Rework Zerotier role to allow for arbitrary adds and deletes

This commit is contained in:
Salt 2022-01-23 17:17:35 -06:00
parent 53ffaf52c4
commit 3810b96a38
4 changed files with 33 additions and 13 deletions

View File

@ -51,7 +51,7 @@ backup_s3_aws_secret_access_key: !vault |
# For zerotier # For zerotier
zerotier_network_id: !vault | zerotier_personal_network_id: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35646131343239623265663562343333383362366633386462646465643163353866643633636135 35646131343239623265663562343333383362366633386462646465643163353866643633636135
6238643231313536323337343663313865323430323437630a353462393830376431376363373232 6238643231313536323337343663313865323430323437630a353462393830376431376363373232

View File

@ -4,12 +4,14 @@
- hosts: tags_zt-personal - hosts: tags_zt-personal
roles: roles:
- role: zerotier - role: zerotier
vars:
zerotier_networks_join:
- "{{ zerotier_personal_network_id }}"
tags: [ zerotier ]
- hosts: all:!tags_zt-personal
roles:
- role: zerotier
vars:
zerotier_networks_leave:
- "{{ zerotier_personal_network_id }}"
tags: [ zerotier ] tags: [ zerotier ]
#- hosts: all
# tasks:
# - name: disable zerotier when not tagged
# systemd: name={{ item }} state=stopped enabled=no
# with_items:
# - zerotier-one.service
# when: "'tags_zt-personal' not in group_names and item in services"
# tags: [ zerotier ]

View File

@ -0,0 +1,10 @@
# vim:ft=ansible:
zerotier_repo_deb_key: "https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg"
zerotier_repo_deb: "deb http://download.zerotier.com/debian/bionic bionic main"
#zerotier_networks_join:
# - 38d1594bb4e73da3
zerotier_networks_join: []
#zerotier_networks_leave:
# - dd8722fc573dcbdd
zerotier_networks_leave: []

View File

@ -4,9 +4,9 @@
- name: configure zerotier for apt - name: configure zerotier for apt
block: block:
- name: ensure zerotier repo key - name: ensure zerotier repo key
apt_key: url=https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg apt_key: url="{{ zerotier_repo_deb_key }}"
- name: ensure zerotier repo - name: ensure zerotier repo
apt_repository: repo="deb http://download.zerotier.com/debian/bionic bionic main" apt_repository: repo="{{ zerotier_repo_deb }}"
- name: update apt cache - name: update apt cache
apt: update_cache=yes cache_valid_time=86400 apt: update_cache=yes cache_valid_time=86400
- name: ensure packages - name: ensure packages
@ -15,7 +15,15 @@
- name: template unit file - name: template unit file
template: src=zerotier-one.service dest=/etc/systemd/system/zerotier-one.service mode=0644 template: src=zerotier-one.service dest=/etc/systemd/system/zerotier-one.service mode=0644
notify: restart zerotier notify: restart zerotier
- name: join network - name: join networks
command: command:
argv: [ zerotier-cli, join, "{{ zerotier_network_id }}" ] argv: [ zerotier-cli, join, "{{ item }}" ]
with_items: "{{ zerotier_networks_join }}"
changed_when: no changed_when: no
- name: leave networks
command:
argv: [ zerotier-cli, leave, "{{ item }}" ]
register: zerotierleave
with_items: "{{ zerotier_networks_leave }}"
changed_when: no
failed_when: "'0 leave connection failed' in zerotierleave.stdout"