From 3810b96a38faa07dfeadc3191aec3ab905fb422e Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Sun, 23 Jan 2022 17:17:35 -0600
Subject: [PATCH] Rework Zerotier role to allow for arbitrary adds and deletes

---
 inventory/group_vars/all.yml     |  2 +-
 playbooks/tags_zt-personal.yml   | 18 ++++++++++--------
 roles/zerotier/defaults/main.yml | 10 ++++++++++
 roles/zerotier/tasks/main.yml    | 16 ++++++++++++----
 4 files changed, 33 insertions(+), 13 deletions(-)
 create mode 100644 roles/zerotier/defaults/main.yml

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 7fc2ae8..483922d 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -51,7 +51,7 @@ backup_s3_aws_secret_access_key: !vault |
 
 
 # For zerotier
-zerotier_network_id: !vault |
+zerotier_personal_network_id: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           35646131343239623265663562343333383362366633386462646465643163353866643633636135
           6238643231313536323337343663313865323430323437630a353462393830376431376363373232
diff --git a/playbooks/tags_zt-personal.yml b/playbooks/tags_zt-personal.yml
index 80844cd..67e6149 100755
--- a/playbooks/tags_zt-personal.yml
+++ b/playbooks/tags_zt-personal.yml
@@ -4,12 +4,14 @@
 - hosts: tags_zt-personal
   roles:
     - role: zerotier
+      vars:
+        zerotier_networks_join:
+          - "{{ zerotier_personal_network_id }}"
+      tags: [ zerotier ]
+- hosts: all:!tags_zt-personal
+  roles:
+    - role: zerotier
+      vars:
+        zerotier_networks_leave:
+          - "{{ zerotier_personal_network_id }}"
       tags: [ zerotier ]
-#- hosts: all
-#  tasks:
-#    - name: disable zerotier when not tagged
-#      systemd: name={{ item }} state=stopped enabled=no
-#      with_items:
-#        - zerotier-one.service
-#      when: "'tags_zt-personal' not in group_names and item in services"
-#      tags: [ zerotier ]
diff --git a/roles/zerotier/defaults/main.yml b/roles/zerotier/defaults/main.yml
new file mode 100644
index 0000000..18600ac
--- /dev/null
+++ b/roles/zerotier/defaults/main.yml
@@ -0,0 +1,10 @@
+# vim:ft=ansible:
+
+zerotier_repo_deb_key: "https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg"
+zerotier_repo_deb: "deb http://download.zerotier.com/debian/bionic bionic main"
+#zerotier_networks_join:
+#  - 38d1594bb4e73da3
+zerotier_networks_join: []
+#zerotier_networks_leave:
+#  - dd8722fc573dcbdd
+zerotier_networks_leave: []
diff --git a/roles/zerotier/tasks/main.yml b/roles/zerotier/tasks/main.yml
index f22e4c0..c470cd6 100644
--- a/roles/zerotier/tasks/main.yml
+++ b/roles/zerotier/tasks/main.yml
@@ -4,9 +4,9 @@
 - name: configure zerotier for apt
   block:
     - name: ensure zerotier repo key
-      apt_key: url=https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg
+      apt_key: url="{{ zerotier_repo_deb_key }}"
     - name: ensure zerotier repo
-      apt_repository: repo="deb http://download.zerotier.com/debian/bionic bionic main"
+      apt_repository: repo="{{ zerotier_repo_deb }}"
     - name: update apt cache
       apt: update_cache=yes cache_valid_time=86400
     - name: ensure packages
@@ -15,7 +15,15 @@
 - name: template unit file
   template: src=zerotier-one.service dest=/etc/systemd/system/zerotier-one.service mode=0644
   notify: restart zerotier
-- name: join network
+- name: join networks
   command:
-    argv: [ zerotier-cli, join, "{{ zerotier_network_id }}" ]
+    argv: [ zerotier-cli, join, "{{ item }}" ]
+  with_items: "{{ zerotier_networks_join }}"
   changed_when: no
+- name: leave networks
+  command:
+    argv: [ zerotier-cli, leave, "{{ item }}" ]
+  register: zerotierleave
+  with_items: "{{ zerotier_networks_leave }}"
+  changed_when: no
+  failed_when: "'0 leave connection failed' in zerotierleave.stdout"