2016-10-12 20:24:56 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
# hash describing community expected as "mf_com";
|
|
|
|
# also expected: "f_ssh_keyfile" and "mf_com_repo"
|
|
|
|
|
|
|
|
- name: clone key repo - {{mf_com.abbreviation}}
|
|
|
|
git:
|
|
|
|
dest: "{{mf_com_repo}}"
|
|
|
|
key_file: "{{f_ssh_keyfile.stdout}}"
|
|
|
|
repo: "ssh://git@github.com/{{mf_com.repo}}"
|
|
|
|
update: no
|
|
|
|
accept_hostkey: yes
|
|
|
|
|
|
|
|
# the following is a crude but functional work-around the problem that
|
|
|
|
# the git module wouldn't clone the repo with the ssh-config-entry
|
|
|
|
# in the url, but git wouldn't push without it (due to missing
|
|
|
|
# connection to the ssh key)
|
|
|
|
- name: change git url to pushable
|
|
|
|
git_config:
|
|
|
|
repo: "{{mf_com_repo}}"
|
|
|
|
scope: local
|
|
|
|
name: "remote.origin.url"
|
|
|
|
value: "ssh://github_mwu/{{mf_com.repo}}"
|
|
|
|
|
|
|
|
- name: generate fastd key pair - {{mf_com.abbreviation}}
|
|
|
|
command: fastd --generate-key
|
|
|
|
creates="/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf"
|
|
|
|
register: f_key_pair
|
|
|
|
|
|
|
|
- block:
|
|
|
|
|
|
|
|
# - debug: var=f_key_pair
|
|
|
|
|
|
|
|
- name: write out fastd secret key - {{mf_com.abbreviation}}
|
|
|
|
lineinfile:
|
|
|
|
backup: yes
|
|
|
|
create: yes
|
|
|
|
dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf"
|
|
|
|
insertbefore: BOF
|
|
|
|
line: secret "{{f_key_pair.stdout_lines[0] |regex_replace('^Secret. ','')}}";
|
|
|
|
mode: 0400
|
|
|
|
regexp: '^secret ".*";'
|
2017-12-05 05:59:06 +01:00
|
|
|
state: present
|
2016-10-12 20:24:56 +02:00
|
|
|
|
|
|
|
- name: write out fastd public key - {{mf_com.abbreviation}}
|
|
|
|
lineinfile:
|
|
|
|
create: yes
|
|
|
|
dest: "{{mf_com_repo}}/servers/{{fastd_alias}}"
|
|
|
|
insertbefore: BOF
|
|
|
|
line: key "{{f_key_pair.stdout_lines[1] |regex_replace('^Public. ','')}}";
|
|
|
|
mode: 0440
|
|
|
|
regexp: '^key ".*";'
|
2017-12-05 05:59:06 +01:00
|
|
|
state: present
|
2016-10-12 20:24:56 +02:00
|
|
|
register: f_pub_key
|
|
|
|
ignore_errors: True
|
|
|
|
|
|
|
|
- name: delete secret in case of public failure - {{mf_com.abbreviation}}
|
|
|
|
file: path="/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf" state=absent
|
|
|
|
when: f_pub_key.failed is defined
|
|
|
|
|
|
|
|
- fail: msg="FAILED writing fastd key pair"
|
|
|
|
when: f_pub_key.failed is defined
|
|
|
|
|
|
|
|
when: f_key_pair.changed
|
|
|
|
# end of block
|
|
|
|
|
|
|
|
- name: template out fastd.conf - {{mf_com.abbreviation}}
|
|
|
|
template:
|
|
|
|
backup: yes
|
|
|
|
dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/fastd.conf"
|
|
|
|
mode: 0640
|
|
|
|
src: "{{mf_com_templ}}"
|
|
|
|
validate: 'fastd --verify-config -c %s'
|