summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authoruvok cheetah2023-08-20 12:05:53 +0200
committeruvok cheetah2023-08-20 12:05:53 +0200
commit2b2d2627e345ad2829184c009ad4ed827d39124f (patch)
tree9ffc3849f48e3413a6b80b2adb8fc6fb47385c1d /roles
parent88acccaf3136f5a106a3e16626571ab7c4936302 (diff)
Add ansible tinc config
Diffstat (limited to 'roles')
-rw-r--r--roles/router/files/tn_int/hosts/firstroot10
-rw-r--r--roles/router/files/tn_int/hosts/hetzner10
-rw-r--r--roles/router/files/tn_int/hosts/netcup10
-rw-r--r--roles/router/files/tn_int/hosts/owrt8
-rw-r--r--roles/router/files/tn_int/hosts/proxtest8
-rwxr-xr-xroles/router/files/tn_int/tinc-down3
-rw-r--r--roles/router/tasks/main.yml6
-rw-r--r--roles/router/tasks/tinc.yml29
-rwxr-xr-xroles/router/templates/tinc-up.j24
-rw-r--r--roles/router/templates/tinc.conf.j27
10 files changed, 95 insertions, 0 deletions
diff --git a/roles/router/files/tn_int/hosts/firstroot b/roles/router/files/tn_int/hosts/firstroot
new file mode 100644
index 0000000..8ca33fd
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/firstroot
@@ -0,0 +1,10 @@
+Address = saruman.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqj445YDNdD/hOIfFi5NNSQoJXpkz29qGi5xFqgH7CHn4xpv4Oz2w
+0vE8ulDVvdUHLfor16vX8+ugXg2CKStfRHKRGOZS44EaLTyn0IznLw9eOjpYKyhI
+h7tkjEJKUCQ6JFTpvkYfnE+fLbTSdxBJNygeTw1UqdVKgHLIz1+ueIHu8E2TpVx2
+PGHeETDPgr1gRuRrNFonyB4pVxxoYtLvvFtKjLibA/WqDvkHlBTZwNSx/PJ+ZhNw
+dqpe4P8cUNM6W/jbVRrUu7cMmuLuaeue0wFURBywMHLp5+RrRJzpbevYuasZQcaP
+5vPRY/Ir3aUIEYrw8JuM4UVvdHllNHFqmwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/hetzner b/roles/router/files/tn_int/hosts/hetzner
new file mode 100644
index 0000000..eca7fb1
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/hetzner
@@ -0,0 +1,10 @@
+Address = gandalf.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA5Au1V58U+RvaVjKVjrLG9aGc+P30SegS+Qqkud4eJoQvuKk27Uc3
+wgpVE21wQyeJ29Egr6Vg22uOi2M0mgglggnofsx+ikpuS5oMQJt1lF1sx3KhfGy6
+ArvardvpzGOFksVQw3+ek+oviLKCrbE7KIqx80GAJaiUyoVhqHJO8XQf21cUF1Rn
+39F1dEGoyU5EVKI9fHgOA6D2G6po8ebMlZyfxzjpKUYpZk+x4/7Xzhk4VeXTydfg
+Zpg2cWXE28jy2mS/42IOvebV6yTpafPMDGzzMPCAyw+s2h2wlvvR0rDKQadZweYt
+xM6Oty7jDk47wMlfNhdnIqBJ5vLOkWK3XQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/netcup b/roles/router/files/tn_int/hosts/netcup
new file mode 100644
index 0000000..3816545
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/netcup
@@ -0,0 +1,10 @@
+Address = bomdadil.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAudNF2GDpf/dFj0grbpOiRVnjbgsWeS/i189y2GhSohMa92s0xH3c
+BJfK/4A9j6/3WL+D/0A4uwKNEsvpmylgdFvhMG4Le3RS0w8gpm5+4O/PvUWD+ksU
+X46tzWLXZZ+V2VkjbhX6dazJxEb68x0XfNOruVStfc+2K0HpF2osFjQOaOVj6aZ/
+wg9He2qHTHxr0BOWDk7i01/z5OCxKUD0HVj56umMyR5A0xDrf8iNEI0wQBvd0wNn
+fSsIQmutbKWbt1bl3QKAopXtmKbzbMZFB/7HtBv4M1MOOTk+iFDy4jm1LQrO7Ou/
+87ZvlTViAUS0jjaJx9iY5+0nclR2eTbeSQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/owrt b/roles/router/files/tn_int/hosts/owrt
new file mode 100644
index 0000000..d399c27
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/owrt
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAsILzeDIeuvhTQfWu520O4/275YRamNCYhcYxEw2gqV9YWEKirK6v
+RaHzRcVwbKIeUny8/sRAFivKCGjMN7eaosInGH48B8QDTeNs8H24bDAAFVPCAEDc
+uQpNHqtlOKtEioJn/7k98lWejVWqxeewyEJDZkC1SYDoymBFb4HQZI+FY/HzvAt1
+FoqbjYoNutnDNjX+vd8I6SWsF9uwLYeUw4cEd/xoYHPEK6O5RpT2FOREwCg69VXV
+enPxHtMV94eAslUdApHJxS7ZGOVUKU05DL2L3X8sKjekh+Jny864tS+1R/Rebo6g
+waXsg5Mvzll98fx8ITLTomXgzw41mFlnuQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/proxtest b/roles/router/files/tn_int/hosts/proxtest
new file mode 100644
index 0000000..3e397fc
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/proxtest
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAkzbwTdu76pxvvhWEHdHxSfT9WnM2jPmgovCdjdMkjkOg0o2tfrXl
+5KtPlxHfFL4ca0b9IlT4+J1tw688abMs8AmalgvjtPwOfB2a7Iij0u5LaVf2O255
+6wAGl0m81bTKl+0hkfpWVEjs7JijAsrPdtjWLmIVezyTAjN5s4gK0UYZoUJF0kEv
+g8EZw/HZVQhD3uRpxLZbw3xGZW8hi6pMn3YxS2/s2yO27QqCyZaxRZGUKEU9Z/+X
+imoTW7ZNtvNDon+6Kghta2EHgeOX2zZoFEi1CV77nTNbbtwa2Ub/ZEsC4o9bP4qk
+zDuBzPlJOj/k6i1yEDyTSdx19KpjvJxS8wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/tinc-down b/roles/router/files/tn_int/tinc-down
new file mode 100755
index 0000000..40a7610
--- /dev/null
+++ b/roles/router/files/tn_int/tinc-down
@@ -0,0 +1,3 @@
+#!/bin/sh
+ip link set $INTERFACE down
+
diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml
index 286dda9..e8c4843 100644
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@@ -7,3 +7,9 @@
- iperf3
- mtr-tiny
state: present
+- name: Include tinc tasks
+ import_tasks: tinc.yml
+ when:
+ - tinc is defined
+ - tinc.configure is defined
+ - tinc.configure
diff --git a/roles/router/tasks/tinc.yml b/roles/router/tasks/tinc.yml
new file mode 100644
index 0000000..ee16b0a
--- /dev/null
+++ b/roles/router/tasks/tinc.yml
@@ -0,0 +1,29 @@
+- name: Ensure tinc directory exists
+ ansible.builtin.file:
+ path: '/etc/tinc/tn_int/'
+ state: directory
+- name: Install tinc.conf template
+ template:
+ src: tinc.conf.j2
+ dest: /etc/tinc/tn_int/tinc.conf
+ tags:
+ - tconfig
+- name: Install tinc-up template
+ template:
+ src: tinc-up.j2
+ dest: /etc/tinc/tn_int/tinc-up
+ tags:
+ - tconfig
+- name: Copy remaining files
+ ansible.builtin.copy:
+ src: tn_int/
+ dest: /etc/tinc/tn_int/
+- name: Make scripts executable
+ file:
+ path: "/etc/tinc/tn_int/{{ item }}"
+ mode: "0740"
+ with_items:
+ - tinc-up
+ - tinc-down
+ tags:
+ - exec
diff --git a/roles/router/templates/tinc-up.j2 b/roles/router/templates/tinc-up.j2
new file mode 100755
index 0000000..93ab205
--- /dev/null
+++ b/roles/router/templates/tinc-up.j2
@@ -0,0 +1,4 @@
+#!/bin/sh
+ip link set $INTERFACE up
+ip -6 addr flush dev $INTERFACE
+ip addr add {{ tinc.address }} dev $INTERFACE
diff --git a/roles/router/templates/tinc.conf.j2 b/roles/router/templates/tinc.conf.j2
new file mode 100644
index 0000000..bc71107
--- /dev/null
+++ b/roles/router/templates/tinc.conf.j2
@@ -0,0 +1,7 @@
+Name = {{ tinc.name }}
+AddressFamily = ipv6
+Interface = tn_int
+Mode = switch
+{% for conn in tinc.connections %}
+ConnectTo = {{ conn }}
+{% endfor %}