Ansible role: tinc

Ansible role to configure tinc mesh VPN

DEPRECATED

I've switched to Wireguard, so this ansible role is no longer maintained.

Requirements

Only tested on Debian stable, for now.

Role variables

Network names may only have the characters [a-zA-Z0-9_]+ (no hyphens). Hosts may belong to multiple tinc networks; the default playbook applies the role once for each network.

Network config

• tinc_subnet_ (e.g., 192.168.2): the first 3 quads of a /24 (for now)
  • This is mandatory
• tinc_mode_: switch or router
• tinc_domain_ (e.g., mynet.vpn): DNS domain name of VPN (can be internal)
• tinc_dns_ (e.g., 192.168.2.1): IP of DNS server on VPN

Host config

• tinc_port_ (e.g., 655): port to listen on
• tinc_ip_ (e.g., 192.168.2.10): static IP
• tinc_name_ (e.g., myhost): name in tinc, if different from inventory_hostname
• tinc_addresses_ (e.g., [10.0.0.1]): list of Address lines for other nodes to connect
• tinc_subnets_ (e.g., [192.168.2.0/24]): list of Subnet lines for routing

Inventory Groups

• tinc_nodes_: all nodes in the given network
• tinc_servers_: just the servers (hosts to Connect to)

Misc

• tinc_keystore: dir to store RSA/ED25519 keys

Playbooks

• main.yml: apply role
• restart.yml: restart daemon
• uninstall.yml: remove. Run this before removing tinc config from inventory.

Dependencies

• ho-ansible.iptables
• ho-ansible.systemd-networkd

License

Ansible role licensed MIT.

Author Information

Sean Ho, https://github.com/ho-ansible/