Set up Zerotier Control UI

Install/configure ztncui[1], with HTTP access allowed from within the private network. [1]: https://key-networks.com/ztncui/
2021-02-07 17:44:08 +01:00 · 2021-02-07 17:44:08 +01:00 · e1bcd5efa0
commit e1bcd5efa0
parent 241f0807b3
5 changed files with 51 additions and 3 deletions
--- a/nodes/zerotier-1.json
+++ b/nodes/zerotier-1.json
@ -12,13 +12,14 @@
    "hostname": "zerotier-1",
    "ipaddress": "192.168.122.72",
    "roles": [
-
+      "zerotier_controller"
    ],
    "recipes": [
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_zerotier::controller",
      "kosmos_zerotier::firewall",
+      "kosmos_zerotier::zncui",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
@ -52,4 +53,4 @@
    "recipe[kosmos-base]",
    "role[zerotier_controller]"
  ]
-}
+}
--- a/roles/zerotier_controller.rb
+++ b/roles/zerotier_controller.rb
@ -3,4 +3,5 @@ name "zerotier_controller"
 run_list %w(
  kosmos_zerotier::controller
  kosmos_zerotier::firewall
+  kosmos_zerotier::zncui
 )
--- a/site-cookbooks/kosmos_zerotier/attributes/default.rb
+++ b/site-cookbooks/kosmos_zerotier/attributes/default.rb
@ -1 +1,6 @@
-node.default["kosmos_zerotier"]["server_port"] = 9993
+node.default['kosmos_zerotier']['server_port'] = 9993
+
+node.default['ztncui']['version'] = '0.6.6'
+node.default['ztncui']['checksum'] = 'fa83679266a571c10e13b11293ebfb9d1c3515019f2af1e7dd066b5a37411018'
+node.default['ztncui']['http_all_interfaces'] = true
+node.default['ztncui']['http_allow_access_from'] = '10.1.1.0/24'
--- a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb
+++ b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb
@ -0,0 +1,40 @@
+#
+# Cookbook:: kosmos_zerotier
+# Recipe:: zncui
+#
+
+package_path = "/opt/ztncui_#{node['ztncui']['version']}_amd64.deb"
+
+remote_file package_path do
+  source "https://s3-us-west-1.amazonaws.com/key-networks/deb/ztncui/1/x86_64/ztncui_#{node['ztncui']['version']}_amd64.deb"
+  checksum node['ztncui']['checksum']
+  action :create_if_missing
+  notifies :run, 'bash[install_ztncui_package]', :immediately
+end
+
+bash 'install_ztncui_package' do
+ code "apt-get install -y #{package_path}"
+ action :nothing
+end
+
+service "ztncui" do
+  action [:enable, :start]
+end
+
+template '/opt/key-networks/ztncui/.env' do
+  source 'ztncui.env.erb'
+  mode '0644'
+  variables http_all_interfaces: node['ztncui']['http_all_interfaces']
+  notifies :restart, 'service[ztncui]', :delayed
+end
+
+include_recipe 'kosmos-base::firewall'
+
+if node['ztncui']['http_allow_access_from']
+  firewall_rule 'zncui_http' do
+    port     3000
+    protocol :tcp
+    command  :allow
+    source   node['ztncui']['http_allow_access_from']
+  end
+end
--- a/site-cookbooks/kosmos_zerotier/templates/ztncui.env.erb
+++ b/site-cookbooks/kosmos_zerotier/templates/ztncui.env.erb
@ -0,0 +1 @@
+<% if @http_all_interfaces %>HTTP_ALL_INTERFACES=yes<% end %>
				`@ -0,0 +1 @@`
				`<% if @http_all_interfaces %>HTTP_ALL_INTERFACES=yes<% end %>`