From 2b2d2627e345ad2829184c009ad4ed827d39124f Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 20 Aug 2023 12:05:53 +0200
Subject: Add ansible tinc config

---
 roles/router/files/tn_int/hosts/firstroot | 10 ++++++++++
 roles/router/files/tn_int/hosts/hetzner   | 10 ++++++++++
 roles/router/files/tn_int/hosts/netcup    | 10 ++++++++++
 roles/router/files/tn_int/hosts/owrt      |  8 ++++++++
 roles/router/files/tn_int/hosts/proxtest  |  8 ++++++++
 roles/router/files/tn_int/tinc-down       |  3 +++
 roles/router/tasks/main.yml               |  6 ++++++
 roles/router/tasks/tinc.yml               | 29 +++++++++++++++++++++++++++++
 roles/router/templates/tinc-up.j2         |  4 ++++
 roles/router/templates/tinc.conf.j2       |  7 +++++++
 10 files changed, 95 insertions(+)
 create mode 100644 roles/router/files/tn_int/hosts/firstroot
 create mode 100644 roles/router/files/tn_int/hosts/hetzner
 create mode 100644 roles/router/files/tn_int/hosts/netcup
 create mode 100644 roles/router/files/tn_int/hosts/owrt
 create mode 100644 roles/router/files/tn_int/hosts/proxtest
 create mode 100755 roles/router/files/tn_int/tinc-down
 create mode 100644 roles/router/tasks/tinc.yml
 create mode 100755 roles/router/templates/tinc-up.j2
 create mode 100644 roles/router/templates/tinc.conf.j2

diff --git a/roles/router/files/tn_int/hosts/firstroot b/roles/router/files/tn_int/hosts/firstroot
new file mode 100644
index 0000000..8ca33fd
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/firstroot
@@ -0,0 +1,10 @@
+Address = saruman.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqj445YDNdD/hOIfFi5NNSQoJXpkz29qGi5xFqgH7CHn4xpv4Oz2w
+0vE8ulDVvdUHLfor16vX8+ugXg2CKStfRHKRGOZS44EaLTyn0IznLw9eOjpYKyhI
+h7tkjEJKUCQ6JFTpvkYfnE+fLbTSdxBJNygeTw1UqdVKgHLIz1+ueIHu8E2TpVx2
+PGHeETDPgr1gRuRrNFonyB4pVxxoYtLvvFtKjLibA/WqDvkHlBTZwNSx/PJ+ZhNw
+dqpe4P8cUNM6W/jbVRrUu7cMmuLuaeue0wFURBywMHLp5+RrRJzpbevYuasZQcaP
+5vPRY/Ir3aUIEYrw8JuM4UVvdHllNHFqmwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/hetzner b/roles/router/files/tn_int/hosts/hetzner
new file mode 100644
index 0000000..eca7fb1
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/hetzner
@@ -0,0 +1,10 @@
+Address = gandalf.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA5Au1V58U+RvaVjKVjrLG9aGc+P30SegS+Qqkud4eJoQvuKk27Uc3
+wgpVE21wQyeJ29Egr6Vg22uOi2M0mgglggnofsx+ikpuS5oMQJt1lF1sx3KhfGy6
+ArvardvpzGOFksVQw3+ek+oviLKCrbE7KIqx80GAJaiUyoVhqHJO8XQf21cUF1Rn
+39F1dEGoyU5EVKI9fHgOA6D2G6po8ebMlZyfxzjpKUYpZk+x4/7Xzhk4VeXTydfg
+Zpg2cWXE28jy2mS/42IOvebV6yTpafPMDGzzMPCAyw+s2h2wlvvR0rDKQadZweYt
+xM6Oty7jDk47wMlfNhdnIqBJ5vLOkWK3XQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/netcup b/roles/router/files/tn_int/hosts/netcup
new file mode 100644
index 0000000..3816545
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/netcup
@@ -0,0 +1,10 @@
+Address = bomdadil.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAudNF2GDpf/dFj0grbpOiRVnjbgsWeS/i189y2GhSohMa92s0xH3c
+BJfK/4A9j6/3WL+D/0A4uwKNEsvpmylgdFvhMG4Le3RS0w8gpm5+4O/PvUWD+ksU
+X46tzWLXZZ+V2VkjbhX6dazJxEb68x0XfNOruVStfc+2K0HpF2osFjQOaOVj6aZ/
+wg9He2qHTHxr0BOWDk7i01/z5OCxKUD0HVj56umMyR5A0xDrf8iNEI0wQBvd0wNn
+fSsIQmutbKWbt1bl3QKAopXtmKbzbMZFB/7HtBv4M1MOOTk+iFDy4jm1LQrO7Ou/
+87ZvlTViAUS0jjaJx9iY5+0nclR2eTbeSQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/owrt b/roles/router/files/tn_int/hosts/owrt
new file mode 100644
index 0000000..d399c27
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/owrt
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAsILzeDIeuvhTQfWu520O4/275YRamNCYhcYxEw2gqV9YWEKirK6v
+RaHzRcVwbKIeUny8/sRAFivKCGjMN7eaosInGH48B8QDTeNs8H24bDAAFVPCAEDc
+uQpNHqtlOKtEioJn/7k98lWejVWqxeewyEJDZkC1SYDoymBFb4HQZI+FY/HzvAt1
+FoqbjYoNutnDNjX+vd8I6SWsF9uwLYeUw4cEd/xoYHPEK6O5RpT2FOREwCg69VXV
+enPxHtMV94eAslUdApHJxS7ZGOVUKU05DL2L3X8sKjekh+Jny864tS+1R/Rebo6g
+waXsg5Mvzll98fx8ITLTomXgzw41mFlnuQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/proxtest b/roles/router/files/tn_int/hosts/proxtest
new file mode 100644
index 0000000..3e397fc
--- /dev/null
+++ b/roles/router/files/tn_int/hosts/proxtest
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAkzbwTdu76pxvvhWEHdHxSfT9WnM2jPmgovCdjdMkjkOg0o2tfrXl
+5KtPlxHfFL4ca0b9IlT4+J1tw688abMs8AmalgvjtPwOfB2a7Iij0u5LaVf2O255
+6wAGl0m81bTKl+0hkfpWVEjs7JijAsrPdtjWLmIVezyTAjN5s4gK0UYZoUJF0kEv
+g8EZw/HZVQhD3uRpxLZbw3xGZW8hi6pMn3YxS2/s2yO27QqCyZaxRZGUKEU9Z/+X
+imoTW7ZNtvNDon+6Kghta2EHgeOX2zZoFEi1CV77nTNbbtwa2Ub/ZEsC4o9bP4qk
+zDuBzPlJOj/k6i1yEDyTSdx19KpjvJxS8wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/tinc-down b/roles/router/files/tn_int/tinc-down
new file mode 100755
index 0000000..40a7610
--- /dev/null
+++ b/roles/router/files/tn_int/tinc-down
@@ -0,0 +1,3 @@
+#!/bin/sh
+ip link set $INTERFACE down
+
diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml
index 286dda9..e8c4843 100644
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@@ -7,3 +7,9 @@
       - iperf3
       - mtr-tiny
     state: present
+- name: Include tinc tasks
+  import_tasks: tinc.yml
+  when:
+    - tinc is defined
+    - tinc.configure is defined
+    - tinc.configure
diff --git a/roles/router/tasks/tinc.yml b/roles/router/tasks/tinc.yml
new file mode 100644
index 0000000..ee16b0a
--- /dev/null
+++ b/roles/router/tasks/tinc.yml
@@ -0,0 +1,29 @@
+- name: Ensure tinc directory exists
+  ansible.builtin.file:
+    path: '/etc/tinc/tn_int/'
+    state: directory
+- name: Install tinc.conf template
+  template:
+    src: tinc.conf.j2
+    dest: /etc/tinc/tn_int/tinc.conf
+  tags:
+    - tconfig
+- name: Install tinc-up template
+  template:
+    src: tinc-up.j2
+    dest: /etc/tinc/tn_int/tinc-up
+  tags:
+    - tconfig
+- name: Copy remaining files
+  ansible.builtin.copy:
+    src: tn_int/
+    dest: /etc/tinc/tn_int/
+- name: Make scripts executable
+  file:
+    path: "/etc/tinc/tn_int/{{ item }}"
+    mode: "0740"
+  with_items:
+    - tinc-up
+    - tinc-down
+  tags:
+    - exec
diff --git a/roles/router/templates/tinc-up.j2 b/roles/router/templates/tinc-up.j2
new file mode 100755
index 0000000..93ab205
--- /dev/null
+++ b/roles/router/templates/tinc-up.j2
@@ -0,0 +1,4 @@
+#!/bin/sh
+ip link set $INTERFACE up
+ip -6 addr flush dev $INTERFACE
+ip addr add {{ tinc.address }} dev $INTERFACE
diff --git a/roles/router/templates/tinc.conf.j2 b/roles/router/templates/tinc.conf.j2
new file mode 100644
index 0000000..bc71107
--- /dev/null
+++ b/roles/router/templates/tinc.conf.j2
@@ -0,0 +1,7 @@
+Name = {{ tinc.name }}
+AddressFamily = ipv6
+Interface = tn_int
+Mode = switch
+{% for conn in tinc.connections %}
+ConnectTo = {{ conn }}
+{% endfor %}
-- 
cgit v1.2.3