Rework Zerotier role to allow for arbitrary adds and deletes

2022-01-23 17:17:35 -06:00 · 2022-01-23 17:17:35 -06:00 · 3810b96a38
parent 53ffaf52c4
commit 3810b96a38
4 changed files with 33 additions and 13 deletions
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -51,7 +51,7 @@ backup_s3_aws_secret_access_key: !vault |


 # For zerotier
-zerotier_network_id: !vault |
+zerotier_personal_network_id: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          35646131343239623265663562343333383362366633386462646465643163353866643633636135
          6238643231313536323337343663313865323430323437630a353462393830376431376363373232
--- a/playbooks/tags_zt-personal.yml
+++ b/playbooks/tags_zt-personal.yml
@ -4,12 +4,14 @@
 - hosts: tags_zt-personal
  roles:
    - role: zerotier
+      vars:
+        zerotier_networks_join:
+          - "{{ zerotier_personal_network_id }}"
+      tags: [ zerotier ]
+- hosts: all:!tags_zt-personal
+  roles:
+    - role: zerotier
+      vars:
+        zerotier_networks_leave:
+          - "{{ zerotier_personal_network_id }}"
      tags: [ zerotier ]
-#- hosts: all
-#  tasks:
-#    - name: disable zerotier when not tagged
-#      systemd: name={{ item }} state=stopped enabled=no
-#      with_items:
-#        - zerotier-one.service
-#      when: "'tags_zt-personal' not in group_names and item in services"
-#      tags: [ zerotier ]
--- a/roles/zerotier/defaults/main.yml
+++ b/roles/zerotier/defaults/main.yml
@ -0,0 +1,10 @@
+# vim:ft=ansible:
+
+zerotier_repo_deb_key: "https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg"
+zerotier_repo_deb: "deb http://download.zerotier.com/debian/bionic bionic main"
+#zerotier_networks_join:
+#  - 38d1594bb4e73da3
+zerotier_networks_join: []
+#zerotier_networks_leave:
+#  - dd8722fc573dcbdd
+zerotier_networks_leave: []
--- a/roles/zerotier/tasks/main.yml
+++ b/roles/zerotier/tasks/main.yml
@ -4,9 +4,9 @@
 - name: configure zerotier for apt
  block:
    - name: ensure zerotier repo key
-      apt_key: url=https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg
+      apt_key: url="{{ zerotier_repo_deb_key }}"
    - name: ensure zerotier repo
-      apt_repository: repo="deb http://download.zerotier.com/debian/bionic bionic main"
+      apt_repository: repo="{{ zerotier_repo_deb }}"
    - name: update apt cache
      apt: update_cache=yes cache_valid_time=86400
    - name: ensure packages
@ -15,7 +15,15 @@
 - name: template unit file
  template: src=zerotier-one.service dest=/etc/systemd/system/zerotier-one.service mode=0644
  notify: restart zerotier
- name: join network
+- name: join networks
  command:
-    argv: [ zerotier-cli, join, "{{ zerotier_network_id }}" ]
+    argv: [ zerotier-cli, join, "{{ item }}" ]
+  with_items: "{{ zerotier_networks_join }}"
  changed_when: no
+- name: leave networks
+  command:
+    argv: [ zerotier-cli, leave, "{{ item }}" ]
+  register: zerotierleave
+  with_items: "{{ zerotier_networks_leave }}"
+  changed_when: no
+  failed_when: "'0 leave connection failed' in zerotierleave.stdout"