From 16eab1e1475072b2f203f071566b6a83249b1ca0 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Sat, 11 Mar 2023 11:42:54 +0100 Subject: Initial commit --- description.txt | 1 + etc/defaults | 6 ++ etc/os.d/linux-debian_gnu_linux | 1 + playbook.bash | 170 ++++++++++++++++++++++++++++++++++++++++ share/host | 2 + share/tinc-down-ifconfig | 3 + share/tinc-down-ip | 3 + share/tinc-up-ifconfig | 3 + share/tinc-up-ip | 5 ++ share/tinc.conf | 7 ++ 10 files changed, 201 insertions(+) create mode 100644 description.txt create mode 100644 etc/defaults create mode 100644 etc/os.d/linux-debian_gnu_linux create mode 100644 playbook.bash create mode 100644 share/host create mode 100644 share/tinc-down-ifconfig create mode 100644 share/tinc-down-ip create mode 100644 share/tinc-up-ifconfig create mode 100644 share/tinc-up-ip create mode 100644 share/tinc.conf diff --git a/description.txt b/description.txt new file mode 100644 index 0000000..0bad766 --- /dev/null +++ b/description.txt @@ -0,0 +1 @@ +VPN through tinc diff --git a/etc/defaults b/etc/defaults new file mode 100644 index 0000000..3186527 --- /dev/null +++ b/etc/defaults @@ -0,0 +1,6 @@ +app.tinc=tinc +app.tincd=tincd + +pkg.tinc=tinc + +svc.tinc=tincd diff --git a/etc/os.d/linux-debian_gnu_linux b/etc/os.d/linux-debian_gnu_linux new file mode 100644 index 0000000..9a5da58 --- /dev/null +++ b/etc/os.d/linux-debian_gnu_linux @@ -0,0 +1 @@ +svc.tinc=tinc@tyilnet diff --git a/playbook.bash b/playbook.bash new file mode 100644 index 0000000..8747b32 --- /dev/null +++ b/playbook.bash @@ -0,0 +1,170 @@ +#!/usr/bin/env bash + +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.name]="required" + +playbook_add() +{ + local data + local etc + local host + local ipv4 + local name + local tinc + local tincd + + data="$(playbook_path "data")" + etc="$(config "fs.etcdir")/tinc/tyilnet" + host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + tinc="$(config "app.tinc")" + tincd="$(config "app.tincd")" + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) iptool=ifconfig ;; + *) iptool=ip + esac + + info "$BASHTARD_PLAYBOOK/add" "Installing tinc" + pkg install "tinc" + + info "$BASHTARD_PLAYBOOK/add" "Creating tinc configuration at $etc" + mkdir -pv -- \ + "$etc" \ + "$etc/hosts" + + file_template tinc.conf \ + "name=$host" \ + > "$etc/tinc.conf" + + file_template "tinc-up-$iptool" \ + "ip4=$ipv4" \ + > "$etc/tinc-up" + + file_template "tinc-down-$iptool" \ + "ip4=$ipv4" \ + > "$etc/tinc-down" + + file_template "host" \ + "ip4=$ipv4" \ + > "$etc/hosts/$host" + + chmod +x \ + "$etc/tinc-up" \ + "$etc/tinc-down" + + info "$BASHTARD_PLAYBOOK/add" "Generating private keys" + + case "$($tincd --version | awk '{ print $3 }' | head -n1)" in + 1.0*) + $tincd -n "$name" -K4096 + ;; + 1.1*|*) + $tinc -n "$name" generate-rsa-keys 4096 + $tinc -n "$name" generate-ed25519-keys + ;; + esac + + info "$BASHTARD_PLAYBOOK/add" "Adding new host to Bashtard configs" + + mkdir -pv -- "$data/hosts" + cp -v -- \ + "$etc/hosts/$host" \ + "$data/hosts/$host" + + playbook_sync + + info "$BASHTARD_PLAYBOOK" "Enabling VPN service" + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) + if ! grep -Fq 'tincd_cfg="'"$name"'"' "/etc/rc.conf.d/tincd" + then + printf 'tincd_cfg="%s"\n' "$name" >> "/etc/rc.conf.d/tincd" + fi + ;; + linux-gentoo) + if ! grep -Fq "NETWORK: $name" /etc/conf.d/tinc.networks + then + printf "NETWORK: %s\n" "$name" >> /etc/conf.d/tinc.networks + fi + ;; + esac + + case "${BASHTARD_PLATFORM[init]}" in + systemd) + systemctl enable --now "tinc@$name.service" + ;; + *) + svc enable "tinc" + svc start "tinc" + ;; + esac +} + +playbook_sync() +{ + local data + local etc + local hash + local host + local name + + data="$(playbook_path "data")" + etc="$(config "fs.etcdir")/tinc/$(config "$BASHTARD_PLAYBOOK.name")" + hash="$(dir_hash "$etc/hosts")" + host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + + info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts" + rm -fr -- "$etc/hosts" + mkdir -p -- "$etc/hosts" + + for path in "$data/hosts"/* + do + file="$(basename "$path")" + + notice "$BASHTARD_PLAYBOOK" "Updating host $file" + cp -v -- "$data/hosts/$file" "$etc/hosts/$file" + done + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + [[ "$hash" == "$(dir_hash "$etc/hosts")" ]] && return + + info "$BASHTARD_PLAYBOOK" "Reloading service" + + case "${BASHTARD_PLATFORM[init]}" in + systemd) + systemctl reload "tinc@$name.service" + ;; + *) + svc reload "tinc" + ;; + esac +} + +playbook_del() +{ + local etc + local name + + etc="$(config "fs.etcdir")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + + case "${BASHTARD_PLATFORM[init]}" in + systemd) + systemctl disable --now "tinc@$name.service" + ;; + *) + svc stop "tinc" + svc disable "tinc" + ;; + esac + + pkg uninstall "tinc" + + rm -frv -- "$etc/tinc/$name" +} diff --git a/share/host b/share/host new file mode 100644 index 0000000..c24d4ad --- /dev/null +++ b/share/host @@ -0,0 +1,2 @@ +Subnet = ${ip4}/32 + diff --git a/share/tinc-down-ifconfig b/share/tinc-down-ifconfig new file mode 100644 index 0000000..6563f07 --- /dev/null +++ b/share/tinc-down-ifconfig @@ -0,0 +1,3 @@ +#!/bin/sh + +ifconfig "$INTERFACE" down diff --git a/share/tinc-down-ip b/share/tinc-down-ip new file mode 100644 index 0000000..800ebb3 --- /dev/null +++ b/share/tinc-down-ip @@ -0,0 +1,3 @@ +#!/bin/sh + +ip link set "$INTERFACE" down diff --git a/share/tinc-up-ifconfig b/share/tinc-up-ifconfig new file mode 100644 index 0000000..66c897e --- /dev/null +++ b/share/tinc-up-ifconfig @@ -0,0 +1,3 @@ +#!/bin/sh + +ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0 diff --git a/share/tinc-up-ip b/share/tinc-up-ip new file mode 100644 index 0000000..191d310 --- /dev/null +++ b/share/tinc-up-ip @@ -0,0 +1,5 @@ +#!/bin/sh + +ip -4 addr add "${ip4}/16" dev "$INTERFACE" + +ip link set "$INTERFACE" up diff --git a/share/tinc.conf b/share/tinc.conf new file mode 100644 index 0000000..89ccdfd --- /dev/null +++ b/share/tinc.conf @@ -0,0 +1,7 @@ +Name = ${name} + +ConnectTo = caeghi_tyil_net +ConnectTo = denahnu_tyil_net +ConnectTo = gaeru_tyil_net +ConnectTo = hurzak_tyil_net +ConnectTo = jaomox_tyil_net -- cgit v1.1