https://github.com/reddec/ansible-role-tinc-boot
Role to install tinc-boot
https://github.com/reddec/ansible-role-tinc-boot
Last synced: over 1 year ago
JSON representation
Role to install tinc-boot
- Host: GitHub
- URL: https://github.com/reddec/ansible-role-tinc-boot
- Owner: reddec
- License: mpl-2.0
- Created: 2019-10-15T05:13:03.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-10-16T06:57:26.000Z (over 6 years ago)
- Last Synced: 2025-03-09T00:06:38.916Z (over 1 year ago)
- Language: Python
- Size: 21.5 KB
- Stars: 0
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Role Name
=========
Easy-install for tinc vpn and tinc-boot.
Requirements
------------
* tar + gzip: for binary installation
Role Variables
--------------
| Variable | Default value | Description |
| -------- | ------------- | ----------- |
| tinc_boot_network | dnet | network name (also interface name) |
| tinc_boot_tinc_dir | /etc/tinc | location for configuration files (do not change if not sure) |
| tinc_boot_bin_dir | /usr/local/bin/ | installation directory for the binary |
| tinc_boot_port | 0 | port for connections (tinc-boot will check availability; 0 means random) |
| tinc_boot_name | "{{ ansible_hostname }}" | node name |
| tinc_boot_mask | 16 | routing IP mask (do not change if not sure) |
| tinc_boot_prefix | 172.173 | IP address prefix (should be same in mask) |
| tinc_boot_public | no | is node public. If yes - will be used tinc_boot_address or ansible_default_ipv4 |
| tinc_boot_address | '' | custom node public address |
| tinc_boot_services | yes | enable tinc service? |
| tinc_boot_entry_group | '' | entry nodes - ansible inventory roles that can be used as point of key distribution |
| tinc_boot_bootnode | no | setup node as a boot node |
| tinc_boot_binding | "0.0.0.0:8655" | bootnode bindin address |
| tinc_boot_token | "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}" | bootnode token |
| tinc_boot_tls_key | '' | (optional) bootnode TLS path to key on local host |
| tinc_boot_tls_cert | '' | (optional) bootnode TLS path to certificate on local host |
| tinc_boot_certs_location | "/etc/ssl/certs/tinc-boot/{{ tinc_boot_network }}" | location to store TLS files on host |
* `tinc_boot_network`, `tinc_boot_name` should contains only alphanumeric letters in lowercase.
* To enable TLS for bootnode in addition to flag `tinc_boot_bootnode=yes`, `tinc_boot_tls_key` AND `tinc_boot_tls_cert` should be defined as pathes to local files. Files will be copied to `tinc_boot_certs_location`
* If `tinc_boot_entry_group` defined Ansible will make keys exchange with all hosts in the group and rely on hostvars `tinc_boot_tinc_dir` (default: `/etc/tinc`) and `tinc_boot_network` (default: role `tinc_boot_network`).
Example Playbook
----------------
Public node:
- hosts: servers
roles:
- tinc_boot
vars:
tinc_boot_public: yes
Private node:
- hosts: servers
roles:
- tinc_boot
Join to existent network (role - 'tinc'):
- hosts: servers
roles:
- tinc_boot
vars:
tinc_boot_entry_group: tinc
How to test
-----------
By vagrant `vagrant up --provision`
Reset by `vagrant destroy -f --parallel`
License
-------
MPL-2.0
Author Information
------------------
Made by author of tinc-boot itself