From 908718a622fe229d17da7303b117eee0fe7f8d9d Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Mon, 25 Apr 2022 13:45:34 +0200 Subject: Rename playbooks --- playbooks.d/vpn-tinc/description.txt | 1 + playbooks.d/vpn-tinc/etc/defaults | 6 + .../vpn-tinc/etc/os.d/linux-debian_gnu_linux | 1 + playbooks.d/vpn-tinc/playbook.bash | 123 +++++++++++++++++++++ playbooks.d/vpn-tinc/share/host | 2 + playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net | 16 +++ playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net | 16 +++ playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net | 16 +++ playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net | 16 +++ playbooks.d/vpn-tinc/share/tinc-down-ifconfig | 3 + playbooks.d/vpn-tinc/share/tinc-down-ip | 3 + playbooks.d/vpn-tinc/share/tinc-up-ifconfig | 3 + playbooks.d/vpn-tinc/share/tinc-up-ip | 5 + playbooks.d/vpn-tinc/share/tinc.conf | 4 + 14 files changed, 215 insertions(+) create mode 100644 playbooks.d/vpn-tinc/description.txt create mode 100644 playbooks.d/vpn-tinc/etc/defaults create mode 100644 playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux create mode 100644 playbooks.d/vpn-tinc/playbook.bash create mode 100644 playbooks.d/vpn-tinc/share/host create mode 100644 playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net create mode 100644 playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net create mode 100644 playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net create mode 100644 playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net create mode 100644 playbooks.d/vpn-tinc/share/tinc-down-ifconfig create mode 100644 playbooks.d/vpn-tinc/share/tinc-down-ip create mode 100644 playbooks.d/vpn-tinc/share/tinc-up-ifconfig create mode 100644 playbooks.d/vpn-tinc/share/tinc-up-ip create mode 100644 playbooks.d/vpn-tinc/share/tinc.conf (limited to 'playbooks.d/vpn-tinc') diff --git a/playbooks.d/vpn-tinc/description.txt b/playbooks.d/vpn-tinc/description.txt new file mode 100644 index 0000000..0bad766 --- /dev/null +++ b/playbooks.d/vpn-tinc/description.txt @@ -0,0 +1 @@ +VPN through tinc diff --git a/playbooks.d/vpn-tinc/etc/defaults b/playbooks.d/vpn-tinc/etc/defaults new file mode 100644 index 0000000..3186527 --- /dev/null +++ b/playbooks.d/vpn-tinc/etc/defaults @@ -0,0 +1,6 @@ +app.tinc=tinc +app.tincd=tincd + +pkg.tinc=tinc + +svc.tinc=tincd diff --git a/playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux b/playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux new file mode 100644 index 0000000..9a5da58 --- /dev/null +++ b/playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux @@ -0,0 +1 @@ +svc.tinc=tinc@tyilnet diff --git a/playbooks.d/vpn-tinc/playbook.bash b/playbooks.d/vpn-tinc/playbook.bash new file mode 100644 index 0000000..f9c8dd5 --- /dev/null +++ b/playbooks.d/vpn-tinc/playbook.bash @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +playbook_add() +{ + local tinc="$(config "app.tinc")" + local tincd="$(config "app.tincd")" + local dir="$(config "fs.etcdir")/tinc/tyilnet" + local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local ipv4="$(config "vpn.ipv4")" + + if [[ -z "$ipv4" ]] + then + emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}" + return 2 + fi + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) iptool=ifconfig ;; + *) iptool=ip + esac + + info "$BASHTARD_PLAYBOOK" "Installing tinc" + pkg install "tinc" + + info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir" + mkdir -pv -- \ + "$dir" \ + "$dir/hosts" + + file_template tinc.conf \ + "name=$name" \ + > "$dir/tinc.conf" + + file_template "tinc-up-$iptool" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/tinc-up" + + file_template "tinc-down-$iptool" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/tinc-down" + + file_template "host" \ + "ip4=$(config "vpn.ipv4")" \ + > "$dir/hosts/$name" + + chmod +x \ + "$dir/tinc-up" \ + "$dir/tinc-down" + + info "$BASHTARD_PLAYBOOK" "Generating private keys" + + case "$($tincd --version | awk '{ print $3 }' | head -n1)" in + 1.0*) + $tincd -n tyilnet -K4096 + ;; + 1.1*|*) + $tinc -n tyilnet generate-rsa-keys 4096 + $tinc -n tyilnet generate-ed25519-keys + ;; + esac + + info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs" + + cp -v -- \ + "$dir/hosts/$name" \ + "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name" + + playbook_sync + + info "$BASHTARD_PLAYBOOK" "Enabling VPN service" + + case "${BASHTARD_PLATFORM[key]}" in + freebsd) + if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd" + then + printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd" + fi + ;; + linux-gentoo) + if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks + then + printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks + fi + ;; + esac + + svc enable "tinc" + svc start "tinc" +} + +playbook_sync() +{ + local dir="$(config "fs.etcdir")/tinc/tyilnet" + local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local host + + info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts" + rm -fr -- "$dir/hosts" + mkdir -p -- "$dir/hosts" + + for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/* + do + host="$(basename "$path")" + + notice "$BASHTARD_PLAYBOOK" "Updating host $host" + file_template "hosts/$host" \ + > "$dir/hosts/$host" + done + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + + svc reload "tinc" +} + +playbook_del() +{ + svc stop "tinc" + svc disable "tinc" + + pkg uninstall "tinc" + + rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet" +} diff --git a/playbooks.d/vpn-tinc/share/host b/playbooks.d/vpn-tinc/share/host new file mode 100644 index 0000000..c24d4ad --- /dev/null +++ b/playbooks.d/vpn-tinc/share/host @@ -0,0 +1,2 @@ +Subnet = ${ip4}/32 + diff --git a/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net b/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net new file mode 100644 index 0000000..4856c95 --- /dev/null +++ b/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.100.3/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO +VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85 +F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq +cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3 +VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K ++ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0 +jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs +38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip +pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX +Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y +qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG diff --git a/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net b/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net new file mode 100644 index 0000000..c5d5b05 --- /dev/null +++ b/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net @@ -0,0 +1,16 @@ +Address = 116.202.102.33 +Subnet = 10.57.20.2/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta +P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC +EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf +TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo +FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W +mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY +oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5 +t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I +rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1 +OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/ +8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net b/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net new file mode 100644 index 0000000..6e095bb --- /dev/null +++ b/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.100.7/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p +PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl +a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn +KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T +UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw +gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex +zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc +mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf +yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP +CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ +fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO diff --git a/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net b/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net new file mode 100644 index 0000000..eba305b --- /dev/null +++ b/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net @@ -0,0 +1,16 @@ +Address = 37.48.120.26 +Subnet = 10.57.20.6/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV +ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj +iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM +XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd +VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR +giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W +5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV +Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179 +B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v +7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ +tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/tinc-down-ifconfig b/playbooks.d/vpn-tinc/share/tinc-down-ifconfig new file mode 100644 index 0000000..6563f07 --- /dev/null +++ b/playbooks.d/vpn-tinc/share/tinc-down-ifconfig @@ -0,0 +1,3 @@ +#!/bin/sh + +ifconfig "$INTERFACE" down diff --git a/playbooks.d/vpn-tinc/share/tinc-down-ip b/playbooks.d/vpn-tinc/share/tinc-down-ip new file mode 100644 index 0000000..800ebb3 --- /dev/null +++ b/playbooks.d/vpn-tinc/share/tinc-down-ip @@ -0,0 +1,3 @@ +#!/bin/sh + +ip link set "$INTERFACE" down diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ifconfig b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig new file mode 100644 index 0000000..66c897e --- /dev/null +++ b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig @@ -0,0 +1,3 @@ +#!/bin/sh + +ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0 diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ip b/playbooks.d/vpn-tinc/share/tinc-up-ip new file mode 100644 index 0000000..191d310 --- /dev/null +++ b/playbooks.d/vpn-tinc/share/tinc-up-ip @@ -0,0 +1,5 @@ +#!/bin/sh + +ip -4 addr add "${ip4}/16" dev "$INTERFACE" + +ip link set "$INTERFACE" up diff --git a/playbooks.d/vpn-tinc/share/tinc.conf b/playbooks.d/vpn-tinc/share/tinc.conf new file mode 100644 index 0000000..618a271 --- /dev/null +++ b/playbooks.d/vpn-tinc/share/tinc.conf @@ -0,0 +1,4 @@ +Name = ${name} + +ConnectTo = caeghi_tyil_net +ConnectTo = gaeru_tyil_net -- cgit v1.1