sprinterfreak/ansible-ffrgb
1
0
Fork 0
forked from FF-RGB/ansible
Code Pull Requests 1 Releases Activity

fastd: run as user fastd

Browse Source
This commit is contained in:
Markus 2018-07-26 17:59:49 +02:00
parent 1425383a90
commit 05a9eccc14
5 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/fastd-exporter/files/fastd-exporter.service
View File

@ -3,7 +3,7 @@ Description=fastd Exporter
[Service] [Service]
Type=simple Type=simple
User=fastd-exporter User=fastd
Environment=PATH=/usr/bin:/usr/local/bin Environment=PATH=/usr/bin:/usr/local/bin
EnvironmentFile=/etc/default/fastd-exporter EnvironmentFile=/etc/default/fastd-exporter
ExecStart=/opt/go/bin/fastd-exporter $OPTIONS ExecStart=/opt/go/bin/fastd-exporter $OPTIONS

3
roles/fastd-exporter/tasks/main.yml
View File

@ -1,8 +1,5 @@
--- ---
- name: Create user
user: name=fastd-exporter
- name: Install fastd-exporter - name: Install fastd-exporter
shell: /usr/local/go/bin/go get -v -u {{ fastd_exporter_source }} shell: /usr/local/go/bin/go get -v -u {{ fastd_exporter_source }}
args: args:

2
roles/fastd-exporter/templates/fastd-exporter.j2
View File

@ -1 +1 @@
OPTIONS="-metrics.perpeer -instances {{ site_code }}{{ range(fastd_instances)|join(',' + site_code) }}" OPTIONS="-instances {{ site_code }}{{ range(fastd_instances)|join(',' + site_code) }}"

16
roles/fastd/tasks/main.yml
View File

@ -1,5 +1,11 @@
--- ---
- name: Create group
group: name=fastd
- name: Create user
user: name=fastd group=fastd
- name: Install fastd - name: Install fastd
apt: name=fastd state=latest apt: name=fastd state=latest
@ -15,13 +21,16 @@
- name: Disable fastd default instance - name: Disable fastd default instance
service: name=fastd enabled=no service: name=fastd enabled=no
- name: Create directories - name: Create config directory
file: path=/etc/fastd/{{ site_code }} state=directory file: path=/etc/fastd/{{ site_code }} state=directory
- name: Create directories - name: Create config directories
file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory
with_sequence: start=0 count={{ fastd_instances }} with_sequence: start=0 count={{ fastd_instances }}
- name: Create socket directory
file: path=/run/fastd owner=fastd group=fastd state=directory
- name: Configure fastd - name: Configure fastd
template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf
with_sequence: start=0 count={{ fastd_instances }} with_sequence: start=0 count={{ fastd_instances }}
@ -31,6 +40,9 @@
fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf
notify: Restart fastd notify: Restart fastd
- name: Permissions (secret)
file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf
- name: Create symlinks (secret) - name: Create symlinks (secret)
file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link
with_sequence: start=0 count={{ fastd_instances }} with_sequence: start=0 count={{ fastd_instances }}

5
roles/fastd/templates/fastd.conf.j2
View File

@ -1,8 +1,11 @@
# {{ ansible_managed }} # {{ ansible_managed }}
user "fastd";
group "fastd";
log to syslog level warn; log to syslog level warn;
hide ip addresses yes; hide ip addresses yes;
status socket "/run/fastd-{{ site_code }}{{ item }}.sock"; status socket "/run/fastd/{{ site_code }}{{ item }}.sock";
interface "vpn-{{ site_code }}{{ item }}"; interface "vpn-{{ site_code }}{{ item }}";