diff options
author | Patrick Spek <p.spek@tyil.nl> | 2022-04-20 12:01:13 +0200 |
---|---|---|
committer | Patrick Spek <p.spek@tyil.nl> | 2022-04-20 12:01:13 +0200 |
commit | df3cdceee25027c82449779caa0805aa1d6318f0 (patch) | |
tree | 80c5026feef0025528ff8d461b83cceee315b4cd | |
parent | 7d6424dfbd09b21f8835739ffb08957ba1a2a5cf (diff) |
Add vpn playbook
-rw-r--r-- | playbooks.d/vpn/description.txt | 1 | ||||
-rw-r--r-- | playbooks.d/vpn/etc/defaults | 6 | ||||
-rw-r--r-- | playbooks.d/vpn/playbook.bash | 117 | ||||
-rw-r--r-- | playbooks.d/vpn/share/host | 2 | ||||
-rw-r--r-- | playbooks.d/vpn/share/hosts/anoia_tyil_net | 16 | ||||
-rw-r--r-- | playbooks.d/vpn/share/tinc-down-ifconfig | 3 | ||||
-rw-r--r-- | playbooks.d/vpn/share/tinc-down-ip | 3 | ||||
-rw-r--r-- | playbooks.d/vpn/share/tinc-up-ifconfig | 4 | ||||
-rw-r--r-- | playbooks.d/vpn/share/tinc-up-ip | 6 | ||||
-rw-r--r-- | playbooks.d/vpn/share/tinc.conf | 7 |
10 files changed, 165 insertions, 0 deletions
diff --git a/playbooks.d/vpn/description.txt b/playbooks.d/vpn/description.txt new file mode 100644 index 0000000..0bad766 --- /dev/null +++ b/playbooks.d/vpn/description.txt @@ -0,0 +1 @@ +VPN through tinc diff --git a/playbooks.d/vpn/etc/defaults b/playbooks.d/vpn/etc/defaults new file mode 100644 index 0000000..3186527 --- /dev/null +++ b/playbooks.d/vpn/etc/defaults @@ -0,0 +1,6 @@ +app.tinc=tinc +app.tincd=tincd + +pkg.tinc=tinc + +svc.tinc=tincd diff --git a/playbooks.d/vpn/playbook.bash b/playbooks.d/vpn/playbook.bash new file mode 100644 index 0000000..ad85772 --- /dev/null +++ b/playbooks.d/vpn/playbook.bash @@ -0,0 +1,117 @@ +#!/usr/bin/env bash + +playbook_add() +{ + local tinc="$(config "app.tinc")" + local tincd="$(config "app.tincd")" + local dir="$(config "fs.etcdir")/tinc/tyilnet" + local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local ipv4="$(config "vpn.ipv4")" + + if [[ -z "$ipv4" ]] + then + emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}" + return 2 + fi + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) iptool=ifconfig ;; + *) iptool=ip + esac + + info "$BASHTARD_PLAYBOOK" "Installing tinc" + pkg install "tinc" + + info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir" + mkdir -pv -- \ + "$dir" \ + "$dir/hosts" + + file_template tinc.conf \ + "name=$name" \ + > "$dir/tinc.conf" + + file_template "tinc-up-$iptool" \ + "ip=$(config "vpn.ipv4")" \ + > "$dir/tinc-up" + + file_template "tinc-down-$iptool" \ + "ip=$(config "vpn.ipv4")" \ + > "$dir/tinc-down" + + file_template "host" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/hosts/$name" + + chmod +x \ + "$dir/tinc-up" \ + "$dir/tinc-down" + + info "$BASHTARD_PLAYBOOK" "Generating private keys" + + case "$($tincd --version | awk '{ print $3 }' | head -n1)" in + 1.0*) + $tincd -n tyilnet -K4096 + ;; + 1.1*|*) + $tinc -n tyilnet generate-rsa-keys 4096 + $tinc -n tyilnet generate-ed25519-keys + ;; + esac + + info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs" + + cp -v -- \ + "$dir/hosts/$name" \ + "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name" + + playbook_sync + + info "$BASHTARD_PLAYBOOK" "Enabling VPN service" + + case "${BASHTARD_PLATFORM[key]}" in + linux-gentoo) + if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks + then + printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks + fi + ;; + esac + + svc enable "tinc" + svc start "tinc" +} + +playbook_sync() +{ + local dir="$(config "fs.etcdir")/tinc/tyilnet" + local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local host + + info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts" + rm -fr -- "$dir/hosts" + mkdir -p -- "$dir/hosts" + + for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/* + do + host="$(basename "$path")" + + notice "$BASHTARD_PLAYBOOK" "Updating host $host" + file_template "hosts/$host" \ + > "$dir/hosts/$host" + done + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + + svc reload "tinc" +} + +playbook_del() +{ + svc stop "tinc" + svc disable "tinc" + + pkg uninstall "tinc" + + rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet" +} diff --git a/playbooks.d/vpn/share/host b/playbooks.d/vpn/share/host new file mode 100644 index 0000000..c24d4ad --- /dev/null +++ b/playbooks.d/vpn/share/host @@ -0,0 +1,2 @@ +Subnet = ${ip4}/32 + diff --git a/playbooks.d/vpn/share/hosts/anoia_tyil_net b/playbooks.d/vpn/share/hosts/anoia_tyil_net new file mode 100644 index 0000000..cf926de --- /dev/null +++ b/playbooks.d/vpn/share/hosts/anoia_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.100.3/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAwVFPAoKFpKt1G7Tb87vJCiCK4CrTSdYhPaDeRYy6ha0M9ETEzcSU +xm/H31QwIBJ4PcKzuBaxd9rZMRFTgiehK3HSDm4I074uyKMdtqGphxnHeMCjViF8 +q4FWk0eLlr6dEUg3WMplgon7uS+Dx8T5a/ZV0Fbk7/7NRmLLSzZGZ3B8APLQrwqi +O4jxmDnCSrQtLMo3qa0GnwytePwVSf7LzUKvWxwCW3Xht65V5qKTXTjK+faUDrJg +QtHteGR9dSZkbja2S6LYOW2D09Bn3a4mrk2hEOc5exVAWs4KtKAuy0U8TJ8Nj5D/ +beFWFCQ0K1oBvxhkpa8Qv0mZQv3JXtbwoXL26TKV1vpo46RlDLj/sgHOijOnCR74 +i65gYAewzQ1cLLnCYzh1F1RrOQT2fvgLadJPFgZST6pfxVLJ6hMF8F93JUiJp06/ +Bs0gHUj5of4XOkPM0FXcgLdBRp75Yqc0+X3SgkZ3l6uypuyUFghWZbPgZNNQhDZC +Hq5Osx9baaSuK3siB2HWmZ8zg+f2K8GoOmeSefeeT/g6yJdi6mqeQnlkd4gk0Zlj +BUKL4WIB9jx7vtjLAJjJ9L215A4sxoAiFg1oKDi5bbpRDNkh0k43Ara/HC+uVDNa +sdqfTnwvrtWE0sCDZisbbrIjVNzCJkw61aS4XZpDdpgGGatPhbDnscUCAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = 29UZF4lSjPDGdOJa4ZNwHKDev9ylBIGqynL0RpgqZDJ diff --git a/playbooks.d/vpn/share/tinc-down-ifconfig b/playbooks.d/vpn/share/tinc-down-ifconfig new file mode 100644 index 0000000..6563f07 --- /dev/null +++ b/playbooks.d/vpn/share/tinc-down-ifconfig @@ -0,0 +1,3 @@ +#!/bin/sh + +ifconfig "$INTERFACE" down diff --git a/playbooks.d/vpn/share/tinc-down-ip b/playbooks.d/vpn/share/tinc-down-ip new file mode 100644 index 0000000..800ebb3 --- /dev/null +++ b/playbooks.d/vpn/share/tinc-down-ip @@ -0,0 +1,3 @@ +#!/bin/sh + +ip link set "$INTERFACE" down diff --git a/playbooks.d/vpn/share/tinc-up-ifconfig b/playbooks.d/vpn/share/tinc-up-ifconfig new file mode 100644 index 0000000..1aeeb6d --- /dev/null +++ b/playbooks.d/vpn/share/tinc-up-ifconfig @@ -0,0 +1,4 @@ +#!/bin/sh + +ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0 +ifconfig "$INTERFACE" inet ${ip6} netmask ffff:ffff:ffff:: diff --git a/playbooks.d/vpn/share/tinc-up-ip b/playbooks.d/vpn/share/tinc-up-ip new file mode 100644 index 0000000..34ac3b4 --- /dev/null +++ b/playbooks.d/vpn/share/tinc-up-ip @@ -0,0 +1,6 @@ +#!/bin/sh + +ip -4 addr add "${ip4}/16" dev "$INTERFACE" +ip -6 addr add "${ip6}/48" dev "$INTERFACE" + +ip link set "$INTERFACE" up diff --git a/playbooks.d/vpn/share/tinc.conf b/playbooks.d/vpn/share/tinc.conf new file mode 100644 index 0000000..c0c0ecd --- /dev/null +++ b/playbooks.d/vpn/share/tinc.conf @@ -0,0 +1,7 @@ +Name = ${name} + +ConnectTo = caeghi_tyil_net +ConnectTo = faiwoo_tyil_net +ConnectTo = gaeru_tyil_net +ConnectTo = hurzak_tyil_net +ConnectTo = tyil_email |