diff options
author | Micah Anderson <micah@riseup.net> | 2022-06-10 15:37:25 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2022-06-10 15:37:25 -0400 |
commit | bed631a538c5d41285f006b9d9b75e7098934865 (patch) | |
tree | 722a572fb2163e60110b69bed04ea63fe050fa64 | |
parent | 47ee1674e795d42b2ed25dc6ee81bf345e367157 (diff) |
Abstract out simplevpn into its own role.
It was possible for the `provider` service to not get an updated provider.json
when it is generated if it is scheduled on a different backend than `vpnweb`,
because it didn't have its own role to apply that template. This fixes that
missing piece for the `provider` service.
However, because the provider role and the vpnweb both need to be able to
reference the templates that are rendered by simplevpn, this abstracts that into
its own role so both can use it.
-rw-r--r-- | config/roles/provider/meta/main.yml | 3 | ||||
-rw-r--r-- | config/roles/provider/tasks/main.yml | 10 | ||||
-rw-r--r-- | config/roles/simplevpn/tasks/main.yml | 16 | ||||
-rw-r--r-- | config/roles/vpnweb/meta/main.yml | 3 | ||||
-rw-r--r-- | config/roles/vpnweb/tasks/main.yml | 18 |
5 files changed, 32 insertions, 18 deletions
diff --git a/config/roles/provider/meta/main.yml b/config/roles/provider/meta/main.yml new file mode 100644 index 0000000..a55feb4 --- /dev/null +++ b/config/roles/provider/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: simplevpn } diff --git a/config/roles/provider/tasks/main.yml b/config/roles/provider/tasks/main.yml new file mode 100644 index 0000000..0a75b87 --- /dev/null +++ b/config/roles/provider/tasks/main.yml @@ -0,0 +1,10 @@ +# install the provider.json +- name: "Create directory for provider.json to live" + file: + path: "/etc/leap/config/vpnweb" + state: directory + +- name: "Render the provider.json template" + template: + src: 'provider-config.json.j2' + dest: '/etc/leap/config/vpnweb/provider.json' diff --git a/config/roles/simplevpn/tasks/main.yml b/config/roles/simplevpn/tasks/main.yml new file mode 100644 index 0000000..aa11404 --- /dev/null +++ b/config/roles/simplevpn/tasks/main.yml @@ -0,0 +1,16 @@ +- name: "Generate eip-service.json and provider.json" + local_action: + module: simplevpn + obfs4_state_dir: "{{ credentials_dir }}/shapeshifter" + locations: "{{ locations }}" + domain: "{{ domain_public[0] }}" + provider_description: "{{ provider_config.description }}" + gateways: "{{ groups['openvpn'] | map('extract', hostvars) | list }}" + openvpn: "{{ openvpn_config }}" + provider_api_uri: "https://{{ api_uri }}:4430" + ca_cert_uri: "https://{{ ca_cert_uri }}" + ca_public_crt: "{{ credentials_dir }}/common/api_ca.crt" + run_once: true + register: simplevpn_result + notify: + - "restart docker-vpnweb-vpnweb" diff --git a/config/roles/vpnweb/meta/main.yml b/config/roles/vpnweb/meta/main.yml new file mode 100644 index 0000000..a55feb4 --- /dev/null +++ b/config/roles/vpnweb/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: simplevpn } diff --git a/config/roles/vpnweb/tasks/main.yml b/config/roles/vpnweb/tasks/main.yml index 40f8bf0..482a6be 100644 --- a/config/roles/vpnweb/tasks/main.yml +++ b/config/roles/vpnweb/tasks/main.yml @@ -1,23 +1,5 @@ - import_tasks: "credentials.yml" -- name: "Generate eip-service.json and provider.json" - local_action: - module: simplevpn - obfs4_state_dir: "{{ credentials_dir }}/shapeshifter" - locations: "{{ locations }}" - domain: "{{ domain_public[0] }}" - provider_description: "{{ provider_config.description }}" - gateways: "{{ groups['openvpn'] | map('extract', hostvars) | list }}" - openvpn: "{{ openvpn_config }}" - provider_api_uri: "https://{{ api_uri }}:4430" - ca_cert_uri: "https://{{ ca_cert_uri }}" - ca_public_crt: "{{ credentials_dir }}/common/api_ca.crt" - run_once: true - register: simplevpn_result - notify: - - "restart docker-vpnweb-vpnweb" - - # need to install the api dirs - name: "Create API versioned directories" file: |