save

f0c70cbc · nanahira · b66691e2 · f0c70cbc · f0c70cbc · f0c70cbc
Commit f0c70cbc authored May 07, 2024 by nanahira
Showing with 1851 additions and 2 deletions

files/.gitignore files/.gitignore +1 -0

files/urls.py files/urls.py +1722 -0

worker.yml worker.yml +20 -2

zeeai-certs.yaml zeeai-certs.yaml +24 -0

znode-wg.yml znode-wg.yml +84 -0

No files found.
--- a/files/.gitignore
+++ b/files/.gitignore
+/zeeai-certs
--- a/files/urls.py
+++ b/files/urls.py
--- a/worker.yml
+++ b/worker.yml
@@ -25,7 +25,7 @@
      become: true
      apt:
        update_cache: true
-        name: ocserv,apache2-utils
+        name: ocserv,apache2-utils,python3-six
    - name: stop ocserv
      become: true
      service:
@@ -40,8 +40,26 @@
    - name: install pip packages
      become: true
      pip:
-        name: ansible==2.9.6,awscli,jinja2==3.0.0 
+        name: ansible<2.11.0,jinja2==3.0.0 
        state: latest
+    - name: set ansible module_utils path
+      set_fact:
+        module_util_path: '/usr/local/lib/python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}/dist-packages/ansible/module_utils'
+    - name: remove deprecated six
+      become: true
+      file:
+        path: '{{module_util_path}}/six'
+        state: absent
+    - name: copy six.py
+      become: true
+      copy:
+        src: /usr/lib/python3/dist-packages/six.py
+        dest: '{{module_util_path}}/six.py'
+    - name: copy urls.py
+      become: true
+      copy:
+        src: ./files/urls.py
+        dest: '{{module_util_path}}/urls.py'
    - name: ansible
      become: true
      synchronize:

--- a/zeeai-certs.yaml
+++ b/zeeai-certs.yaml
+---
+- hosts: zeeai-certs
+  remote_user: root
+  tasks:
+    - name: directories
+      ignore_errors: true
+      file:
+        path: '{{path}}'
+        state: directory
+        recurse: yes
+      with_items: '{{certs}}'
+    - name: certs
+      synchronize:
+        src: ../certs/{{item.domain}}/
+        dest: '{{path}}'
+        delete: yes
+        copy_links: yes
+        verify_host: no
+        recursive: yes
+        checksum: yes
+        archive: no
+      with_items: '{{certs}}'
+      when: not item.become is defined or not item.become
+      notify: handle
--- a/znode-wg.yml
+++ b/znode-wg.yml
+---
+  - hosts: znodes
+    remote_user: root
+    vars:
+      openvpn_docker_compose:
+        version: '2.4'
+        services:
+          openvpn:
+            restart: always
+            image: kylemanna/openvpn
+            cap_add:
+              - NET_ADMIN
+              - NET_RAW
+            network_mode: host
+            volumes:
+              - ./data:/etc/openvpn
+      openvpn_client_name: orange
+    tasks:
+      - name: public key
+        authorized_key:
+          user: '{{ ansible_ssh_user }}'
+          key: '{{ ssh_pubkey }}'
+      - name: wg directory
+        become: true
+        file:
+          path: '/etc/wireguard'
+          state: directory
+          recurse: true
+      - name: wg config
+        become: true
+        copy:
+          dest: '/etc/wireguard/wgz.conf'
+          content: |
+            [Interface]
+            Address = {{ wg_address }}
+            PrivateKey = {{ wg_privkey }}
+            ListenPort = {{ wg_port }}
+        notify: restart_wg
+      - name: launch wg-quick
+        become: true
+        systemd:
+          name: wg-quick@wgz
+          enabled: true
+          state: started
+      - name: openvpn directory
+        file:
+          path: '{{ansible_user_dir}}/openvpn/data'
+          state: directory
+          recurse: true
+      - name: openvpn docker-compose.yml
+        copy:
+          content: '{{ openvpn_docker_compose | to_nice_yaml }}'
+          dest: '{{ansible_user_dir}}/openvpn/docker-compose.yml'
+      - name: init openvpn
+        shell: |
+          docker compose run --rm openvpn ovpn_genconfig -u udp://{{ansible_ssh_host}} -n {{dns}} -s {{openvpn_network}}
+          yes '' | docker compose run --rm openvpn ovpn_initpki nopass
+          docker compose run --rm openvpn easyrsa build-client-full {{ openvpn_client_name }} nopass
+          docker compose run --rm openvpn ovpn_getclient {{ openvpn_client_name }} > {{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn
+        args:
+          creates: '{{ansible_user_dir}}/openvpn/data/openvpn.conf'
+          chdir: '{{ansible_user_dir}}/openvpn'
+        register: openvpn_inited
+      - name: generate conf base64
+        shell: |
+          cat {{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn | base64 -w 0 > {{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn.base64
+        args:
+          creates: '{{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn.base64'
+      - name: docker-compose up -d
+        docker_compose:
+          project_src: '{{ansible_user_dir}}/openvpn'
+          state: present
+          remove_orphans: true
+      - name: collect openvpn file
+        fetch:
+          src: '{{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn.base64'
+          dest: '../collector/znode-ovpn/{{ansible_ssh_host}}.ovpn.base64'
+          flat: true
+        # when: openvpn_inited.changed
+    handlers:
+      - name: restart_wg
+        systemd:
+          name: wg-quick@wgz
+          state: restarted