add host dependent config vars

roles/tinc-common/defaults/main.yaml

@@ -4,10 +4,9 @@
 ansible_host: '{{ ansible_ssh_host | default("") }}'
 
 config_dir: /etc/tinc/{{ vpn_name }}/config
-all_config_dir: "{{ config_dir }}/all"
+all_config_dir: "{{ config_dir }}/_all"
 
-tinc_host: '{{ tinc_hostname | replace(".", "_") }}'
+tinc_host: '{{ inventory_hostname | replace(".", "_") }}'
 host_config_dir: "{{ config_dir }}/{{ tinc_host }}"
 
-tinc_type: 'client'
 tinc_indirect: 'no'

roles/tinc-common/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+
+#- name: Load common vars
+#  include_vars: >
+#    common.yml
+
+- name: Load os dependent vars
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "os_{{ os_family }}.yml"
+    - "os_{{ ansible_os_family }}.yml"
+    - "os_default.yml"

roles/tinc-common/vars/common.yml

@@ -0,0 +1,2 @@
+---
+

roles/tinc-common/vars/os_Android.yml

@@ -0,0 +1,3 @@
+---
+
+os_shell: '/system/bin/sh'

roles/tinc-common/vars/os_default.yml

@@ -0,0 +1,3 @@
+---
+
+os_shell: '/bin/sh'

roles/tinc-config/tasks/main.yml

@@ -64,6 +64,7 @@
     - host-down
     - subnet-up
     - subnet-down
+    - common.sh
 
 - name: Build hosts.snip
   template: >
@@ -80,7 +81,7 @@
 - name: Remote TMP dir
   command: rm -f {{ all_config_dir }}/*
 
-- name: Pack client configs
+- name: Pack configs
   shell: tar -czf {{ config_dir }}/{{ tinc_host }}.tar.gz .
   args:
     chdir: "{{ host_config_dir }}"

roles/tinc-config/templates/common.sh.j2

@@ -0,0 +1,16 @@
+#!{{ os_shell }}
+
+## variable provided by tinc
+#NETNAME=
+#NAME=
+#DEVICE=
+#INTERFACE=
+#NODE=
+#REMOTEADDRESS=
+#REMOTEPORT=
+#SUBNET=
+#WEIGHT=
+
+## our config variables
+VPN_IPADDR="{{ tinc_ip }}"
+VPN_HOSTNAME="{{ tinc_hostname }}"

roles/tinc-config/templates/host-down.j2

@@ -1,11 +1,17 @@
-#!/bin/sh
+#!{{ os_shell }}
 #
 # {{ ansible_managed }}
 
-SN="host-down"
+# start user handler scripts
+#	/etc/tinc/<handler>.<vpn_name>
+#	/etc/tinc/<handler>
+# stop processing if script returns 99
+SN='host-down'
 DN=`dirname "$0"`
 DN=`dirname "$DN"`
 [ -e $DN/$SN.{{ vpn_name }} ] && $DN/$SN.{{ vpn_name }} "$@"
+[ "$?" = "99" ] && exit 0
 [ -e $DN/$SN ] && $DN/$SN "$@"
+[ "$?" = "99" ] && exit 0
 
 exit 0

roles/tinc-config/templates/host-up.j2

@@ -1,11 +1,17 @@
-#!/bin/sh
+#!{{ os_shell }}
 #
 # {{ ansible_managed }}
 
-SN="host-up"
+# start user handler scripts
+#	/etc/tinc/<handler>.<vpn_name>
+#	/etc/tinc/<handler>
+# stop processing if script returns 99
+SN='host-up'
 DN=`dirname "$0"`
 DN=`dirname "$DN"`
 [ -e $DN/$SN.{{ vpn_name }} ] && $DN/$SN.{{ vpn_name }} "$@"
+[ "$?" = "99" ] && exit 0
 [ -e $DN/$SN ] && $DN/$SN "$@"
+[ "$?" = "99" ] && exit 0
 
 exit 0

roles/tinc-config/templates/host.conf.j2

@@ -6,7 +6,18 @@ IndirectData = {{ tinc_indirect }}
 
 {% if tinc_remote is defined %}
 Address = {{ tinc_remote }}
-{% else %}
+{% elif ansible_host != "" %}
 Address = {{ ansible_host }}
 {% endif %}
-Subnet = {{ tinc_ip }}/{{ tinc_subnet }}
+
+{% if tinc_subnet is defined %}
+{% if tinc_subnet is iterable %}
+{% for subnet in tinc_subnet %}
+Subnet = {{ subnet }}
+{% endfor %}
+{% else %}
+Subnet = {{ tinc_subnet }}
+{% endif %}
+{% else %}
+Subnet = {{ tinc_ip }}/32
+{% endif %}

roles/tinc-config/templates/hosts.snip.j2

@@ -2,7 +2,9 @@
 ## {{ ansible_managed }}
 
 {% for host in groups['all'] %}
+{% if hostvars[host]['tinc_hostname'] is defined %}
 {{ hostvars[host]['tinc_ip'] }} {{ hostvars[host]['tinc_hostname'] }}
+{% endif %}
 {% endfor %}
 
 ##

roles/tinc-config/templates/subnet-down.j2

@@ -1,11 +1,20 @@
-#!/bin/sh
+#!{{ os_shell }}
 #
 # {{ ansible_managed }}
 
-SN="subnet-down"
+# start user handler scripts
+#	/etc/tinc/<handler>.<vpn_name>
+#	/etc/tinc/<handler>
+# stop processing if script returns 99
+SN='subnet-down'
 DN=`dirname "$0"`
 DN=`dirname "$DN"`
 [ -e $DN/$SN.{{ vpn_name }} ] && $DN/$SN.{{ vpn_name }} "$@"
+[ "$?" = "99" ] && exit 0
 [ -e $DN/$SN ] && $DN/$SN "$@"
+[ "$?" = "99" ] && exit 0
+
+# remove selective route
+ip route del "$SUBNET" via "{{ tinc_ip }}" dev "$INTERFACE"
 
 exit 0

roles/tinc-config/templates/subnet-up.j2

@@ -1,11 +1,20 @@
-#!/bin/sh
+#!{{ os_shell }}
 #
 # {{ ansible_managed }}
 
-SN="subnet-up"
+# start user handler scripts
+#	/etc/tinc/<handler>.<vpn_name>
+#	/etc/tinc/<handler>
+# stop processing if script returns 99
+SN='subnet-up'
 DN=`dirname "$0"`
 DN=`dirname "$DN"`
 [ -e $DN/$SN.{{ vpn_name }} ] && $DN/$SN.{{ vpn_name }} "$@"
+[ "$?" = "99" ] && exit 0
 [ -e $DN/$SN ] && $DN/$SN "$@"
+[ "$?" = "99" ] && exit 0
+
+# add selective route
+ip route add "$SUBNET" via "{{ tinc_ip }}" dev "$INTERFACE"
 
 exit 0

roles/tinc-config/templates/tinc-down.j2

@@ -1,13 +1,19 @@
-#!/bin/sh
+#!{{ os_shell }}
 #
 # {{ ansible_managed }}
 
-ifconfig $INTERFACE down
-
-SN="tinc-down"
+# start user handler scripts
+#	/etc/tinc/<handler>.<vpn_name>
+#	/etc/tinc/<handler>
+# stop processing if script returns 99
+SN='tinc-down'
 DN=`dirname "$0"`
 DN=`dirname "$DN"`
 [ -e $DN/$SN.{{ vpn_name }} ] && $DN/$SN.{{ vpn_name }} "$@"
+[ "$?" = "99" ] && exit 0
 [ -e $DN/$SN ] && $DN/$SN "$@"
+[ "$?" = "99" ] && exit 0
+
+ifconfig $INTERFACE down
 
 exit 0

roles/tinc-config/templates/tinc-up.j2

@@ -1,14 +1,26 @@
-#!/bin/sh
+#!{{ os_shell }}
 #
 # {{ ansible_managed }}
 
-ifconfig $INTERFACE {{ tinc_ip }} netmask 255.255.255.0
-
-SN="tinc-up"
+# start user handler scripts
+#	/etc/tinc/<handler>.<vpn_name>
+#	/etc/tinc/<handler>
+# stop processing if script returns 99
+SN='tinc-up'
 DN=`dirname "$0"`
 DN=`dirname "$DN"`
 [ -e $DN/$SN.{{ vpn_name }} ] && $DN/$SN.{{ vpn_name }} "$@"
+[ "$?" = "99" ] && exit 0
 [ -e $DN/$SN ] && $DN/$SN "$@"
+[ "$?" = "99" ] && exit 0
+
+ifconfig $INTERFACE {{ tinc_ip }} netmask 255.255.255.0
+
+{% if tinc_subnet is defined and tinc_subnet is iterable %}
+# disable rp filter if serving multiple subnets
+sysctl -w net.ipv4.conf.$ARG_DEV.rp_filter=0
+
+{% endif %}
 
 # append hosts as needed
 #if [ -f /etc/tinc/{{ vpn_name }}/hosts.snip ] \

roles/tinc-config/templates/tinc.conf.j2

@@ -16,9 +16,7 @@ DecrementTTL = no
 LocalDiscovery = yes
 
 {% for host in groups['all'] %}
-{% if (hostvars[host]['tinc_type'] | default('client')) == 'gw' %}
-{% if tinc_hostname != hostvars[host]['tinc_hostname'] %}
-ConnectTo = {{ hostvars[host]['tinc_hostname'] | replace(".", "_") }}
-{% endif %}
+{% if inventory_hostname != hostvars[host]['inventory_hostname'] and hostvars[host]['ansible_ssh_host'] is defined %}
+ConnectTo = {{ hostvars[host]['inventory_hostname'] | replace(".", "_") }}
 {% endif %}
 {% endfor %}

roles/tinc-gather/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+#dependencies:
+#  - role: tinc-common

roles/tinc-gather/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Get distribution info
+  set_fact: >
+    os_distribution="{ansible_distribution}"
+    os_family="{ansible_os_family}"
+    os_pkg_mgr="{ansible_pkg_mgr}"

site.yml

@@ -1,7 +1,13 @@
 ---
 
+# gather facts
+- hosts: '{{ vpn_name | default("UNDEFINED") }}'
+  roles:
+    - { role: 'tinc-gather', tags: 'gather', when: "ansible_ssh_host is defined" }
+
 # generate config for all hosts
 - hosts: '{{ vpn_name | default("UNDEFINED") }}'
+  gather_facts: no
   connection: local
   roles:
     - { role: 'tinc-config', tags: 'config' }