
1
0
Fork 0
forked from extern/innernet-playbook
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a3be2b81d9
innernet-playbook/roles/client/tasks/main.yml
Linus Sehn a3be2b81d9 minor fix and added berzelius to test
2022-01-21 17:18:29 +01:00

94 lines
2.3 KiB
YAML
Raw Blame History

# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Install needed packages for uninstalling innernet
tags: [never, uninstall]
apt:
package:
- python3-pexpect
- name: Remove existing innernet
tags: [never, uninstall]
expect:
command: "innernet uninstall {{ network_name }}"
responses:
(?i)delete: "yes"
- name: Install needed packages
tags: [always, update]
apt:
package:
- ufw
- rsync
- wireguard
- wireguard-tools
- name: Copy package to host
tags: [update]
synchronize:
src: "innernet.deb"
dest: "/tmp/innernet.deb"
- name: Install package
tags: [update]
apt:
deb: "/tmp/innernet.deb"
update_cache: true
install_recommends: true
- name: Copy non-admin invitation to hosts
tags: [new_peer]
synchronize:
src: "{{ item.name }}.toml"
dest: "/tmp/{{ item.name }}.toml"
when:
# is not existing
- item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
# only if filename contains a part of the hostname
- item.name in ansible_host|replace('.', '-')
loop: "{{ peers }}"
- name: Install non-admin invitation on hosts
tags: [new_peer]
shell: |
innernet install /tmp/{{ item.name }}.toml \
--default-name \
--delete-invite
when:
# is not existing
- item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
# only if filename contains a part of the hostname
- item.name in ansible_host|replace('.', '-')
loop: "{{ peers }}"
- name: Set listen port
tags: [listen_port]
community.general.ini_file:
path: "/etc/innernet/{{ network_name }}.conf"
section: interface
option: listen-port
value: "{{ network_listen_port }}"
mode: 600
backup: yes
- name: Allow UDP traffic on WireGuard port
tags: [listen_port, firewall]
ufw:
to_port: "{{ network_listen_port }}"
rule: allow
proto: udp
- name: Just force systemd to reread configs (2.4 and above)
tags: [systemd, daemon]
ansible.builtin.systemd:
daemon_reload: yes
- name: Restart and enable innernet daemon
tags: [systemd, daemon]
ansible.builtin.systemd:
name: "innernet@{{ network_name }}"
state: restarted
enabled: true
Reference in New Issue View Git Blame Copy Permalink