diff options
Diffstat (limited to 'playbooks.d/vpn-tinc/playbook.bash')
-rw-r--r-- | playbooks.d/vpn-tinc/playbook.bash | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/playbooks.d/vpn-tinc/playbook.bash b/playbooks.d/vpn-tinc/playbook.bash new file mode 100644 index 0000000..f9c8dd5 --- /dev/null +++ b/playbooks.d/vpn-tinc/playbook.bash @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +playbook_add() +{ + local tinc="$(config "app.tinc")" + local tincd="$(config "app.tincd")" + local dir="$(config "fs.etcdir")/tinc/tyilnet" + local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local ipv4="$(config "vpn.ipv4")" + + if [[ -z "$ipv4" ]] + then + emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}" + return 2 + fi + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) iptool=ifconfig ;; + *) iptool=ip + esac + + info "$BASHTARD_PLAYBOOK" "Installing tinc" + pkg install "tinc" + + info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir" + mkdir -pv -- \ + "$dir" \ + "$dir/hosts" + + file_template tinc.conf \ + "name=$name" \ + > "$dir/tinc.conf" + + file_template "tinc-up-$iptool" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/tinc-up" + + file_template "tinc-down-$iptool" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/tinc-down" + + file_template "host" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/hosts/$name" + + chmod +x \ + "$dir/tinc-up" \ + "$dir/tinc-down" + + info "$BASHTARD_PLAYBOOK" "Generating private keys" + + case "$($tincd --version | awk '{ print $3 }' | head -n1)" in + 1.0*) + $tincd -n tyilnet -K4096 + ;; + 1.1*|*) + $tinc -n tyilnet generate-rsa-keys 4096 + $tinc -n tyilnet generate-ed25519-keys + ;; + esac + + info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs" + + cp -v -- \ + "$dir/hosts/$name" \ + "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name" + + playbook_sync + + info "$BASHTARD_PLAYBOOK" "Enabling VPN service" + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) + if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd" + then + printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd" + fi + ;; + linux-gentoo) + if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks + then + printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks + fi + ;; + esac + + svc enable "tinc" + svc start "tinc" +} + +playbook_sync() +{ + local dir="$(config "fs.etcdir")/tinc/tyilnet" + local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local host + + info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts" + rm -fr -- "$dir/hosts" + mkdir -p -- "$dir/hosts" + + for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/* + do + host="$(basename "$path")" + + notice "$BASHTARD_PLAYBOOK" "Updating host $host" + file_template "hosts/$host" \ + > "$dir/hosts/$host" + done + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + + svc reload "tinc" +} + +playbook_del() +{ + svc stop "tinc" + svc disable "tinc" + + pkg uninstall "tinc" + + rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet" +} |