Multiple networks

[seanho00]

Fully parameterised using Ansible role vars or group_vars.

https://github.com/ho-ansible/ansible/issues/60

[seanho00]

See precedence rules.

One keyset per host, regardless of number of tinc networks. (Keys are read at runtime, so could relax this restriction by storing keys in tinc_keystore/tinc_network/inventory_hostname/.)

Vars for tinc.conf (e.g., network name, port, mode, ConnectTo) need to be specific to each tinc network.

Tinc host config (e.g., Address, static VPN IP) needs to be per-host and potentially per-network.

Use include_role to dynamically include the tinc role multiple times, with different sets of vars.

Store these var sets not in inventory, but as separate yaml files (named after each tinc network). Use an inventory var to specify which tinc networks apply, and hence which var files to include.

[seanho00]

Handle same host with different static IPs in different tinc networks?

Yes, see #6

[seanho00]

One issue with the host configs (tinc_name, keys, etc) is that they need to be read by other hosts (e.g., public keys for VPN servers need to be put on every other node in the VPN).

The current scheme of using hostvars to lookup these attributes does not handle multiple networks.

[seanho00]

Storing host config in hostvars means not using non-inventory config files, so better to keep all config within inventory.

Without resorting to hash_behaviour = merge, hashes in inventory are problematic; better to keep a flat variable hierarchy but with some sort of namespace schema.

How about: append tinc network name to a var to override the role default? E.g. for network MYNET, the inventory variable tinc_dns_MYNET overrides tinc_dns.