From bb17d97096e99f0f566a6054146b247eea2bf645 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Fri, 1 Mar 2024 18:36:26 +0100
Subject: Split router and tinc config

---
 roles/router/files/tn_int/hosts/firstroot | 10 ---------
 roles/router/files/tn_int/hosts/hetzner   | 10 ---------
 roles/router/files/tn_int/hosts/netcup    | 10 ---------
 roles/router/files/tn_int/hosts/owrt      |  8 -------
 roles/router/files/tn_int/hosts/proxtest  |  8 -------
 roles/router/files/tn_int/tinc-down       |  3 ---
 roles/router/tasks/main.yml               | 10 +++------
 roles/router/tasks/tinc.yml               | 35 -------------------------------
 roles/router/templates/tinc-up.j2         |  9 --------
 roles/router/templates/tinc.conf.j2       | 11 ----------
 roles/tinc/files/tn_int/hosts/firstroot   | 10 +++++++++
 roles/tinc/files/tn_int/hosts/hetzner     | 10 +++++++++
 roles/tinc/files/tn_int/hosts/netcup      | 10 +++++++++
 roles/tinc/files/tn_int/hosts/owrt        |  8 +++++++
 roles/tinc/files/tn_int/hosts/proxtest    |  8 +++++++
 roles/tinc/files/tn_int/tinc-down         |  3 +++
 roles/tinc/tasks/main.yml                 | 12 +++++++++++
 roles/tinc/tasks/tinc.yml                 | 35 +++++++++++++++++++++++++++++++
 roles/tinc/templates/tinc-up.j2           |  9 ++++++++
 roles/tinc/templates/tinc.conf.j2         | 11 ++++++++++
 20 files changed, 119 insertions(+), 111 deletions(-)
 delete mode 100644 roles/router/files/tn_int/hosts/firstroot
 delete mode 100644 roles/router/files/tn_int/hosts/hetzner
 delete mode 100644 roles/router/files/tn_int/hosts/netcup
 delete mode 100644 roles/router/files/tn_int/hosts/owrt
 delete mode 100644 roles/router/files/tn_int/hosts/proxtest
 delete mode 100755 roles/router/files/tn_int/tinc-down
 delete mode 100644 roles/router/tasks/tinc.yml
 delete mode 100755 roles/router/templates/tinc-up.j2
 delete mode 100644 roles/router/templates/tinc.conf.j2
 create mode 100644 roles/tinc/files/tn_int/hosts/firstroot
 create mode 100644 roles/tinc/files/tn_int/hosts/hetzner
 create mode 100644 roles/tinc/files/tn_int/hosts/netcup
 create mode 100644 roles/tinc/files/tn_int/hosts/owrt
 create mode 100644 roles/tinc/files/tn_int/hosts/proxtest
 create mode 100755 roles/tinc/files/tn_int/tinc-down
 create mode 100644 roles/tinc/tasks/main.yml
 create mode 100644 roles/tinc/tasks/tinc.yml
 create mode 100755 roles/tinc/templates/tinc-up.j2
 create mode 100644 roles/tinc/templates/tinc.conf.j2

(limited to 'roles')

diff --git a/roles/router/files/tn_int/hosts/firstroot b/roles/router/files/tn_int/hosts/firstroot
deleted file mode 100644
index 8ca33fd..0000000
--- a/roles/router/files/tn_int/hosts/firstroot
+++ /dev/null
@@ -1,10 +0,0 @@
-Address = saruman.uvok.de
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqj445YDNdD/hOIfFi5NNSQoJXpkz29qGi5xFqgH7CHn4xpv4Oz2w
-0vE8ulDVvdUHLfor16vX8+ugXg2CKStfRHKRGOZS44EaLTyn0IznLw9eOjpYKyhI
-h7tkjEJKUCQ6JFTpvkYfnE+fLbTSdxBJNygeTw1UqdVKgHLIz1+ueIHu8E2TpVx2
-PGHeETDPgr1gRuRrNFonyB4pVxxoYtLvvFtKjLibA/WqDvkHlBTZwNSx/PJ+ZhNw
-dqpe4P8cUNM6W/jbVRrUu7cMmuLuaeue0wFURBywMHLp5+RrRJzpbevYuasZQcaP
-5vPRY/Ir3aUIEYrw8JuM4UVvdHllNHFqmwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/hetzner b/roles/router/files/tn_int/hosts/hetzner
deleted file mode 100644
index eca7fb1..0000000
--- a/roles/router/files/tn_int/hosts/hetzner
+++ /dev/null
@@ -1,10 +0,0 @@
-Address = gandalf.uvok.de
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA5Au1V58U+RvaVjKVjrLG9aGc+P30SegS+Qqkud4eJoQvuKk27Uc3
-wgpVE21wQyeJ29Egr6Vg22uOi2M0mgglggnofsx+ikpuS5oMQJt1lF1sx3KhfGy6
-ArvardvpzGOFksVQw3+ek+oviLKCrbE7KIqx80GAJaiUyoVhqHJO8XQf21cUF1Rn
-39F1dEGoyU5EVKI9fHgOA6D2G6po8ebMlZyfxzjpKUYpZk+x4/7Xzhk4VeXTydfg
-Zpg2cWXE28jy2mS/42IOvebV6yTpafPMDGzzMPCAyw+s2h2wlvvR0rDKQadZweYt
-xM6Oty7jDk47wMlfNhdnIqBJ5vLOkWK3XQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/netcup b/roles/router/files/tn_int/hosts/netcup
deleted file mode 100644
index 3816545..0000000
--- a/roles/router/files/tn_int/hosts/netcup
+++ /dev/null
@@ -1,10 +0,0 @@
-Address = bomdadil.uvok.de
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAudNF2GDpf/dFj0grbpOiRVnjbgsWeS/i189y2GhSohMa92s0xH3c
-BJfK/4A9j6/3WL+D/0A4uwKNEsvpmylgdFvhMG4Le3RS0w8gpm5+4O/PvUWD+ksU
-X46tzWLXZZ+V2VkjbhX6dazJxEb68x0XfNOruVStfc+2K0HpF2osFjQOaOVj6aZ/
-wg9He2qHTHxr0BOWDk7i01/z5OCxKUD0HVj56umMyR5A0xDrf8iNEI0wQBvd0wNn
-fSsIQmutbKWbt1bl3QKAopXtmKbzbMZFB/7HtBv4M1MOOTk+iFDy4jm1LQrO7Ou/
-87ZvlTViAUS0jjaJx9iY5+0nclR2eTbeSQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/owrt b/roles/router/files/tn_int/hosts/owrt
deleted file mode 100644
index d399c27..0000000
--- a/roles/router/files/tn_int/hosts/owrt
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsILzeDIeuvhTQfWu520O4/275YRamNCYhcYxEw2gqV9YWEKirK6v
-RaHzRcVwbKIeUny8/sRAFivKCGjMN7eaosInGH48B8QDTeNs8H24bDAAFVPCAEDc
-uQpNHqtlOKtEioJn/7k98lWejVWqxeewyEJDZkC1SYDoymBFb4HQZI+FY/HzvAt1
-FoqbjYoNutnDNjX+vd8I6SWsF9uwLYeUw4cEd/xoYHPEK6O5RpT2FOREwCg69VXV
-enPxHtMV94eAslUdApHJxS7ZGOVUKU05DL2L3X8sKjekh+Jny864tS+1R/Rebo6g
-waXsg5Mvzll98fx8ITLTomXgzw41mFlnuQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/hosts/proxtest b/roles/router/files/tn_int/hosts/proxtest
deleted file mode 100644
index 3e397fc..0000000
--- a/roles/router/files/tn_int/hosts/proxtest
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAkzbwTdu76pxvvhWEHdHxSfT9WnM2jPmgovCdjdMkjkOg0o2tfrXl
-5KtPlxHfFL4ca0b9IlT4+J1tw688abMs8AmalgvjtPwOfB2a7Iij0u5LaVf2O255
-6wAGl0m81bTKl+0hkfpWVEjs7JijAsrPdtjWLmIVezyTAjN5s4gK0UYZoUJF0kEv
-g8EZw/HZVQhD3uRpxLZbw3xGZW8hi6pMn3YxS2/s2yO27QqCyZaxRZGUKEU9Z/+X
-imoTW7ZNtvNDon+6Kghta2EHgeOX2zZoFEi1CV77nTNbbtwa2Ub/ZEsC4o9bP4qk
-zDuBzPlJOj/k6i1yEDyTSdx19KpjvJxS8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/roles/router/files/tn_int/tinc-down b/roles/router/files/tn_int/tinc-down
deleted file mode 100755
index 40a7610..0000000
--- a/roles/router/files/tn_int/tinc-down
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-ip link set $INTERFACE down
-
diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml
index c319b4a..6ab944f 100644
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@@ -2,17 +2,10 @@
 - name: Install routing software
   package:
     name:
-      - tinc
       - bird2
       - iperf3
       - mtr-tiny
     state: present
-- name: Include tinc tasks
-  import_tasks: tinc.yml
-  when:
-    - tinc is defined
-    - tinc.configure is defined
-    - tinc.configure
 - name: Copy munin plugin
   copy:
     src: munin_bird
@@ -20,3 +13,6 @@
     mode: '0750'
   tags:
     - munin
+- name: Apply tinc rule
+  import_role:
+    name: tinc
diff --git a/roles/router/tasks/tinc.yml b/roles/router/tasks/tinc.yml
deleted file mode 100644
index 2673a59..0000000
--- a/roles/router/tasks/tinc.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-- name: Ensure tinc directory exists
-  ansible.builtin.file:
-    path: '/etc/tinc/tn_int/'
-    state: directory
-    mode: '0750'
-- name: Install tinc.conf template
-  template:
-    src: tinc.conf.j2
-    dest: /etc/tinc/tn_int/tinc.conf
-    mode: '0750'
-  tags:
-    - tconfig
-- name: Install tinc-up template
-  template:
-    src: tinc-up.j2
-    dest: /etc/tinc/tn_int/tinc-up
-    mode: '0740'
-  tags:
-    - tconfig
-- name: Copy remaining files
-  ansible.posix.synchronize:
-    src: tn_int/
-    dest: /etc/tinc/tn_int/
-    archive: false
-    recursive: true
-    times: true
-- name: Make scripts executable
-  file:
-    path: "/etc/tinc/tn_int/{{ item }}"
-    mode: "0740"
-  with_items:
-    - tinc-down
-  tags:
-    - exec
diff --git a/roles/router/templates/tinc-up.j2 b/roles/router/templates/tinc-up.j2
deleted file mode 100755
index 8c26aa9..0000000
--- a/roles/router/templates/tinc-up.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-ip link set $INTERFACE up
-ip -6 addr flush dev $INTERFACE
-ip addr add {{ tinc.address }} dev $INTERFACE
-{% if tinc.extra_up is defined %}
-{% for cmd in tinc.extra_up %}
-{{ cmd }}
-{% endfor %}
-{% endif %}
diff --git a/roles/router/templates/tinc.conf.j2 b/roles/router/templates/tinc.conf.j2
deleted file mode 100644
index b7011e1..0000000
--- a/roles/router/templates/tinc.conf.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-Name = {{ tinc.name }}
-{% if tinc.listen_on is defined %}
-AddressFamily = {{ tinc.listen_on }}
-{% else %}
-AddressFamily = ipv6
-{% endif %}
-Interface = tn_int
-Mode = switch
-{% for conn in tinc.connections %}
-ConnectTo = {{ conn }}
-{% endfor %}
diff --git a/roles/tinc/files/tn_int/hosts/firstroot b/roles/tinc/files/tn_int/hosts/firstroot
new file mode 100644
index 0000000..8ca33fd
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/firstroot
@@ -0,0 +1,10 @@
+Address = saruman.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqj445YDNdD/hOIfFi5NNSQoJXpkz29qGi5xFqgH7CHn4xpv4Oz2w
+0vE8ulDVvdUHLfor16vX8+ugXg2CKStfRHKRGOZS44EaLTyn0IznLw9eOjpYKyhI
+h7tkjEJKUCQ6JFTpvkYfnE+fLbTSdxBJNygeTw1UqdVKgHLIz1+ueIHu8E2TpVx2
+PGHeETDPgr1gRuRrNFonyB4pVxxoYtLvvFtKjLibA/WqDvkHlBTZwNSx/PJ+ZhNw
+dqpe4P8cUNM6W/jbVRrUu7cMmuLuaeue0wFURBywMHLp5+RrRJzpbevYuasZQcaP
+5vPRY/Ir3aUIEYrw8JuM4UVvdHllNHFqmwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/hetzner b/roles/tinc/files/tn_int/hosts/hetzner
new file mode 100644
index 0000000..eca7fb1
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/hetzner
@@ -0,0 +1,10 @@
+Address = gandalf.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA5Au1V58U+RvaVjKVjrLG9aGc+P30SegS+Qqkud4eJoQvuKk27Uc3
+wgpVE21wQyeJ29Egr6Vg22uOi2M0mgglggnofsx+ikpuS5oMQJt1lF1sx3KhfGy6
+ArvardvpzGOFksVQw3+ek+oviLKCrbE7KIqx80GAJaiUyoVhqHJO8XQf21cUF1Rn
+39F1dEGoyU5EVKI9fHgOA6D2G6po8ebMlZyfxzjpKUYpZk+x4/7Xzhk4VeXTydfg
+Zpg2cWXE28jy2mS/42IOvebV6yTpafPMDGzzMPCAyw+s2h2wlvvR0rDKQadZweYt
+xM6Oty7jDk47wMlfNhdnIqBJ5vLOkWK3XQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/netcup b/roles/tinc/files/tn_int/hosts/netcup
new file mode 100644
index 0000000..3816545
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/netcup
@@ -0,0 +1,10 @@
+Address = bomdadil.uvok.de
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAudNF2GDpf/dFj0grbpOiRVnjbgsWeS/i189y2GhSohMa92s0xH3c
+BJfK/4A9j6/3WL+D/0A4uwKNEsvpmylgdFvhMG4Le3RS0w8gpm5+4O/PvUWD+ksU
+X46tzWLXZZ+V2VkjbhX6dazJxEb68x0XfNOruVStfc+2K0HpF2osFjQOaOVj6aZ/
+wg9He2qHTHxr0BOWDk7i01/z5OCxKUD0HVj56umMyR5A0xDrf8iNEI0wQBvd0wNn
+fSsIQmutbKWbt1bl3QKAopXtmKbzbMZFB/7HtBv4M1MOOTk+iFDy4jm1LQrO7Ou/
+87ZvlTViAUS0jjaJx9iY5+0nclR2eTbeSQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/owrt b/roles/tinc/files/tn_int/hosts/owrt
new file mode 100644
index 0000000..d399c27
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/owrt
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAsILzeDIeuvhTQfWu520O4/275YRamNCYhcYxEw2gqV9YWEKirK6v
+RaHzRcVwbKIeUny8/sRAFivKCGjMN7eaosInGH48B8QDTeNs8H24bDAAFVPCAEDc
+uQpNHqtlOKtEioJn/7k98lWejVWqxeewyEJDZkC1SYDoymBFb4HQZI+FY/HzvAt1
+FoqbjYoNutnDNjX+vd8I6SWsF9uwLYeUw4cEd/xoYHPEK6O5RpT2FOREwCg69VXV
+enPxHtMV94eAslUdApHJxS7ZGOVUKU05DL2L3X8sKjekh+Jny864tS+1R/Rebo6g
+waXsg5Mvzll98fx8ITLTomXgzw41mFlnuQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/hosts/proxtest b/roles/tinc/files/tn_int/hosts/proxtest
new file mode 100644
index 0000000..3e397fc
--- /dev/null
+++ b/roles/tinc/files/tn_int/hosts/proxtest
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAkzbwTdu76pxvvhWEHdHxSfT9WnM2jPmgovCdjdMkjkOg0o2tfrXl
+5KtPlxHfFL4ca0b9IlT4+J1tw688abMs8AmalgvjtPwOfB2a7Iij0u5LaVf2O255
+6wAGl0m81bTKl+0hkfpWVEjs7JijAsrPdtjWLmIVezyTAjN5s4gK0UYZoUJF0kEv
+g8EZw/HZVQhD3uRpxLZbw3xGZW8hi6pMn3YxS2/s2yO27QqCyZaxRZGUKEU9Z/+X
+imoTW7ZNtvNDon+6Kghta2EHgeOX2zZoFEi1CV77nTNbbtwa2Ub/ZEsC4o9bP4qk
+zDuBzPlJOj/k6i1yEDyTSdx19KpjvJxS8wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/roles/tinc/files/tn_int/tinc-down b/roles/tinc/files/tn_int/tinc-down
new file mode 100755
index 0000000..40a7610
--- /dev/null
+++ b/roles/tinc/files/tn_int/tinc-down
@@ -0,0 +1,3 @@
+#!/bin/sh
+ip link set $INTERFACE down
+
diff --git a/roles/tinc/tasks/main.yml b/roles/tinc/tasks/main.yml
new file mode 100644
index 0000000..4cfc7cd
--- /dev/null
+++ b/roles/tinc/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Install routing software
+  package:
+    name:
+      - tinc
+    state: present
+- name: Include tinc tasks
+  import_tasks: tinc.yml
+  when:
+    - tinc is defined
+    - tinc.configure is defined
+    - tinc.configure
diff --git a/roles/tinc/tasks/tinc.yml b/roles/tinc/tasks/tinc.yml
new file mode 100644
index 0000000..2673a59
--- /dev/null
+++ b/roles/tinc/tasks/tinc.yml
@@ -0,0 +1,35 @@
+---
+- name: Ensure tinc directory exists
+  ansible.builtin.file:
+    path: '/etc/tinc/tn_int/'
+    state: directory
+    mode: '0750'
+- name: Install tinc.conf template
+  template:
+    src: tinc.conf.j2
+    dest: /etc/tinc/tn_int/tinc.conf
+    mode: '0750'
+  tags:
+    - tconfig
+- name: Install tinc-up template
+  template:
+    src: tinc-up.j2
+    dest: /etc/tinc/tn_int/tinc-up
+    mode: '0740'
+  tags:
+    - tconfig
+- name: Copy remaining files
+  ansible.posix.synchronize:
+    src: tn_int/
+    dest: /etc/tinc/tn_int/
+    archive: false
+    recursive: true
+    times: true
+- name: Make scripts executable
+  file:
+    path: "/etc/tinc/tn_int/{{ item }}"
+    mode: "0740"
+  with_items:
+    - tinc-down
+  tags:
+    - exec
diff --git a/roles/tinc/templates/tinc-up.j2 b/roles/tinc/templates/tinc-up.j2
new file mode 100755
index 0000000..8c26aa9
--- /dev/null
+++ b/roles/tinc/templates/tinc-up.j2
@@ -0,0 +1,9 @@
+#!/bin/sh
+ip link set $INTERFACE up
+ip -6 addr flush dev $INTERFACE
+ip addr add {{ tinc.address }} dev $INTERFACE
+{% if tinc.extra_up is defined %}
+{% for cmd in tinc.extra_up %}
+{{ cmd }}
+{% endfor %}
+{% endif %}
diff --git a/roles/tinc/templates/tinc.conf.j2 b/roles/tinc/templates/tinc.conf.j2
new file mode 100644
index 0000000..b7011e1
--- /dev/null
+++ b/roles/tinc/templates/tinc.conf.j2
@@ -0,0 +1,11 @@
+Name = {{ tinc.name }}
+{% if tinc.listen_on is defined %}
+AddressFamily = {{ tinc.listen_on }}
+{% else %}
+AddressFamily = ipv6
+{% endif %}
+Interface = tn_int
+Mode = switch
+{% for conn in tinc.connections %}
+ConnectTo = {{ conn }}
+{% endfor %}
-- 
cgit v1.2.3