Split router and tinc config

10 files changed, 116 insertions, 0 deletions

diff --git a/roles/tinc/files/tn_int/hosts/firstroot b/roles/tinc/files/tn_int/hosts/firstroot
new file mode 100644
index 0000000..8ca33fd
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/firstroot
@@ -0,0 +1,10 @@
+Address = saruman.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqj445YDNdD/hOIfFi5NNSQoJXpkz29qGi5xFqgH7CHn4xpv4Oz2w
+0vE8ulDVvdUHLfor16vX8+ugXg2CKStfRHKRGOZS44EaLTyn0IznLw9eOjpYKyhI
+h7tkjEJKUCQ6JFTpvkYfnE+fLbTSdxBJNygeTw1UqdVKgHLIz1+ueIHu8E2TpVx2
+PGHeETDPgr1gRuRrNFonyB4pVxxoYtLvvFtKjLibA/WqDvkHlBTZwNSx/PJ+ZhNw
+dqpe4P8cUNM6W/jbVRrUu7cMmuLuaeue0wFURBywMHLp5+RrRJzpbevYuasZQcaP
+5vPRY/Ir3aUIEYrw8JuM4UVvdHllNHFqmwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/hetzner b/roles/tinc/files/tn_int/hosts/hetzner
new file mode 100644
index 0000000..eca7fb1
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/hetzner
@@ -0,0 +1,10 @@
+Address = gandalf.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA5Au1V58U+RvaVjKVjrLG9aGc+P30SegS+Qqkud4eJoQvuKk27Uc3
+wgpVE21wQyeJ29Egr6Vg22uOi2M0mgglggnofsx+ikpuS5oMQJt1lF1sx3KhfGy6
+ArvardvpzGOFksVQw3+ek+oviLKCrbE7KIqx80GAJaiUyoVhqHJO8XQf21cUF1Rn
+39F1dEGoyU5EVKI9fHgOA6D2G6po8ebMlZyfxzjpKUYpZk+x4/7Xzhk4VeXTydfg
+Zpg2cWXE28jy2mS/42IOvebV6yTpafPMDGzzMPCAyw+s2h2wlvvR0rDKQadZweYt
+xM6Oty7jDk47wMlfNhdnIqBJ5vLOkWK3XQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/netcup b/roles/tinc/files/tn_int/hosts/netcup
new file mode 100644
index 0000000..3816545
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/netcup
@@ -0,0 +1,10 @@
+Address = bomdadil.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAudNF2GDpf/dFj0grbpOiRVnjbgsWeS/i189y2GhSohMa92s0xH3c
+BJfK/4A9j6/3WL+D/0A4uwKNEsvpmylgdFvhMG4Le3RS0w8gpm5+4O/PvUWD+ksU
+X46tzWLXZZ+V2VkjbhX6dazJxEb68x0XfNOruVStfc+2K0HpF2osFjQOaOVj6aZ/
+wg9He2qHTHxr0BOWDk7i01/z5OCxKUD0HVj56umMyR5A0xDrf8iNEI0wQBvd0wNn
+fSsIQmutbKWbt1bl3QKAopXtmKbzbMZFB/7HtBv4M1MOOTk+iFDy4jm1LQrO7Ou/
+87ZvlTViAUS0jjaJx9iY5+0nclR2eTbeSQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/owrt b/roles/tinc/files/tn_int/hosts/owrt
new file mode 100644
index 0000000..d399c27
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/owrt
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAsILzeDIeuvhTQfWu520O4/275YRamNCYhcYxEw2gqV9YWEKirK6v
+RaHzRcVwbKIeUny8/sRAFivKCGjMN7eaosInGH48B8QDTeNs8H24bDAAFVPCAEDc
+uQpNHqtlOKtEioJn/7k98lWejVWqxeewyEJDZkC1SYDoymBFb4HQZI+FY/HzvAt1
+FoqbjYoNutnDNjX+vd8I6SWsF9uwLYeUw4cEd/xoYHPEK6O5RpT2FOREwCg69VXV
+enPxHtMV94eAslUdApHJxS7ZGOVUKU05DL2L3X8sKjekh+Jny864tS+1R/Rebo6g
+waXsg5Mvzll98fx8ITLTomXgzw41mFlnuQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/proxtest b/roles/tinc/files/tn_int/hosts/proxtest
new file mode 100644
index 0000000..3e397fc
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/proxtest
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAkzbwTdu76pxvvhWEHdHxSfT9WnM2jPmgovCdjdMkjkOg0o2tfrXl
+5KtPlxHfFL4ca0b9IlT4+J1tw688abMs8AmalgvjtPwOfB2a7Iij0u5LaVf2O255
+6wAGl0m81bTKl+0hkfpWVEjs7JijAsrPdtjWLmIVezyTAjN5s4gK0UYZoUJF0kEv
+g8EZw/HZVQhD3uRpxLZbw3xGZW8hi6pMn3YxS2/s2yO27QqCyZaxRZGUKEU9Z/+X
+imoTW7ZNtvNDon+6Kghta2EHgeOX2zZoFEi1CV77nTNbbtwa2Ub/ZEsC4o9bP4qk
+zDuBzPlJOj/k6i1yEDyTSdx19KpjvJxS8wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/tinc-down b/roles/tinc/files/tn_int/tinc-down
new file mode 100755
index 0000000..40a7610
--- /dev/null
+++ b/roles/tinc/files/tn_int/tinc-down
@@ -0,0 +1,3 @@
+#!/bin/sh
+ip link set $INTERFACE down
+
diff --git a/roles/tinc/tasks/main.yml b/roles/tinc/tasks/main.yml
new file mode 100644
index 0000000..4cfc7cd
--- /dev/null
+++ b/roles/tinc/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Install routing software
+  package:
+    name:
+      - tinc
+    state: present
+- name: Include tinc tasks
+  import_tasks: tinc.yml
+  when:
+    - tinc is defined
+    - tinc.configure is defined
+    - tinc.configure
diff --git a/roles/tinc/tasks/tinc.yml b/roles/tinc/tasks/tinc.yml
new file mode 100644
index 0000000..2673a59
--- /dev/null
+++ b/roles/tinc/tasks/tinc.yml
@@ -0,0 +1,35 @@
+---
+- name: Ensure tinc directory exists
+  ansible.builtin.file:
+    path: '/etc/tinc/tn_int/'
+    state: directory
+    mode: '0750'
+- name: Install tinc.conf template
+  template:
+    src: tinc.conf.j2
+    dest: /etc/tinc/tn_int/tinc.conf
+    mode: '0750'
+  tags:
+    - tconfig
+- name: Install tinc-up template
+  template:
+    src: tinc-up.j2
+    dest: /etc/tinc/tn_int/tinc-up
+    mode: '0740'
+  tags:
+    - tconfig
+- name: Copy remaining files
+  ansible.posix.synchronize:
+    src: tn_int/
+    dest: /etc/tinc/tn_int/
+    archive: false
+    recursive: true
+    times: true
+- name: Make scripts executable
+  file:
+    path: "/etc/tinc/tn_int/{{ item }}"
+    mode: "0740"
+  with_items:
+    - tinc-down
+  tags:
+    - exec
diff --git a/roles/tinc/templates/tinc-up.j2 b/roles/tinc/templates/tinc-up.j2
new file mode 100755
index 0000000..8c26aa9
--- /dev/null
+++ b/roles/tinc/templates/tinc-up.j2
@@ -0,0 +1,9 @@
+#!/bin/sh
+ip link set $INTERFACE up
+ip -6 addr flush dev $INTERFACE
+ip addr add {{ tinc.address }} dev $INTERFACE
+{% if tinc.extra_up is defined %}
+{% for cmd in tinc.extra_up %}
+{{ cmd }}
+{% endfor %}
+{% endif %}
diff --git a/roles/tinc/templates/tinc.conf.j2 b/roles/tinc/templates/tinc.conf.j2
new file mode 100644
index 0000000..b7011e1
--- /dev/null
+++ b/roles/tinc/templates/tinc.conf.j2
@@ -0,0 +1,11 @@
+Name = {{ tinc.name }}
+{% if tinc.listen_on is defined %}
+AddressFamily = {{ tinc.listen_on }}
+{% else %}
+AddressFamily = ipv6
+{% endif %}
+Interface = tn_int
+Mode = switch
+{% for conn in tinc.connections %}
+ConnectTo = {{ conn }}
+{% endfor %}