reddec.tinc_boot
Role Name
Easy installation for tinc VPN and tinc-boot.
Requirements
- tar + gzip: needed for binary installation
Role Variables
| Variable | Default Value | Description |
|---|---|---|
| tinc_boot_network | dnet | name of the network (also the interface name) |
| tinc_boot_tinc_dir | /etc/tinc | place for config files (keep default if unsure) |
| tinc_boot_bin_dir | /usr/local/bin/ | where the binary will be installed |
| tinc_boot_port | 0 | connection port (tinc-boot will check if it's available; 0 means random) |
| tinc_boot_name | "{{ ansible_hostname }}" | name of the node |
| tinc_boot_mask | 16 | IP routing mask (keep default if unsure) |
| tinc_boot_prefix | 172.173 | IP address prefix (should match the mask) |
| tinc_boot_public | no | is the node public? If yes, use tinc_boot_address or ansible_default_ipv4 |
| tinc_boot_address | '' | custom public address for the node |
| tinc_boot_services | yes | should the tinc service be enabled? |
| tinc_boot_entry_group | '' | entry nodes - Ansible inventory roles for key distribution |
| tinc_boot_bootnode | no | set the node as a boot node |
| tinc_boot_binding | "0.0.0.0:8655" | bootnode binding address |
| tinc_boot_token | "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}" | token for bootnode |
| tinc_boot_tls_key | '' | (optional) path to bootnode TLS key on local host |
| tinc_boot_tls_cert | '' | (optional) path to bootnode TLS certificate on local host |
| tinc_boot_certs_location | "/etc/ssl/certs/tinc-boot/{{ tinc_boot_network }}" | where to store TLS files on host |
- Use only lowercase letters and numbers for
tinc_boot_networkandtinc_boot_name. - To enable TLS for the bootnode, set
tinc_boot_bootnode=yes, and provide paths fortinc_boot_tls_keyANDtinc_boot_tls_cert. These files will be copied totinc_boot_certs_location. - If
tinc_boot_entry_groupis set, Ansible will exchange keys with all hosts in that group and look fortinc_boot_tinc_dir(default:/etc/tinc) andtinc_boot_network(default: roletinc_boot_network).
Example Playbook
Public node:
- hosts: servers
roles:
- tinc_boot
vars:
tinc_boot_public: yes
Private node:
- hosts: servers
roles:
- tinc_boot
Join an existing network (using the role 'tinc'):
- hosts: servers
roles:
- tinc_boot
vars:
tinc_boot_entry_group: tinc
How to Test
Use Vagrant: vagrant up --provision
Reset with: vagrant destroy -f --parallel
License
MPL-2.0
Author Information
Created by the author of tinc-boot
Informazioni sul progetto
Full mesh VPN without pain
Installa
ansible-galaxy install reddec.tinc_bootLicenza
mpl-2.0
Download
155
Proprietario