summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--description.txt1
-rw-r--r--etc/defaults6
-rw-r--r--etc/os.d/linux-debian_gnu_linux1
-rw-r--r--playbook.bash170
-rw-r--r--share/host2
-rw-r--r--share/tinc-down-ifconfig3
-rw-r--r--share/tinc-down-ip3
-rw-r--r--share/tinc-up-ifconfig3
-rw-r--r--share/tinc-up-ip5
-rw-r--r--share/tinc.conf7
10 files changed, 201 insertions, 0 deletions
diff --git a/description.txt b/description.txt
new file mode 100644
index 0000000..0bad766
--- /dev/null
+++ b/description.txt
@@ -0,0 +1 @@
+VPN through tinc
diff --git a/etc/defaults b/etc/defaults
new file mode 100644
index 0000000..3186527
--- /dev/null
+++ b/etc/defaults
@@ -0,0 +1,6 @@
+app.tinc=tinc
+app.tincd=tincd
+
+pkg.tinc=tinc
+
+svc.tinc=tincd
diff --git a/etc/os.d/linux-debian_gnu_linux b/etc/os.d/linux-debian_gnu_linux
new file mode 100644
index 0000000..9a5da58
--- /dev/null
+++ b/etc/os.d/linux-debian_gnu_linux
@@ -0,0 +1 @@
+svc.tinc=tinc@tyilnet
diff --git a/playbook.bash b/playbook.bash
new file mode 100644
index 0000000..8747b32
--- /dev/null
+++ b/playbook.bash
@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.name]="required"
+
+playbook_add()
+{
+ local data
+ local etc
+ local host
+ local ipv4
+ local name
+ local tinc
+ local tincd
+
+ data="$(playbook_path "data")"
+ etc="$(config "fs.etcdir")/tinc/tyilnet"
+ host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")"
+ name="$(config "$BASHTARD_PLAYBOOK.name")"
+ tinc="$(config "app.tinc")"
+ tincd="$(config "app.tincd")"
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ freebsd) iptool=ifconfig ;;
+ *) iptool=ip
+ esac
+
+ info "$BASHTARD_PLAYBOOK/add" "Installing tinc"
+ pkg install "tinc"
+
+ info "$BASHTARD_PLAYBOOK/add" "Creating tinc configuration at $etc"
+ mkdir -pv -- \
+ "$etc" \
+ "$etc/hosts"
+
+ file_template tinc.conf \
+ "name=$host" \
+ > "$etc/tinc.conf"
+
+ file_template "tinc-up-$iptool" \
+ "ip4=$ipv4" \
+ > "$etc/tinc-up"
+
+ file_template "tinc-down-$iptool" \
+ "ip4=$ipv4" \
+ > "$etc/tinc-down"
+
+ file_template "host" \
+ "ip4=$ipv4" \
+ > "$etc/hosts/$host"
+
+ chmod +x \
+ "$etc/tinc-up" \
+ "$etc/tinc-down"
+
+ info "$BASHTARD_PLAYBOOK/add" "Generating private keys"
+
+ case "$($tincd --version | awk '{ print $3 }' | head -n1)" in
+ 1.0*)
+ $tincd -n "$name" -K4096
+ ;;
+ 1.1*|*)
+ $tinc -n "$name" generate-rsa-keys 4096
+ $tinc -n "$name" generate-ed25519-keys
+ ;;
+ esac
+
+ info "$BASHTARD_PLAYBOOK/add" "Adding new host to Bashtard configs"
+
+ mkdir -pv -- "$data/hosts"
+ cp -v -- \
+ "$etc/hosts/$host" \
+ "$data/hosts/$host"
+
+ playbook_sync
+
+ info "$BASHTARD_PLAYBOOK" "Enabling VPN service"
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ freebsd)
+ if ! grep -Fq 'tincd_cfg="'"$name"'"' "/etc/rc.conf.d/tincd"
+ then
+ printf 'tincd_cfg="%s"\n' "$name" >> "/etc/rc.conf.d/tincd"
+ fi
+ ;;
+ linux-gentoo)
+ if ! grep -Fq "NETWORK: $name" /etc/conf.d/tinc.networks
+ then
+ printf "NETWORK: %s\n" "$name" >> /etc/conf.d/tinc.networks
+ fi
+ ;;
+ esac
+
+ case "${BASHTARD_PLATFORM[init]}" in
+ systemd)
+ systemctl enable --now "tinc@$name.service"
+ ;;
+ *)
+ svc enable "tinc"
+ svc start "tinc"
+ ;;
+ esac
+}
+
+playbook_sync()
+{
+ local data
+ local etc
+ local hash
+ local host
+ local name
+
+ data="$(playbook_path "data")"
+ etc="$(config "fs.etcdir")/tinc/$(config "$BASHTARD_PLAYBOOK.name")"
+ hash="$(dir_hash "$etc/hosts")"
+ host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ name="$(config "$BASHTARD_PLAYBOOK.name")"
+
+ info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts"
+ rm -fr -- "$etc/hosts"
+ mkdir -p -- "$etc/hosts"
+
+ for path in "$data/hosts"/*
+ do
+ file="$(basename "$path")"
+
+ notice "$BASHTARD_PLAYBOOK" "Updating host $file"
+ cp -v -- "$data/hosts/$file" "$etc/hosts/$file"
+ done
+
+ [[ "$BASHTARD_COMMAND" == "add" ]] && return
+ [[ "$hash" == "$(dir_hash "$etc/hosts")" ]] && return
+
+ info "$BASHTARD_PLAYBOOK" "Reloading service"
+
+ case "${BASHTARD_PLATFORM[init]}" in
+ systemd)
+ systemctl reload "tinc@$name.service"
+ ;;
+ *)
+ svc reload "tinc"
+ ;;
+ esac
+}
+
+playbook_del()
+{
+ local etc
+ local name
+
+ etc="$(config "fs.etcdir")"
+ name="$(config "$BASHTARD_PLAYBOOK.name")"
+
+ case "${BASHTARD_PLATFORM[init]}" in
+ systemd)
+ systemctl disable --now "tinc@$name.service"
+ ;;
+ *)
+ svc stop "tinc"
+ svc disable "tinc"
+ ;;
+ esac
+
+ pkg uninstall "tinc"
+
+ rm -frv -- "$etc/tinc/$name"
+}
diff --git a/share/host b/share/host
new file mode 100644
index 0000000..c24d4ad
--- /dev/null
+++ b/share/host
@@ -0,0 +1,2 @@
+Subnet = ${ip4}/32
+
diff --git a/share/tinc-down-ifconfig b/share/tinc-down-ifconfig
new file mode 100644
index 0000000..6563f07
--- /dev/null
+++ b/share/tinc-down-ifconfig
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ifconfig "$INTERFACE" down
diff --git a/share/tinc-down-ip b/share/tinc-down-ip
new file mode 100644
index 0000000..800ebb3
--- /dev/null
+++ b/share/tinc-down-ip
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ip link set "$INTERFACE" down
diff --git a/share/tinc-up-ifconfig b/share/tinc-up-ifconfig
new file mode 100644
index 0000000..66c897e
--- /dev/null
+++ b/share/tinc-up-ifconfig
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0
diff --git a/share/tinc-up-ip b/share/tinc-up-ip
new file mode 100644
index 0000000..191d310
--- /dev/null
+++ b/share/tinc-up-ip
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+ip -4 addr add "${ip4}/16" dev "$INTERFACE"
+
+ip link set "$INTERFACE" up
diff --git a/share/tinc.conf b/share/tinc.conf
new file mode 100644
index 0000000..89ccdfd
--- /dev/null
+++ b/share/tinc.conf
@@ -0,0 +1,7 @@
+Name = ${name}
+
+ConnectTo = caeghi_tyil_net
+ConnectTo = denahnu_tyil_net
+ConnectTo = gaeru_tyil_net
+ConnectTo = hurzak_tyil_net
+ConnectTo = jaomox_tyil_net