infrastructure/ansible/roles/nebula/tasks/main.yml

66 lines
1.4 KiB
YAML
Raw Normal View History

- name: Create config directory
2021-01-25 21:53:04 +00:00
file:
path: /etc/nebula
state: directory
mode: "0700"
become: true
- name: Install nebula
package:
name: nebula
when: ansible_os_family == 'Archlinux'
become: true
- name: Manually install nebula
block:
- name: Install binaries
unarchive:
src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-linux-amd64.tar.gz
dest: /usr/bin
remote_src: true
mode: "0755"
- name: Install service
get_url:
url: https://raw.githubusercontent.com/slackhq/nebula/v{{ nebula_version }}/dist/arch/nebula.service
dest: /usr/lib/systemd/system/nebula.service
mode: "0644"
when: ansible_os_family != 'Archlinux'
tags:
- skip_ansible_lint
notify: restart nebula
become: true
- name: Install config
2021-01-25 21:53:04 +00:00
template:
src: files/nebula.yml
dest: /etc/nebula/config.yml
mode: "0600"
become: true
notify: restart nebula
2021-01-30 20:06:31 +00:00
- name: Install CA certificate
template:
src: files/ca.crt
dest: /etc/nebula/ca.crt
mode: "0600"
become: true
notify: restart nebula
- name: Install client certificates
template:
src: files/certs/{{ item }}
dest: /etc/nebula/{{ item }}
mode: "0600"
loop:
2021-03-04 16:06:43 +00:00
- "{{ ansible_hostname }}.key"
- "{{ ansible_hostname }}.crt"
2021-01-30 20:06:31 +00:00
become: true
notify: restart nebula
- name: Enable service
service:
name: nebula
enabled: true
become: true