2021-01-30 19:10:52 +00:00
|
|
|
- name: Create config directory
|
2021-01-25 21:53:04 +00:00
|
|
|
file:
|
|
|
|
path: /etc/nebula
|
|
|
|
state: directory
|
|
|
|
mode: "0700"
|
|
|
|
become: true
|
|
|
|
|
2023-12-24 19:38:58 +00:00
|
|
|
- name: Install nebula
|
|
|
|
package:
|
|
|
|
name: nebula
|
|
|
|
when: ansible_os_family == 'Archlinux'
|
2021-01-30 19:10:52 +00:00
|
|
|
become: true
|
2023-12-24 19:38:58 +00:00
|
|
|
|
|
|
|
- name: Manually install nebula
|
|
|
|
block:
|
|
|
|
- name: Install binaries
|
|
|
|
unarchive:
|
|
|
|
src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-linux-amd64.tar.gz
|
|
|
|
dest: /usr/bin
|
|
|
|
remote_src: true
|
|
|
|
mode: "0755"
|
|
|
|
|
|
|
|
- name: Install service
|
|
|
|
get_url:
|
|
|
|
url: https://raw.githubusercontent.com/slackhq/nebula/v{{ nebula_version }}/dist/arch/nebula.service
|
|
|
|
dest: /usr/lib/systemd/system/nebula.service
|
|
|
|
mode: "0644"
|
|
|
|
when: ansible_os_family != 'Archlinux'
|
2021-01-30 19:10:52 +00:00
|
|
|
notify: restart nebula
|
2023-12-24 19:38:58 +00:00
|
|
|
become: true
|
2021-01-30 19:10:52 +00:00
|
|
|
|
|
|
|
- name: Install config
|
2021-01-25 21:53:04 +00:00
|
|
|
template:
|
|
|
|
src: files/nebula.yml
|
|
|
|
dest: /etc/nebula/config.yml
|
|
|
|
mode: "0600"
|
|
|
|
become: true
|
2021-01-30 19:10:52 +00:00
|
|
|
notify: restart nebula
|
|
|
|
|
2021-01-30 20:06:31 +00:00
|
|
|
- name: Install CA certificate
|
|
|
|
template:
|
|
|
|
src: files/ca.crt
|
|
|
|
dest: /etc/nebula/ca.crt
|
|
|
|
mode: "0600"
|
|
|
|
become: true
|
|
|
|
notify: restart nebula
|
|
|
|
|
|
|
|
- name: Install client certificates
|
|
|
|
template:
|
|
|
|
src: files/certs/{{ item }}
|
|
|
|
dest: /etc/nebula/{{ item }}
|
|
|
|
mode: "0600"
|
|
|
|
loop:
|
2021-03-04 16:06:43 +00:00
|
|
|
- "{{ ansible_hostname }}.key"
|
|
|
|
- "{{ ansible_hostname }}.crt"
|
2021-01-30 20:06:31 +00:00
|
|
|
become: true
|
|
|
|
notify: restart nebula
|
|
|
|
|
2021-01-30 19:10:52 +00:00
|
|
|
- name: Enable service
|
|
|
|
service:
|
|
|
|
name: nebula
|
|
|
|
enabled: true
|
|
|
|
become: true
|