Users migrated from #1, Jool Module not building, yet..

.gitignore

@@ -0,0 +1 @@
+*.swp

Makefile

@@ -4,8 +4,6 @@
 # Environment Configuration
 DEFAULT_VAULT_PASSWORD_FILE=.vault.passwd
 USER=nold
-RUN=
-DOCKER=docker run -ti --rm ansible-dev
 
 default:
 	echo "README"
@@ -14,23 +12,27 @@ docker:
 	docker build -t ansible-dev .
 
 install-requirements:
+	@echo "# Installing External Ansible Dependencies..."
 	ansible-galaxy install -r requirements.yml
 
 # Create vault password & test it by generating an encrypted file
 create-vault-passwd:
 	dd if=/dev/urandom bs=1 count=1024 | base64 > .vault.passwd
-	${DOCKER} ansible-vault create --vault-password-file=.vault.passwd  vault-test.yml
+	ansible-vault create --vault-password-file=.vault.passwd  vault-test.yml
 
-syntax: docker
-	${DOCKER} ansible-playbook -i inventory.ini --syntax-check test.yml
+syntax:
+	@echo "# Running Syntax-Check..."
+	ansible-playbook -i inventory.ini --syntax-check test.yml
 #	${DOCKER} ansible-playbook --syntax-check webservers.yml
 #	${DOCKER} ansible-playbook --syntax-check gateways.yml
 
 lint: docker
-	${DOCKER} ansible-lint test.yml
+	@echo "# Ansible Linting..."
+	ansible-lint test.yml
 
 check: install-requirements
-	ansible-playbook -i inventory.ini -u ${USER} -b test.yml --check --diff
+	@echo "# Dry-Run: Check-Only & Show Diff..."
+	ansible-playbook -i inventory.ini -b test.yml --check --diff
 
 test: install-requirements syntax
-	ansible-playbook -i inventory.ini -u ${USER} -b test.yml
+	ansible-playbook -i inventory.ini -b test.yml

group_vars/gateway.yml

@@ -22,3 +22,6 @@ wg_secret: !vault |
           62346139353334366438373966383165313164346237616461633833383865333437616432643233
           3332616631613634336266346664313837316337623739396135
 
+jool_ipv4: "10.11.12.2"
+jool_ipv6: "64:ff9b::/96"
+jool_mark_dec: "66"

roles/jool/defaults/main.yml

@@ -3,5 +3,5 @@ jool_version: "4.0.5"
 jool_git_repo: https://github.com/NICMx/Jool
 jool_git_dest: /usr/src/jool
 jool_docker_repo: https://github.com/FreifunkMD/jool-docker
-jool_docker_image: "ffmd/jool:{{ jool_version }}"
+jool_docker_image: "ffmd/jool:master"
 git_dir: /usr/src

roles/jool/tasks/main.yml

@@ -27,45 +27,49 @@
     recurse: true
     owner: root
     group: root
-    mode: 0750
+    mode: '0750'
 
 # jool Kernel Module
 #
 - name: Clone Git Repository
   git:
     repo: "{{ jool_git_repo }}"
-    dest: "{{ git_dir }}/jool"
+    dest: "{{ git_dir }}/jool-v{{ jool_version }}"
     version: "v{{ jool_version }}"
     force: true
-  register: git_status
 
-- name: Check If Kernel Module is Installed
+- name: Check If Kernel Module Needs To Be Built
   shell:
-    cmd: "dkms status jool | grep -q '{{ jool_version }}.*{{ ansible_kernel }}'"
+    cmd: "dkms status jool/v{{ jool_version }} | grep -q '{{ ansible_kernel }}'"
   register: module_installed
   ignore_errors: true
 
 - name: Compile & Install Kernel Module
   shell:
     cmd: "{{ item }}"
-    chdir: "{{ git_dir }}/jool"
-  when: module_installed.rc != 0
+#    chdir: "{{ git_dir }}/jool-v{{ jool_version }}"
+  when: module_installed is failed
   with_items:
-    - "./autogen.sh"
-    - "./configure"
-    - "make"
-    - "dkms install ."
-    - "make clean"
-    - "git reset --hard v{{ jool_version }}"
+    - "dkms add 'jool/v{{ jool_version }}'"
+    - "dkms build 'jool/v{{ jool_version }}'"
+    - "dkms install 'jool/v{{ jool_version }}'"
+#    - "./autogen.sh"
+#    - "./configure"
+#    - "make"
+#    - "dkms install ."
 
+- name: Modprobe Jool Module
+  modprobe:
+    name: jool
+    state: present
 
 # jool docker container
 #
 - name: Clone Docker Git Repo
   git:
     repo: "{{ jool_docker_repo }}"
     dest: "{{ git_dir }}/jool-docker"
-    version: master
+    version: missingdep
     force: true
   register: docker_git_status
 
@@ -85,9 +89,13 @@
   docker_container:
     name: jool
     image: "{{ jool_docker_image }}"
-    command: '/root/run.sh'
+    command: 'jool file handle /root/jool.conf'
     network_mode: host
     privileged: true
+    env:
+      V4IP: "{{ jool_ipv4 }}"
+      V6IP: "{{ jool_ipv6 }}"
+      MARK_DEC: "{{ jool_mark_dec }}"
     capabilities:
       - NET_ADMIN
     devices:

roles/users/tasks/main.yml

@@ -1,20 +1,29 @@
 ---
 #FIXME: Create usernames using the pubkey filename
+- name: Clone SSH-Keys from Git
+  git:
+    repo: "{{ ssh_key_repo }}"
+    dest: '/tmp/ffmd-ssh-keys'
+    force: true
+    version: 'master'
+
+# Fileglob shows all files matching pattern
+# Creates user for every pubkey
 - name: Create User Accounts & Set sudo-Group
   user:
-    name: "{{ item }}"
-    groups: "sudo"
-  with_items: "{{ admin_users }}"
-
-- name: "[localhost] Clone SSH-Keys from Git"
-  local_action:
-    module: git
-    repo: "{{ ssh_key_repo }}"
-    dest: /tmp/ffmd-ssh-keys
-  become: false
+    name: "{{ item | basename | regex_replace('.pub','') }}"
+    shell: '/bin/bash'
+    createhome: true
+    password_lock: true
+    comment: 'Created with ansible from SSH pubkey repository'
+    groups: 'sudo'
+    append: true
+  with_fileglob:
+    - '/tmp/ffmd-ssh-keys/*.pub'
 
 - name: Add authorized_keys To All Users
   authorized_key:
-    user: "{{ item }}"
-    key: "{{ lookup('file', '/tmp/ffmd-ssh-keys/'+ item + '.pub') }}"
-  with_items: "{{ admin_users }}"
+    user: "{{ item | basename | regex_replace('.pub','') }}"
+    key: "{{ lookup('file', item) }}"
+  with_fileglob:
+    - '/tmp/ffmd-ssh-keys/*.pub'