2021-01-04 22:35:43 +01:00
|
|
|
# Ansible tinc role
|
|
|
|
|
|
|
|
Based on https://github.com/thisismitch/ansible-tinc
|
|
|
|
|
2021-01-05 18:59:20 +01:00
|
|
|
Creates the directory structure for a tinc install:
|
2021-01-04 22:35:43 +01:00
|
|
|
|
2021-01-05 18:59:20 +01:00
|
|
|
```
|
|
|
|
/etc/tinc/{{netname}}/
|
|
|
|
/etc/tinc/{{netname}}/tinc-up
|
|
|
|
/etc/tinc/{{netname}}/tinc-down
|
|
|
|
/etc/tinc/{{netname}}/tinc.conf
|
|
|
|
/etc/tinc/{{netname}}/hosts/
|
|
|
|
/etc/tinc/{{netname}}/hosts/{{ inventory_name }}
|
|
|
|
/etc/tinc/{{netname}}/rsa_key.priv
|
|
|
|
```
|
|
|
|
|
|
|
|
The last one is a RSA 4096 private key, it may take a while to generate on low-entropy servers.
|
|
|
|
|
|
|
|
It will also sync the ``playbook_dir/fetch/`` directory into
|
|
|
|
``/etc/tinc/{{netname}}/hosts/``.
|
|
|
|
|
|
|
|
|
|
|
|
# Expected group vars
|
|
|
|
|
|
|
|
* **netname**: Name of the TINC network
|
|
|
|
* **net_addr**: Address of the network
|
|
|
|
* **net_cidr**: CIDR of the network (24 for me)
|
|
|
|
* **default_connect**: Default node name to connect to (empty for a new network)
|
|
|
|
|
|
|
|
Sample group_vars/all file:
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
---
|
|
|
|
|
|
|
|
netname: mynetwork
|
|
|
|
net_addr: 10.11.12.0
|
|
|
|
net_cidr: 24
|
|
|
|
default_connect: mymachine
|
|
|
|
```
|
|
|
|
|
|
|
|
# Expected host vars
|
|
|
|
|
|
|
|
**vpn_ip**: desired VPN internal ip of this host
|
|
|
|
|
|
|
|
```
|
|
|
|
[vpn_hosts]
|
|
|
|
mymachine ansible_host=1.1.1.1 vpn_ip=10.11.12.23
|
|
|
|
mymachine2 ansible_host=1.1.2.2 vpn_ip=10.11.12.23
|
|
|
|
|
|
|
|
```
|