69 lines
1.5 KiB
YAML
69 lines
1.5 KiB
YAML
- name: Allow Nebula UDP traffic
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ nebula_port }}"
|
|
proto: udp
|
|
|
|
- name: Download Nebula release
|
|
unarchive:
|
|
src: "https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-linux-amd64.tar.gz"
|
|
dest: /usr/local/bin/
|
|
remote_src: true
|
|
creates: /usr/local/bin/nebula
|
|
include:
|
|
- nebula
|
|
- nebula-cert
|
|
|
|
- name: Create Nebula config directory
|
|
file:
|
|
path: /etc/nebula
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0700"
|
|
|
|
- name: Generate Nebula CA
|
|
command: >
|
|
nebula-cert ca
|
|
-name "linderhof"
|
|
-out-crt /etc/nebula/ca.crt
|
|
-out-key /etc/nebula/ca.key
|
|
args:
|
|
creates: /etc/nebula/ca.key
|
|
|
|
- name: Generate host certificate
|
|
command: >
|
|
nebula-cert sign
|
|
-ca-crt /etc/nebula/ca.crt
|
|
-ca-key /etc/nebula/ca.key
|
|
-name "lighthouse"
|
|
-ip "{{ nebula_lighthouse_ip }}/{{ nebula_subnet.split('/')[1] }}"
|
|
-out-crt /etc/nebula/host.crt
|
|
-out-key /etc/nebula/host.key
|
|
args:
|
|
creates: /etc/nebula/host.key
|
|
|
|
- name: Deploy Nebula config
|
|
template:
|
|
src: config.yml.j2
|
|
dest: /etc/nebula/config.yml
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
notify: Restart nebula
|
|
|
|
- name: Deploy Nebula systemd unit
|
|
template:
|
|
src: nebula.service.j2
|
|
dest: /etc/systemd/system/nebula.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Restart nebula
|
|
|
|
- name: Enable and start Nebula
|
|
systemd:
|
|
name: nebula
|
|
enabled: true
|
|
state: started
|
|
daemon_reload: true
|