ansible-ffibk/roles/service-tinc/tasks/main.yml

---
- name: install tinc packages
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - tinc

- name: clone icvpn repo
  git:
    repo: "{{ icvpn.icvpn_repo }}"
    dest: /etc/tinc/{{ icvpn.interface }}
    version: master
    update: no

- name: set directory permissions
  file:
    path: /etc/tinc/{{ icvpn.interface }}
    state: directory
    owner: admin
    group: admin
    recurse: yes

- name: register metanodes
  command: cat /etc/tinc/{{ icvpn.interface }}/metanodes
  register: metanodes
  changed_when: false

- name: enable freifunk/icvpn post-merge script
  copy:
    remote_src: yes
    src: /etc/tinc/{{ icvpn.interface }}/scripts/post-merge
    dest: /etc/tinc/{{ icvpn.interface }}/.git/hooks/
    owner: admin
    group: admin
    mode: 0755

- name: write tinc.conf
  template:
    src: tinc.conf.j2
    dest: /etc/tinc/{{ icvpn.interface }}/tinc.conf
    mode: 0664
    owner: admin
    group: admin
  notify: restart systemd unit tinc

- name: write tinc-up hook script
  template:
    src: tinc-up.j2
    dest: /etc/tinc/{{ icvpn.interface }}/tinc-up
    mode: 0775
    owner: admin
    group: admin
  notify: restart systemd unit tinc

- name: write tinc-down hook script
  template:
    src: tinc-down.j2
    dest: /etc/tinc/{{ icvpn.interface }}/tinc-down
    mode: 0775
    owner: admin
    group: admin
  notify: restart systemd unit tinc

- name: write tinc private key
  template:
    src: rsa_key.priv.j2
    dest: /etc/tinc/{{ icvpn.interface }}/rsa_key.priv
    mode: 0600
    owner: admin
    group: admin
  notify: restart systemd unit tinc

- name: remove tinc init file if present
  file:
    path: /etc/init.d/tinc
    state: absent
  notify: reload systemd

- name: configure systemd unit tinc
  systemd:
    name: "tinc@{{ icvpn.interface }}"
    enabled: yes
    state: started
Add role service-tinc 2017-09-29 13:32:20 +02:00			`---`
			`- name: install tinc packages`
Use package module where possible instead of apt 2017-10-11 17:53:20 +02:00			`package:`
Add role service-tinc 2017-09-29 13:32:20 +02:00			`name: "{{ item }}"`
			`state: present`
			`with_items:`
			`- tinc`
Role service-tinc: use a task instead of a handler for systemd stuff 2017-10-03 20:33:08 +02:00
Add role service-tinc 2017-09-29 13:32:20 +02:00			`- name: clone icvpn repo`
			`git:`
			`repo: "{{ icvpn.icvpn_repo }}"`
			`dest: /etc/tinc/{{ icvpn.interface }}`
Add version to git modules in roles: - git-fastd-peers - git-repos - service-tinc 2017-09-30 23:00:09 +02:00			`version: master`
Add role service-tinc 2017-09-29 13:32:20 +02:00			`update: no`

			`- name: set directory permissions`
			`file:`
			`path: /etc/tinc/{{ icvpn.interface }}`
			`state: directory`
			`owner: admin`
			`group: admin`
			`recurse: yes`

			`- name: register metanodes`
			`command: cat /etc/tinc/{{ icvpn.interface }}/metanodes`
			`register: metanodes`
			`changed_when: false`

Role service-tinc: add task to enable post-merge script 2017-12-04 16:32:38 +01:00			`- name: enable freifunk/icvpn post-merge script`
			`copy:`
			`remote_src: yes`
			`src: /etc/tinc/{{ icvpn.interface }}/scripts/post-merge`
			`dest: /etc/tinc/{{ icvpn.interface }}/.git/hooks/`
			`owner: admin`
			`group: admin`
			`mode: 0755`

Add role service-tinc 2017-09-29 13:32:20 +02:00			`- name: write tinc.conf`
			`template:`
			`src: tinc.conf.j2`
			`dest: /etc/tinc/{{ icvpn.interface }}/tinc.conf`
			`mode: 0664`
			`owner: admin`
			`group: admin`
			`notify: restart systemd unit tinc`

			`- name: write tinc-up hook script`
			`template:`
			`src: tinc-up.j2`
			`dest: /etc/tinc/{{ icvpn.interface }}/tinc-up`
			`mode: 0775`
			`owner: admin`
			`group: admin`
			`notify: restart systemd unit tinc`

			`- name: write tinc-down hook script`
			`template:`
			`src: tinc-down.j2`
			`dest: /etc/tinc/{{ icvpn.interface }}/tinc-down`
			`mode: 0775`
			`owner: admin`
			`group: admin`
			`notify: restart systemd unit tinc`

			`- name: write tinc private key`
			`template:`
			`src: rsa_key.priv.j2`
			`dest: /etc/tinc/{{ icvpn.interface }}/rsa_key.priv`
			`mode: 0600`
			`owner: admin`
			`group: admin`
			`notify: restart systemd unit tinc`

Role service-tinc: fix handling of systemd unit * remove init script if present * nets.boot not necessary with new systemd unit * update systemd tasks to use systemd unit tinc@ * update handler 2017-12-29 14:27:52 +01:00			`- name: remove tinc init file if present`
			`file:`
			`path: /etc/init.d/tinc`
			`state: absent`
			`notify: reload systemd`
Ensure systemd units are started 2017-10-26 22:35:55 +02:00
			`- name: configure systemd unit tinc`
			`systemd:`
Role service-tinc: fix handling of systemd unit * remove init script if present * nets.boot not necessary with new systemd unit * update systemd tasks to use systemd unit tinc@ * update handler 2017-12-29 14:27:52 +01:00			`name: "tinc@{{ icvpn.interface }}"`
Ensure systemd units are started 2017-10-26 22:35:55 +02:00			`enabled: yes`
			`state: started`