tinc_boot
Role Name
Easy-install for tinc vpn and tinc-boot.
Requirements
- tar + gzip: for binary installation
Role Variables
| Variable | Default value | Description |
|---|---|---|
| tinc_boot_network | dnet | network name (also interface name) |
| tinc_boot_tinc_dir | /etc/tinc | location for configuration files (do not change if not sure) |
| tinc_boot_bin_dir | /usr/local/bin/ | installation directory for the binary |
| tinc_boot_port | 0 | port for connections (tinc-boot will check availability; 0 means random) |
| tinc_boot_name | "{{ ansible_hostname }}" | node name |
| tinc_boot_mask | 16 | routing IP mask (do not change if not sure) |
| tinc_boot_prefix | 172.173 | IP address prefix (should be same in mask) |
| tinc_boot_public | no | is node public. If yes - will be used tinc_boot_address or ansible_default_ipv4 |
| tinc_boot_address | '' | custom node public address |
| tinc_boot_services | yes | enable tinc service? |
| tinc_boot_entry_group | '' | entry nodes - ansible inventory roles that can be used as point of key distribution |
| tinc_boot_bootnode | no | setup node as a boot node |
| tinc_boot_binding | "0.0.0.0:8655" | bootnode bindin address |
| tinc_boot_token | "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}" | bootnode token |
| tinc_boot_tls_key | '' | (optional) bootnode TLS path to key on local host |
| tinc_boot_tls_cert | '' | (optional) bootnode TLS path to certificate on local host |
| tinc_boot_certs_location | "/etc/ssl/certs/tinc-boot/{{ tinc_boot_network }}" | location to store TLS files on host |
tinc_boot_network,tinc_boot_nameshould contains only alphanumeric letters in lowercase.- To enable TLS for bootnode in addition to flag
tinc_boot_bootnode=yes,tinc_boot_tls_keyANDtinc_boot_tls_certshould be defined as pathes to local files. Files will be copied totinc_boot_certs_location - If
tinc_boot_entry_groupdefined Ansible will make keys exchange with all hosts in the group and rely on hostvarstinc_boot_tinc_dir(default:/etc/tinc) andtinc_boot_network(default: roletinc_boot_network).
Example Playbook
Public node:
- hosts: servers
roles:
- tinc_boot
vars:
tinc_boot_public: yes
Private node:
- hosts: servers
roles:
- tinc_boot
Join to existent network (role - 'tinc'):
- hosts: servers
roles:
- tinc_boot
vars:
tinc_boot_entry_group: tinc
How to test
By vagrant vagrant up --provision
Reset by vagrant destroy -f --parallel
License
MPL-2.0
Author Information
Made by author of tinc-boot itself
Install
ansible-galaxy install reddec/ansible-role-tinc-bootLicense
mpl-2.0
Downloads
127
Owner