diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/Makefile b/Makefile index 0d26c2f..de9ac81 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,6 @@ # Environment Configuration DEFAULT_VAULT_PASSWORD_FILE=.vault.passwd USER=nold -RUN= -DOCKER=docker run -ti --rm ansible-dev default: echo "README" @@ -14,23 +12,27 @@ docker: docker build -t ansible-dev . install-requirements: + @echo "# Installing External Ansible Dependencies..." ansible-galaxy install -r requirements.yml # Create vault password & test it by generating an encrypted file create-vault-passwd: dd if=/dev/urandom bs=1 count=1024 | base64 > .vault.passwd - ${DOCKER} ansible-vault create --vault-password-file=.vault.passwd vault-test.yml + ansible-vault create --vault-password-file=.vault.passwd vault-test.yml -syntax: docker - ${DOCKER} ansible-playbook -i inventory.ini --syntax-check test.yml +syntax: + @echo "# Running Syntax-Check..." + ansible-playbook -i inventory.ini --syntax-check test.yml # ${DOCKER} ansible-playbook --syntax-check webservers.yml # ${DOCKER} ansible-playbook --syntax-check gateways.yml lint: docker - ${DOCKER} ansible-lint test.yml + @echo "# Ansible Linting..." + ansible-lint test.yml check: install-requirements - ansible-playbook -i inventory.ini -u ${USER} -b test.yml --check --diff + @echo "# Dry-Run: Check-Only & Show Diff..." + ansible-playbook -i inventory.ini -b test.yml --check --diff test: install-requirements syntax - ansible-playbook -i inventory.ini -u ${USER} -b test.yml + ansible-playbook -i inventory.ini -b test.yml diff --git a/group_vars/gateway.yml b/group_vars/gateway.yml index 61f6965..f9c9ddd 100644 --- a/group_vars/gateway.yml +++ b/group_vars/gateway.yml @@ -22,3 +22,6 @@ wg_secret: !vault | 62346139353334366438373966383165313164346237616461633833383865333437616432643233 3332616631613634336266346664313837316337623739396135 +jool_ipv4: "10.11.12.2" +jool_ipv6: "64:ff9b::/96" +jool_mark_dec: "66" diff --git a/roles/jool/defaults/main.yml b/roles/jool/defaults/main.yml index a1164fa..06e94a2 100644 --- a/roles/jool/defaults/main.yml +++ b/roles/jool/defaults/main.yml @@ -3,5 +3,5 @@ jool_version: "4.0.5" jool_git_repo: https://github.com/NICMx/Jool jool_git_dest: /usr/src/jool jool_docker_repo: https://github.com/FreifunkMD/jool-docker -jool_docker_image: "ffmd/jool:{{ jool_version }}" +jool_docker_image: "ffmd/jool:master" git_dir: /usr/src diff --git a/roles/jool/tasks/.main.yml.swp b/roles/jool/tasks/.main.yml.swp deleted file mode 100644 index 93151c9..0000000 Binary files a/roles/jool/tasks/.main.yml.swp and /dev/null differ diff --git a/roles/jool/tasks/main.yml b/roles/jool/tasks/main.yml index 70fd7cf..717032b 100644 --- a/roles/jool/tasks/main.yml +++ b/roles/jool/tasks/main.yml @@ -27,37 +27,41 @@ recurse: true owner: root group: root - mode: 0750 + mode: '0750' # jool Kernel Module # - name: Clone Git Repository git: repo: "{{ jool_git_repo }}" - dest: "{{ git_dir }}/jool" + dest: "{{ git_dir }}/jool-v{{ jool_version }}" version: "v{{ jool_version }}" force: true - register: git_status -- name: Check If Kernel Module is Installed +- name: Check If Kernel Module Needs To Be Built shell: - cmd: "dkms status jool | grep -q '{{ jool_version }}.*{{ ansible_kernel }}'" + cmd: "dkms status jool/v{{ jool_version }} | grep -q '{{ ansible_kernel }}'" register: module_installed ignore_errors: true - name: Compile & Install Kernel Module shell: cmd: "{{ item }}" - chdir: "{{ git_dir }}/jool" - when: module_installed.rc != 0 +# chdir: "{{ git_dir }}/jool-v{{ jool_version }}" + when: module_installed is failed with_items: - - "./autogen.sh" - - "./configure" - - "make" - - "dkms install ." - - "make clean" - - "git reset --hard v{{ jool_version }}" + - "dkms add 'jool/v{{ jool_version }}'" + - "dkms build 'jool/v{{ jool_version }}'" + - "dkms install 'jool/v{{ jool_version }}'" +# - "./autogen.sh" +# - "./configure" +# - "make" +# - "dkms install ." +- name: Modprobe Jool Module + modprobe: + name: jool + state: present # jool docker container # @@ -65,7 +69,7 @@ git: repo: "{{ jool_docker_repo }}" dest: "{{ git_dir }}/jool-docker" - version: master + version: missingdep force: true register: docker_git_status @@ -85,9 +89,13 @@ docker_container: name: jool image: "{{ jool_docker_image }}" - command: '/root/run.sh' + command: 'jool file handle /root/jool.conf' network_mode: host privileged: true + env: + V4IP: "{{ jool_ipv4 }}" + V6IP: "{{ jool_ipv6 }}" + MARK_DEC: "{{ jool_mark_dec }}" capabilities: - NET_ADMIN devices: diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index 2fe66c5..edad065 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -1,20 +1,29 @@ --- #FIXME: Create usernames using the pubkey filename +- name: Clone SSH-Keys from Git + git: + repo: "{{ ssh_key_repo }}" + dest: '/tmp/ffmd-ssh-keys' + force: true + version: 'master' + +# Fileglob shows all files matching pattern +# Creates user for every pubkey - name: Create User Accounts & Set sudo-Group user: - name: "{{ item }}" - groups: "sudo" - with_items: "{{ admin_users }}" - -- name: "[localhost] Clone SSH-Keys from Git" - local_action: - module: git - repo: "{{ ssh_key_repo }}" - dest: /tmp/ffmd-ssh-keys - become: false + name: "{{ item | basename | regex_replace('.pub','') }}" + shell: '/bin/bash' + createhome: true + password_lock: true + comment: 'Created with ansible from SSH pubkey repository' + groups: 'sudo' + append: true + with_fileglob: + - '/tmp/ffmd-ssh-keys/*.pub' - name: Add authorized_keys To All Users authorized_key: - user: "{{ item }}" - key: "{{ lookup('file', '/tmp/ffmd-ssh-keys/'+ item + '.pub') }}" - with_items: "{{ admin_users }}" + user: "{{ item | basename | regex_replace('.pub','') }}" + key: "{{ lookup('file', item) }}" + with_fileglob: + - '/tmp/ffmd-ssh-keys/*.pub'