diff options
Diffstat (limited to 'playbooks.d/vpn-tinc/playbook.bash')
| -rw-r--r-- | playbooks.d/vpn-tinc/playbook.bash | 148 |
1 files changed, 96 insertions, 52 deletions
diff --git a/playbooks.d/vpn-tinc/playbook.bash b/playbooks.d/vpn-tinc/playbook.bash index 9cce9a6..485c6e6 100644 --- a/playbooks.d/vpn-tinc/playbook.bash +++ b/playbooks.d/vpn-tinc/playbook.bash @@ -1,69 +1,85 @@ #!/usr/bin/env bash +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv6]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.name]="required" + playbook_add() { - local tinc="$(config "app.tinc")" - local tincd="$(config "app.tincd")" - local dir="$(config "fs.etcdir")/tinc/tyilnet" - local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" - local ipv4="$(config "vpn.ipv4")" - - if [[ -z "$ipv4" ]] - then - emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}" - return 2 - fi + local data + local etc + local host + local iptool + local ipv4 + local ipv6 + local name + local tinc + local tincd + local port + + data="$(playbook_path "data")" + host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" + ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + tinc="$(config "app.tinc")" + tincd="$(config "app.tincd")" + port="$(config "$BASHTARD_PLAYBOOK.port" "655")" + etc="$(config "fs.etcdir")/tinc/$name" case "${BASHTARD_PLATFORM[key]}" in freebsd) iptool=ifconfig ;; *) iptool=ip esac - info "$BASHTARD_PLAYBOOK" "Installing tinc" + info "$BASHTARD_PLAYBOOK/add" "Installing tinc" pkg install "tinc" - info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir" - mkdir -pv -- \ - "$dir" \ - "$dir/hosts" + info "$BASHTARD_PLAYBOOK/add" "Creating tinc configuration at $etc" - file_template tinc.conf \ - "name=$name" \ - > "$dir/tinc.conf" + mkdir -pv -- \ + "$etc" \ + "$etc/hosts" file_template "tinc-up-$iptool" \ - "ip4=$(config "vpn.ipv4")" \ - > "$dir/tinc-up" + "ip4=$ipv4" \ + "ip6=$ipv6" \ + > "$etc/tinc-up" file_template "tinc-down-$iptool" \ - "ip4=$(config "vpn.ipv4")" \ - > "$dir/tinc-down" + "ip4=$ipv4" \ + "ip6=$ipv6" \ + > "$etc/tinc-down" file_template "host" \ - "ip4=$(config "vpn.ipv4")" \ - > "$dir/hosts/$name" + "ip4=$ipv4" \ + "ip6=$ipv6" \ + "port=$port" \ + > "$etc/hosts/$host" chmod +x \ - "$dir/tinc-up" \ - "$dir/tinc-down" + "$etc/tinc-up" \ + "$etc/tinc-down" - info "$BASHTARD_PLAYBOOK" "Generating private keys" + info "$BASHTARD_PLAYBOOK/add" "Generating private keys" case "$($tincd --version | awk '{ print $3 }' | head -n1)" in 1.0*) - $tincd -n tyilnet -K4096 + $tincd -n "$name" -K4096 ;; 1.1*|*) - $tinc -n tyilnet generate-rsa-keys 4096 - $tinc -n tyilnet generate-ed25519-keys + $tinc -n "$name" generate-rsa-keys 4096 + $tinc -n "$name" generate-ed25519-keys ;; esac - info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs" - + info "$BASHTARD_PLAYBOOK/add" "Adding new host to Bashtard configs" + mkdir -pv -- "$data/hosts" cp -v -- \ - "$dir/hosts/$name" \ - "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name" + "$etc/hosts/$host" \ + "$data/hosts/$host" playbook_sync @@ -71,22 +87,22 @@ playbook_add() case "${BASHTARD_PLATFORM[key]}" in freebsd) - if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd" + if ! grep -Fq 'tincd_cfg="'"$name"'"' "/etc/rc.conf.d/tincd" then - printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd" + printf 'tincd_cfg="%s"\n' "$name" >> "/etc/rc.conf.d/tincd" fi ;; linux-gentoo) - if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks + if ! grep -Fq "NETWORK: $name" /etc/conf.d/tinc.networks then - printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks + printf "NETWORK: %s\n" "$name" >> /etc/conf.d/tinc.networks fi ;; esac case "${BASHTARD_PLATFORM[init]}" in systemd) - systemctl enable --now tinc@tyilnet.service + systemctl enable --now "tinc@$name.service" ;; *) svc enable "tinc" @@ -97,28 +113,50 @@ playbook_add() playbook_sync() { - local dir="$(config "fs.etcdir")/tinc/tyilnet" - local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local data + local etc + local hash local host + local iptool + local name + + data="$(playbook_path "data")" + etc="$(config "fs.etcdir")/tinc/$(config "$BASHTARD_PLAYBOOK.name")" + hash="$(dir_hash "$etc/hosts")" + host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + name="$(config "$BASHTARD_PLAYBOOK.name")" info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts" - rm -fr -- "$dir/hosts" - mkdir -p -- "$dir/hosts" + rm -fr -- "$etc/hosts" + mkdir -p -- "$etc/hosts" - for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/* + for path in "$data/hosts"/* do - host="$(basename "$path")" + file="$(basename "$path")" - notice "$BASHTARD_PLAYBOOK" "Updating host $host" - file_template "hosts/$host" \ - > "$dir/hosts/$host" + notice "$BASHTARD_PLAYBOOK" "Updating host $file" + cp -v -- "$data/hosts/$file" "$etc/hosts/$file" done + info "$BASHTARD_PLAYBOOK/sync" "Reconfiguring peers" + { + printf "Name = %s\n\n" "$host" + + while read -r peer + do + printf "ConnectTo = %s\n" "$(config "$BASHTARD_PLAYBOOK.peers.$peer")" + done < <( config_subkeys "$BASHTARD_PLAYBOOK.peers" ) + } > "$etc/tinc.conf" + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + [[ "$hash" == "$(dir_hash "$etc/hosts")" ]] && return + + info "$BASHTARD_PLAYBOOK" "Reloading service" case "${BASHTARD_PLATFORM[init]}" in systemd) - systemctl reload tinc@tyilnet.service + systemctl reload "tinc@$name.service" ;; *) svc reload "tinc" @@ -128,9 +166,15 @@ playbook_sync() playbook_del() { + local etc + local name + + etc="$(config "fs.etcdir")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + case "${BASHTARD_PLATFORM[init]}" in systemd) - systemctl disable --now tinc@tyilnet.service + systemctl disable --now "tinc@$name.service" ;; *) svc stop "tinc" @@ -140,5 +184,5 @@ playbook_del() pkg uninstall "tinc" - rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet" + rm -frv -- "$etc/tinc/$name" } |