Allow client-to-client to work with SNAT and masquerade (#179) #184
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
jobs: | |
check-syntax: | |
runs-on: ubuntu-latest | |
name: check-syntax | |
container: | |
image: diodonfrost/ansible-fedora:40 | |
env: | |
container: docker | |
volumes: | |
- /sys/fs/cgroup:/sys/fs/cgroup | |
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
- name: Setup ansible.posix collection for firewalld | |
run: ansible-galaxy collection install ansible.posix | |
- name: Setup community.general collection for ufw | |
run: ansible-galaxy collection install community.general | |
- name: Check syntax of ansible playbook | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml --syntax-check | |
build-rhel-like: | |
runs-on: ubuntu-latest | |
name: rhel-like-${{ matrix.version }} | |
needs: | |
- check-syntax | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
- "centos:stream9" | |
- "fedora:38" | |
- "fedora:39" | |
- "almalinux:9" | |
- "rockylinux:9" | |
container: | |
image: diodonfrost/ansible-${{ matrix.version }} | |
env: | |
container: docker | |
volumes: | |
- /sys/fs/cgroup:/sys/fs/cgroup | |
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
- name: Setup ansible.posix collection for firewalld | |
run: ansible-galaxy collection install ansible.posix | |
- name: Setup community.general collection for ufw | |
run: ansible-galaxy collection install community.general | |
- name: Make sure ansible connection is sane | |
run: ansible -m setup -c local -i 127.0.0.1, all | |
- name: Run ansible playbook | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
- name: Check idempotency | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
- name: Container state debug output | |
continue-on-error: true | |
run: | | |
ls -lR /etc/openvpn | |
echo "cat openvpn_udp_1194.conf" | |
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
echo "cat alpha-*.ovpn" | |
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
build-rhel-legacy: | |
runs-on: ubuntu-latest | |
name: rhel-legacy-${{ matrix.version }} | |
needs: | |
- check-syntax | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
- "almalinux:8" | |
- "rockylinux:8" | |
container: | |
image: diodonfrost/ansible-${{ matrix.version }} | |
env: | |
container: docker | |
volumes: | |
- /sys/fs/cgroup:/sys/fs/cgroup | |
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
- name: Update ansible | |
run: dnf install -y python39 && pip3.9 install -U ansible | |
- name: Setup ansible.posix collection for firewalld | |
run: ansible-galaxy collection install ansible.posix | |
- name: Setup community.general collection for ufw | |
run: ansible-galaxy collection install community.general | |
- name: Make sure ansible connection is sane | |
run: ansible -m setup -c local -i 127.0.0.1, all | |
- name: Run ansible playbook | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
- name: Check idempotency | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
- name: Container state debug output | |
continue-on-error: true | |
run: | | |
ls -lR /etc/openvpn | |
echo "cat openvpn_udp_1194.conf" | |
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
echo "cat alpha-*.ovpn" | |
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
# diodonfrost's images are broken for fedora 40 (thinks it's rawhide) and fedora 41 doesn't exist, so I built my own | |
build-broken-fedora: | |
runs-on: ubuntu-latest | |
name: fedora-${{ matrix.version }} | |
needs: | |
- check-syntax | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
- "fedora:40" | |
container: | |
image: ghcr.io/kyl191/ansible-${{ matrix.version }} | |
env: | |
container: docker | |
volumes: | |
- /sys/fs/cgroup:/sys/fs/cgroup | |
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
- name: Setup ansible.posix collection for firewalld | |
run: ansible-galaxy collection install ansible.posix | |
- name: Setup community.general collection for ufw | |
run: ansible-galaxy collection install community.general | |
- name: Make sure ansible connection is sane | |
run: ansible -m setup -c local -i 127.0.0.1, all | |
- name: Run ansible playbook | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
- name: Check idempotency | |
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
- name: Container state debug output | |
continue-on-error: true | |
run: | | |
ls -lR /etc/openvpn | |
echo "cat openvpn_udp_1194.conf" | |
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
echo "cat alpha-*.ovpn" | |
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; |