Created
November 17, 2017 20:45
-
-
Save Silvenga/6691e865c8f25fec3a70b3da53c32f0c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% set network = "master" %} | |
{% set id = grains['id'] %} | |
{% set interface = "Master" %} | |
{% set interfaceConfig = pillar['vAddress'] + " 255.255.0.0" %} | |
{% set tincBase = "C:\\Program Files (x86)\\tinc\\" %} | |
{% set configBase = tincBase + network + "\\" %} | |
{% set hostsPath = configBase + "hosts\\" %} | |
{% set port = "655" %} | |
Install Tinc: | |
pkg.installed: | |
- name: tinc | |
Tinc Path: | |
win_path.exists: | |
- name: {{ tincBase }} | |
- require: | |
- pkg: Install Tinc | |
{% for host in salt['mine.get']('*', 'tinc_export').items() %} | |
{% set name = host[0] %} | |
{% if name != id %} | |
Populate Host {{ name }}: | |
file.managed: | |
- name: {{ hostsPath }}{{ name }} | |
- source: salt://{{ tpldir }}/config/host.template | |
- template: jinja | |
- makedirs: true | |
- defaults: | |
interfaceConfig: {{ interfaceConfig }} | |
interface: {{ interface }} | |
id: {{ id }} | |
port: {{ port }} | |
hostName: {{ name }} | |
mineName: tinc_export | |
- require: | |
- pkg: Install Tinc | |
{% endif %} | |
{% endfor %} | |
{% for host in salt['mine.get']('*', 'tinc_export_slave').items() %} | |
{% set name = host[0] + "slave" %} | |
{% if name != id %} | |
Populate Host {{ name }}: | |
file.managed: | |
- name: {{ hostsPath }}{{ name }} | |
- source: salt://{{ tpldir }}/config/host.template | |
- template: jinja | |
- makedirs: true | |
- defaults: | |
interfaceConfig: {{ interfaceConfig }} | |
interface: {{ interface }} | |
id: {{ id }} | |
port: {{ port }} | |
hostName: {{ host[0] }} | |
mineName: tinc_export_slave | |
- require: | |
- pkg: Install Tinc | |
{% endif %} | |
{% endfor %} | |
Init Tinc: | |
cmd.run: | |
- name: tinc -n {{ network }} init {{ grains['id'] }} | |
- creates: | |
- {{ configBase }}ed25519_key.priv | |
- {{ configBase }}rsa_key.priv | |
- {{ hostsPath }}{{ grains['id'] }} | |
- require: | |
- win_path: Tinc Path | |
Configure Tinc: | |
file.managed: | |
- name: {{ configBase }}tinc.conf | |
- source: salt://{{ tpldir }}/config/tinc.conf | |
- template: jinja | |
- defaults: | |
interfaceConfig: {{ interfaceConfig }} | |
interface: {{ interface }} | |
network: {{ network }} | |
id: {{ id }} | |
port: {{ port }} | |
- require: | |
- cmd: Init Tinc | |
Configure Up Script: | |
file.managed: | |
- name: {{ configBase }}tinc-up.bat | |
- source: salt://{{ tpldir }}/config/windows/tinc-up.bat | |
- template: jinja | |
- defaults: | |
interfaceConfig: {{ interfaceConfig }} | |
interface: {{ interface }} | |
network: {{ network }} | |
id: {{ id }} | |
port: {{ port }} | |
- require: | |
- pkg: Install Tinc | |
Add Address: | |
cmd.run: | |
- name: tinc -n {{ network }} add address {{ grains['id'] }}.silvenga.net | |
- unless: tinc -n {{ network }} get address | |
- require: | |
- cmd: Init Tinc | |
Log Directory: | |
file.directory: | |
- name: {{ tincBase }}log | |
Install Tap Cert: | |
win_pki.import_cert: | |
- name: salt://{{ tpldir }}/config/windows/openvpn-tap.cer | |
- cert_format: cer | |
- context: LocalMachine | |
- store: TrustedPublisher | |
Create Tap Device: | |
cmd.run: | |
- name: cmd.exe /c 'tapinstall.exe install OemWin2k.inf tap0901' | |
- cwd: C:\Program Files (x86)\tinc\tap-win64\ | |
- onlyif: get-wmiobject win32_networkadapter | ? { $_.netconnectionid -eq "{{ interface }}" } | % { exit 1 } | |
- shell: powershell | |
- require: | |
- win_pki: Install Tap Cert | |
Rename Tap Device: | |
cmd.run: | |
- name: get-wmiobject win32_networkadapter | ? { $_.ServiceName -eq "tap0901" } | select -first 1 | % { $_.NetConnectionID = "{{ interface }}"; $_.Put() } | |
- onlyif: get-wmiobject win32_networkadapter | ? { $_.netconnectionid -eq "{{ interface }}" } | % { exit 1 } | |
- shell: powershell | |
- require: | |
- cmd: Create Tap Device | |
Remove Bad State Service: | |
cmd.run: | |
- name: tinc -n {{ network }} stop | |
- unless: Get-Service | ?{ ($_.Status -ne "Running") -and ($_.Name -eq "tinc.{{ network }}") } | %{ exit 1 } | |
- shell: powershell | |
- require: | |
- cmd: Create Tap Device | |
Ensure Service Installed: | |
cmd.run: | |
- name: tinc -n {{ network }} start --logfile | |
- onlyif: Get-Service | ? { $_.Name -eq "tinc.{{ network }}" } | %{ exit 1 } | |
- shell: powershell | |
- require: | |
- cmd: Remove Bad State Service | |
Restart Tinc Service: | |
service.running: | |
- name: tinc.{{ network }} | |
- enable: True | |
- watch: | |
- file: Configure Tinc | |
- cmd: Rename Tap Device | |
- require: | |
- cmd: Ensure Service Installed | |
Enable Firewall Tinc TCP: | |
win_firewall.add_rule: | |
- name: Tinc (TCP) | |
- localport: 655 | |
- protocol: tcp | |
Enable Firewall Tinc UDP: | |
win_firewall.add_rule: | |
- name: Tinc (UDP) | |
- localport: 655 | |
- protocol: udp | |
Set Network Type To Private: | |
cmd.run: | |
- name: Get-NetConnectionProfile | ?{$_.InterfaceAlias -eq 'Master' -and $_.NetworkCategory -ne 'Private'} | Set-NetConnectionProfile -NetworkCategory Private | |
- unless: Get-NetConnectionProfile | ?{$_.InterfaceAlias -eq 'Master' -and $_.NetworkCategory -ne 'Private'} | %{ exit 1 } | |
- shell: powershell | |
- require: | |
- service: Restart Tinc Service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment