From bb17d97096e99f0f566a6054146b247eea2bf645 Mon Sep 17 00:00:00 2001 From: uvok cheetah Date: Fri, 1 Mar 2024 18:36:26 +0100 Subject: Split router and tinc config --- roles/tinc/files/tn_int/hosts/firstroot | 10 ++++++++++ roles/tinc/files/tn_int/hosts/hetzner | 10 ++++++++++ roles/tinc/files/tn_int/hosts/netcup | 10 ++++++++++ roles/tinc/files/tn_int/hosts/owrt | 8 ++++++++ roles/tinc/files/tn_int/hosts/proxtest | 8 ++++++++ roles/tinc/files/tn_int/tinc-down | 3 +++ roles/tinc/tasks/main.yml | 12 +++++++++++ roles/tinc/tasks/tinc.yml | 35 +++++++++++++++++++++++++++++++++ roles/tinc/templates/tinc-up.j2 | 9 +++++++++ roles/tinc/templates/tinc.conf.j2 | 11 +++++++++++ 10 files changed, 116 insertions(+) create mode 100644 roles/tinc/files/tn_int/hosts/firstroot create mode 100644 roles/tinc/files/tn_int/hosts/hetzner create mode 100644 roles/tinc/files/tn_int/hosts/netcup create mode 100644 roles/tinc/files/tn_int/hosts/owrt create mode 100644 roles/tinc/files/tn_int/hosts/proxtest create mode 100755 roles/tinc/files/tn_int/tinc-down create mode 100644 roles/tinc/tasks/main.yml create mode 100644 roles/tinc/tasks/tinc.yml create mode 100755 roles/tinc/templates/tinc-up.j2 create mode 100644 roles/tinc/templates/tinc.conf.j2 (limited to 'roles/tinc') diff --git a/roles/tinc/files/tn_int/hosts/firstroot b/roles/tinc/files/tn_int/hosts/firstroot new file mode 100644 index 0000000..8ca33fd --- /dev/null +++ b/roles/tinc/files/tn_int/hosts/firstroot @@ -0,0 +1,10 @@ +Address = saruman.uvok.de + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAqj445YDNdD/hOIfFi5NNSQoJXpkz29qGi5xFqgH7CHn4xpv4Oz2w +0vE8ulDVvdUHLfor16vX8+ugXg2CKStfRHKRGOZS44EaLTyn0IznLw9eOjpYKyhI +h7tkjEJKUCQ6JFTpvkYfnE+fLbTSdxBJNygeTw1UqdVKgHLIz1+ueIHu8E2TpVx2 +PGHeETDPgr1gRuRrNFonyB4pVxxoYtLvvFtKjLibA/WqDvkHlBTZwNSx/PJ+ZhNw +dqpe4P8cUNM6W/jbVRrUu7cMmuLuaeue0wFURBywMHLp5+RrRJzpbevYuasZQcaP +5vPRY/Ir3aUIEYrw8JuM4UVvdHllNHFqmwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/roles/tinc/files/tn_int/hosts/hetzner b/roles/tinc/files/tn_int/hosts/hetzner new file mode 100644 index 0000000..eca7fb1 --- /dev/null +++ b/roles/tinc/files/tn_int/hosts/hetzner @@ -0,0 +1,10 @@ +Address = gandalf.uvok.de + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA5Au1V58U+RvaVjKVjrLG9aGc+P30SegS+Qqkud4eJoQvuKk27Uc3 +wgpVE21wQyeJ29Egr6Vg22uOi2M0mgglggnofsx+ikpuS5oMQJt1lF1sx3KhfGy6 +ArvardvpzGOFksVQw3+ek+oviLKCrbE7KIqx80GAJaiUyoVhqHJO8XQf21cUF1Rn +39F1dEGoyU5EVKI9fHgOA6D2G6po8ebMlZyfxzjpKUYpZk+x4/7Xzhk4VeXTydfg +Zpg2cWXE28jy2mS/42IOvebV6yTpafPMDGzzMPCAyw+s2h2wlvvR0rDKQadZweYt +xM6Oty7jDk47wMlfNhdnIqBJ5vLOkWK3XQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/roles/tinc/files/tn_int/hosts/netcup b/roles/tinc/files/tn_int/hosts/netcup new file mode 100644 index 0000000..3816545 --- /dev/null +++ b/roles/tinc/files/tn_int/hosts/netcup @@ -0,0 +1,10 @@ +Address = bomdadil.uvok.de + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAudNF2GDpf/dFj0grbpOiRVnjbgsWeS/i189y2GhSohMa92s0xH3c +BJfK/4A9j6/3WL+D/0A4uwKNEsvpmylgdFvhMG4Le3RS0w8gpm5+4O/PvUWD+ksU +X46tzWLXZZ+V2VkjbhX6dazJxEb68x0XfNOruVStfc+2K0HpF2osFjQOaOVj6aZ/ +wg9He2qHTHxr0BOWDk7i01/z5OCxKUD0HVj56umMyR5A0xDrf8iNEI0wQBvd0wNn +fSsIQmutbKWbt1bl3QKAopXtmKbzbMZFB/7HtBv4M1MOOTk+iFDy4jm1LQrO7Ou/ +87ZvlTViAUS0jjaJx9iY5+0nclR2eTbeSQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/roles/tinc/files/tn_int/hosts/owrt b/roles/tinc/files/tn_int/hosts/owrt new file mode 100644 index 0000000..d399c27 --- /dev/null +++ b/roles/tinc/files/tn_int/hosts/owrt @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAsILzeDIeuvhTQfWu520O4/275YRamNCYhcYxEw2gqV9YWEKirK6v +RaHzRcVwbKIeUny8/sRAFivKCGjMN7eaosInGH48B8QDTeNs8H24bDAAFVPCAEDc +uQpNHqtlOKtEioJn/7k98lWejVWqxeewyEJDZkC1SYDoymBFb4HQZI+FY/HzvAt1 +FoqbjYoNutnDNjX+vd8I6SWsF9uwLYeUw4cEd/xoYHPEK6O5RpT2FOREwCg69VXV +enPxHtMV94eAslUdApHJxS7ZGOVUKU05DL2L3X8sKjekh+Jny864tS+1R/Rebo6g +waXsg5Mvzll98fx8ITLTomXgzw41mFlnuQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/roles/tinc/files/tn_int/hosts/proxtest b/roles/tinc/files/tn_int/hosts/proxtest new file mode 100644 index 0000000..3e397fc --- /dev/null +++ b/roles/tinc/files/tn_int/hosts/proxtest @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAkzbwTdu76pxvvhWEHdHxSfT9WnM2jPmgovCdjdMkjkOg0o2tfrXl +5KtPlxHfFL4ca0b9IlT4+J1tw688abMs8AmalgvjtPwOfB2a7Iij0u5LaVf2O255 +6wAGl0m81bTKl+0hkfpWVEjs7JijAsrPdtjWLmIVezyTAjN5s4gK0UYZoUJF0kEv +g8EZw/HZVQhD3uRpxLZbw3xGZW8hi6pMn3YxS2/s2yO27QqCyZaxRZGUKEU9Z/+X +imoTW7ZNtvNDon+6Kghta2EHgeOX2zZoFEi1CV77nTNbbtwa2Ub/ZEsC4o9bP4qk +zDuBzPlJOj/k6i1yEDyTSdx19KpjvJxS8wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/roles/tinc/files/tn_int/tinc-down b/roles/tinc/files/tn_int/tinc-down new file mode 100755 index 0000000..40a7610 --- /dev/null +++ b/roles/tinc/files/tn_int/tinc-down @@ -0,0 +1,3 @@ +#!/bin/sh +ip link set $INTERFACE down + diff --git a/roles/tinc/tasks/main.yml b/roles/tinc/tasks/main.yml new file mode 100644 index 0000000..4cfc7cd --- /dev/null +++ b/roles/tinc/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Install routing software + package: + name: + - tinc + state: present +- name: Include tinc tasks + import_tasks: tinc.yml + when: + - tinc is defined + - tinc.configure is defined + - tinc.configure diff --git a/roles/tinc/tasks/tinc.yml b/roles/tinc/tasks/tinc.yml new file mode 100644 index 0000000..2673a59 --- /dev/null +++ b/roles/tinc/tasks/tinc.yml @@ -0,0 +1,35 @@ +--- +- name: Ensure tinc directory exists + ansible.builtin.file: + path: '/etc/tinc/tn_int/' + state: directory + mode: '0750' +- name: Install tinc.conf template + template: + src: tinc.conf.j2 + dest: /etc/tinc/tn_int/tinc.conf + mode: '0750' + tags: + - tconfig +- name: Install tinc-up template + template: + src: tinc-up.j2 + dest: /etc/tinc/tn_int/tinc-up + mode: '0740' + tags: + - tconfig +- name: Copy remaining files + ansible.posix.synchronize: + src: tn_int/ + dest: /etc/tinc/tn_int/ + archive: false + recursive: true + times: true +- name: Make scripts executable + file: + path: "/etc/tinc/tn_int/{{ item }}" + mode: "0740" + with_items: + - tinc-down + tags: + - exec diff --git a/roles/tinc/templates/tinc-up.j2 b/roles/tinc/templates/tinc-up.j2 new file mode 100755 index 0000000..8c26aa9 --- /dev/null +++ b/roles/tinc/templates/tinc-up.j2 @@ -0,0 +1,9 @@ +#!/bin/sh +ip link set $INTERFACE up +ip -6 addr flush dev $INTERFACE +ip addr add {{ tinc.address }} dev $INTERFACE +{% if tinc.extra_up is defined %} +{% for cmd in tinc.extra_up %} +{{ cmd }} +{% endfor %} +{% endif %} diff --git a/roles/tinc/templates/tinc.conf.j2 b/roles/tinc/templates/tinc.conf.j2 new file mode 100644 index 0000000..b7011e1 --- /dev/null +++ b/roles/tinc/templates/tinc.conf.j2 @@ -0,0 +1,11 @@ +Name = {{ tinc.name }} +{% if tinc.listen_on is defined %} +AddressFamily = {{ tinc.listen_on }} +{% else %} +AddressFamily = ipv6 +{% endif %} +Interface = tn_int +Mode = switch +{% for conn in tinc.connections %} +ConnectTo = {{ conn }} +{% endfor %} -- cgit v1.2.3