forked from extern/innernet-playbook
94 lines
2.3 KiB
YAML
94 lines
2.3 KiB
YAML
# SPDX-FileCopyrightText: 2021 Free Software Foundation Europe <https://fsfe.org>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
---
|
|
- name: Install needed packages for uninstalling innernet
|
|
tags: [never, uninstall]
|
|
apt:
|
|
package:
|
|
- python3-pexpect
|
|
|
|
- name: Remove existing innernet
|
|
tags: [never, uninstall]
|
|
expect:
|
|
command: "innernet uninstall {{ network_name }}"
|
|
responses:
|
|
(?i)delete: "yes"
|
|
|
|
- name: Install needed packages
|
|
tags: [always, update]
|
|
apt:
|
|
package:
|
|
- ufw
|
|
- rsync
|
|
- wireguard
|
|
- wireguard-tools
|
|
|
|
- name: Copy package to host
|
|
tags: [never, update]
|
|
synchronize:
|
|
src: "innernet.deb"
|
|
dest: "/tmp/innernet.deb"
|
|
|
|
- name: Install package
|
|
tags: [never, update]
|
|
apt:
|
|
deb: "/tmp/innernet.deb"
|
|
update_cache: true
|
|
install_recommends: true
|
|
|
|
- name: Copy non-admin invitation to hosts
|
|
tags: [new_peer]
|
|
synchronize:
|
|
src: "{{ item.name }}.toml"
|
|
dest: "/tmp/{{ item.name }}.toml"
|
|
when:
|
|
# is not existing
|
|
- item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
|
|
# only if filename contains a part of the hostname
|
|
- item.name in ansible_host|replace('.', '-')
|
|
loop: "{{ peers }}"
|
|
|
|
- name: Install non-admin invitation on hosts
|
|
tags: [new_peer]
|
|
shell: |
|
|
innernet install /tmp/{{ item.name }}.toml \
|
|
--default-name \
|
|
--delete-invite
|
|
when:
|
|
# is not existing
|
|
- item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
|
|
# only if filename contains a part of the hostname
|
|
- item.name in ansible_host|replace('.', '-')
|
|
loop: "{{ peers }}"
|
|
|
|
- name: Set listen port
|
|
tags: [listen_port]
|
|
community.general.ini_file:
|
|
path: "/etc/innernet/{{ network_name }}.conf"
|
|
section: interface
|
|
option: listen-port
|
|
value: "{{ network_listen_port }}"
|
|
mode: 600
|
|
backup: yes
|
|
|
|
- name: Allow UDP traffic on WireGuard port
|
|
tags: [listen_port, firewall]
|
|
ufw:
|
|
to_port: "{{ network_listen_port }}"
|
|
rule: allow
|
|
proto: udp
|
|
|
|
- name: Just force systemd to reread configs (2.4 and above)
|
|
tags: [systemd, daemon]
|
|
ansible.builtin.systemd:
|
|
daemon_reload: yes
|
|
|
|
- name: Restart and enable innernet daemon
|
|
tags: [systemd, daemon]
|
|
ansible.builtin.systemd:
|
|
name: "innernet@{{ network_name }}"
|
|
state: restarted
|
|
enabled: true
|