ansible/roles/fastd/tasks/main.yml

---

- name: Create group
  group: name=fastd

- name: Create user
  user: name=fastd group=fastd

- name: Install fastd
  apt: name=fastd state=latest

- name: Install haveged (to create entropy)
  apt: name=haveged

- name: Systemd unit for fastd
  copy: src=fastd@.service dest=/etc/systemd/system/fastd@.service
  notify:
  - Reload systemd
  - Restart fastd

- name: Disable fastd default instance
  service: name=fastd enabled=no

- name: Create config directory
  file: path=/etc/fastd/{{ site_code }} state=directory

- name: Create config directories
  file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory
  with_sequence: start=0 count={{ fastd_instances }}

- name: Configure fastd
  template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf
  with_sequence: start=0 count={{ fastd_instances }}
  notify: Restart fastd

- name: Generate fastd secret
  fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf
  notify: Restart fastd

- name: Permissions (secret)
  file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf

- name: Create symlinks (secret)
  file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link
  with_sequence: start=0 count={{ fastd_instances }}

- name: Create Blacklist Script
  copy: src=blacklist.sh dest=/etc/fastd/{{ site_code }}/blacklist.sh mode=0755 force=yes

- name: Create symlinks (blacklist)
  file: src=/etc/fastd/{{ site_code }}/blacklist.sh dest=/etc/fastd/{{ site_code }}{{ item }}/blacklist.sh state=link
  with_sequence: start=0 count={{ fastd_instances }}

- name: Create Blacklist directory
  file: path=/etc/fastd/{{ site_code }}/vpn-blacklist/ state=directory

- name: Create Blacklist file
  copy: src=blacklist.json dest=/etc/fastd/{{ site_code }}/vpn-blacklist/blacklist.json mode=0644

- name: Enable fastd {{ site_code }}
  service: name=fastd@{{ site_code }}{{ item }} enabled=yes
  with_sequence: start=0 count={{ fastd_instances }}
Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00			`---`

fastd: run as user fastd 2018-07-26 17:59:49 +02:00			`- name: Create group`
			`group: name=fastd`

			`- name: Create user`
			`user: name=fastd group=fastd`

Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00			`- name: Install fastd`
Require debian stretch, drop backports, cleanup 2017-06-30 11:59:14 +02:00			`apt: name=fastd state=latest`
Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00
			`- name: Install haveged (to create entropy)`
			`apt: name=haveged`

Cleanup fastd role 2017-11-09 21:21:19 +01:00			`- name: Systemd unit for fastd`
			`copy: src=fastd@.service dest=/etc/systemd/system/fastd@.service`
Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00			`notify:`
			`- Reload systemd`
			`- Restart fastd`

Improve fastd service handling and default port 2017-03-27 23:29:09 +02:00			`- name: Disable fastd default instance`
			`service: name=fastd enabled=no`

fastd: run as user fastd 2018-07-26 17:59:49 +02:00			`- name: Create config directory`
Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00			`file: path=/etc/fastd/{{ site_code }} state=directory`

fastd: run as user fastd 2018-07-26 17:59:49 +02:00			`- name: Create config directories`
Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00			`file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory`
			`with_sequence: start=0 count={{ fastd_instances }}`
Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00
			`- name: Configure fastd`
Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00			`template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf`
			`with_sequence: start=0 count={{ fastd_instances }}`
Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00			`notify: Restart fastd`

			`- name: Generate fastd secret`
Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00			`fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf`
Add fastd role and depoly to test gateway 2017-03-26 21:33:16 +02:00			`notify: Restart fastd`
Improve fastd service handling and default port 2017-03-27 23:29:09 +02:00
fastd: run as user fastd 2018-07-26 17:59:49 +02:00			`- name: Permissions (secret)`
			`file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf`

Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00			`- name: Create symlinks (secret)`
			`file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link`
			`with_sequence: start=0 count={{ fastd_instances }}`

Implement proper Blacklist Configuration to fastd 2019-03-27 14:47:33 +01:00			`- name: Create Blacklist Script`
Blacklist refined, More shortcutters added 2019-04-27 14:44:14 +02:00			`copy: src=blacklist.sh dest=/etc/fastd/{{ site_code }}/blacklist.sh mode=0755 force=yes`
Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00
			`- name: Create symlinks (blacklist)`
			`file: src=/etc/fastd/{{ site_code }}/blacklist.sh dest=/etc/fastd/{{ site_code }}{{ item }}/blacklist.sh state=link`
			`with_sequence: start=0 count={{ fastd_instances }}`
fastd: make sure at least a dummy blacklist.sh is available 2018-01-14 20:23:08 +01:00
Implement proper Blacklist Configuration to fastd 2019-03-27 14:47:33 +01:00			`- name: Create Blacklist directory`
			`file: path=/etc/fastd/{{ site_code }}/vpn-blacklist/ state=directory`

			`- name: Create Blacklist file`
Adjusted Permissions 2019-03-27 15:16:32 +01:00			`copy: src=blacklist.json dest=/etc/fastd/{{ site_code }}/vpn-blacklist/blacklist.json mode=0644`
Implement proper Blacklist Configuration to fastd 2019-03-27 14:47:33 +01:00
Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00			`- name: Enable fastd {{ site_code }}`
			`service: name=fastd@{{ site_code }}{{ item }} enabled=yes`
			`with_sequence: start=0 count={{ fastd_instances }}`