Merge pull request #3 from Trozz/master

merge upstream

Author: a-mcf

defaults/main.yml

@@ -5,6 +5,9 @@ nebula_version: 1.5.0
 # force overwrite
 nebula_force_install: false
 
+# location of the nebula binaries
+nebula_bin_directory: /bin
+
 # this will cause net.ipv4.ip_forward to be set to 1 to allow unsafe routes
 enable_ip_forward: false
 

tasks/main.yml

@@ -8,39 +8,51 @@
   notify:
     - Restart_nebula
 
+- name: Ensure nebula bin directory exists
+  file:
+    path: "{{ nebula_bin_directory }}"
+    state: directory
+
 - name: Download release from Github (x86)
   unarchive:
     src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-{{ ansible_system|lower }}-amd64.tar.gz
-    dest: /bin
+    dest: "{{ nebula_bin_directory }}"
     remote_src: yes
     mode: 0755
-    creates: "{{ '/bin/nebula' if nebula_force_install == false else '' }}"
+    creates: "{{ (nebula_bin_directory + '/nebula') if nebula_force_install == false else '' }}"
   when: ansible_architecture == "x86_64"
 
 - name: Download release from Github (arm64)
   unarchive:
     src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-{{ ansible_system|lower }}-arm64.tar.gz
-    dest: /bin
+    dest: "{{ nebula_bin_directory }}"
     remote_src: yes
     mode: 0755
-    creates: "{{ '/bin/nebula' if nebula_force_install == false else '' }}"
+    creates: "{{ (nebula_bin_directory + '/nebula') if nebula_force_install == false else '' }}"
   when: ansible_architecture == "armv64" or ansible_architecture == "aarch64"
 
 - name: Download release from Github (arm7)
   unarchive:
     src: https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-{{ ansible_system|lower }}-arm-7.tar.gz
-    dest: /bin
+    dest: "{{ nebula_bin_directory }}"
     remote_src: yes
     mode: 0755
-    creates: "{{ '/bin/nebula' if nebula_force_install == false else '' }}"
+    creates: "{{ (nebula_bin_directory + '/nebula') if nebula_force_install == false else '' }}"
   when: ansible_architecture == "armv7l"
 
 - name: Set correct user and group on the nebula binary
   ansible.builtin.file:
-    path: /bin/nebula
+    path: "{{ nebula_bin_directory }}/nebula"
     owner: root
     group: root
-    mode: "0750"
+    mode: '0750'
+
+- name: Set correct user and group on the nebula-cert binary
+  ansible.builtin.file:
+    path: "{{ nebula_bin_directory }}/nebula-cert"
+    owner: root
+    group: root
+    mode: '0750'
 
 - name: Create configuration directory
   file:
@@ -60,7 +72,7 @@
     - Restart_nebula
 
 - name: Verify configuration
-  ansible.builtin.command: /bin/nebula -test -config /etc/nebula/config.yaml 1>/dev/null
+  ansible.builtin.command: "{{ nebula_bin_directory }}/nebula -test -config /etc/nebula/config.yaml 1>/dev/null"
   changed_when: false
 
 - name: Deploy systemd template

templates/nebula.service.j2

@@ -8,7 +8,7 @@ SyslogIdentifier=nebula
 StandardOutput=syslog
 StandardError=syslog
 ExecReload=/bin/kill -HUP $MAINPID
-ExecStart=/bin/nebula -config /etc/nebula/config.yaml
+ExecStart={{ nebula_bin_directory }}/nebula -config /etc/nebula/config.yaml
 Restart=always
 
 [Install]