71 lines
2.1 KiB
YAML
71 lines
2.1 KiB
YAML
|
---
|
||
|
|
# this file included in a loop, called seperately for each community
|
||
|
|
# => configure fastd for one community here
|
||
|
|
# hash describing community expected as "mf_com"; also expected: "f_ssh_keyfile"
|
||
|
|
|
||
|
|
- name: ensure fastd config dir - {{mf_com.abbreviation}}
|
||
|
|
file: path=/etc/fastd/{{mf_com.abbreviation}}VPN/peers
|
||
|
|
state=directory mode=0750
|
||
|
|
|
||
|
|
#- debug: var=mf_com
|
||
|
|
|
||
|
|
#- debug: var=f_ssh_keyfile
|
||
|
|
|
||
|
|
- name: clone key repo - {{mf_com.abbreviation}}
|
||
|
|
git:
|
||
|
|
dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/peers"
|
||
|
|
key_file: "{{f_ssh_keyfile.stdout}}"
|
||
|
|
repo: "ssh://git@github.com/{{mf_com.repo}}"
|
||
|
|
update: no
|
||
|
|
accept_hostkey: yes
|
||
|
|
|
||
|
|
- name: generate fastd key pair - {{mf_com.abbreviation}}
|
||
|
|
command: fastd --generate-key
|
||
|
|
creates="/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf"
|
||
|
|
register: f_key_pair
|
||
|
|
|
||
|
|
- block:
|
||
|
|
|
||
|
|
# - debug: var=f_key_pair
|
||
|
|
|
||
|
|
- name: write out fastd secret key - {{mf_com.abbreviation}}
|
||
|
|
lineinfile:
|
||
|
|
backup: yes
|
||
|
|
create: yes
|
||
|
|
dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf"
|
||
|
|
insertbefore: BOF
|
||
|
|
line: secret "{{f_key_pair.stdout_lines[0] |regex_replace('^Secret. ','')}}";
|
||
|
|
mode: 0400
|
||
|
|
regexp: '^secret ".*";'
|
||
|
|
state : present
|
||
|
|
|
||
|
|
- name: write out fastd public key - {{mf_com.abbreviation}}
|
||
|
|
lineinfile:
|
||
|
|
create: yes
|
||
|
|
dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/peers/servers/{{fastd_alias}}"
|
||
|
|
insertbefore: BOF
|
||
|
|
line: key "{{f_key_pair.stdout_lines[1] |regex_replace('^Public. ','')}}";
|
||
|
|
mode: 0440
|
||
|
|
regexp: '^key ".*";'
|
||
|
|
state : present
|
||
|
|
register: f_pub_key
|
||
|
|
ignore_errors: True
|
||
|
|
|
||
|
|
- name: delete secret in case of public failure - {{mf_com.abbreviation}}
|
||
|
|
file: path="/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf" state=absent
|
||
|
|
when: f_pub_key.failed is defined
|
||
|
|
|
||
|
|
- fail: msg="FAILED writing fastd key pair"
|
||
|
|
when: f_pub_key.failed is defined
|
||
|
|
|
||
|
|
when: f_key_pair.changed
|
||
|
|
# end of block
|
||
|
|
|
||
|
|
- name: template out fastd.conf - {{mf_com.abbreviation}}
|
||
|
|
template:
|
||
|
|
backup: yes
|
||
|
|
dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/fastd.conf"
|
||
|
|
mode: 0640
|
||
|
|
src: fastd.conf
|
||
|
|
validate: 'fastd --verify-config -c %s'
|