infrastructure/ansible/roles/nebula/tasks/main.yml

63 lines
1.4 KiB
YAML

- name: Create config directory
file:
path: /etc/nebula
state: directory
mode: "0700"
become: true
- name: Install nebula
package:
name: nebula
when: ansible_os_family == 'Archlinux'
become: true
- name: Manually install nebula
block:
- name: Install binaries
unarchive:
src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-linux-amd64.tar.gz
dest: /usr/bin
remote_src: true
mode: "0755"
- name: Install service
get_url:
url: https://raw.githubusercontent.com/slackhq/nebula/v{{ nebula_version }}/dist/arch/nebula.service
dest: /usr/lib/systemd/system/nebula.service
mode: "0644"
when: ansible_os_family != 'Archlinux'
notify: restart nebula
become: true
- name: Install config
template:
src: files/nebula.yml
dest: /etc/nebula/config.yml
mode: "0600"
become: true
notify: restart nebula
- name: Install CA certificate
template:
src: files/ca.crt
dest: /etc/nebula/ca.crt
mode: "0600"
become: true
notify: restart nebula
- name: Install client certificates
template:
src: files/certs/{{ item }}
dest: /etc/nebula/{{ item }}
mode: "0600"
loop:
- "{{ ansible_hostname }}.key"
- "{{ ansible_hostname }}.crt"
become: true
notify: restart nebula
- name: Enable service
service:
name: nebula
enabled: true
become: true