- name: Ensure /opt/nebula directory exists file: path: /opt/nebula state: directory mode: '0700' owner: root group: root - name: Check for existing Nebula install stat: path: '/opt/nebula/nebula' register: installed_nebula_stats - name: Get Nebula version (if installed) command: "/opt/nebula/nebula -version" register: installed_nebula_version_out changed_when: False failed_when: False when: installed_nebula_stats.stat.exists - name: Extract Nebula version from command output set_fact: installed_nebula_version: "{{ installed_nebula_version_out.stdout.split(' ')[1] }}" when: installed_nebula_stats.stat.exists - name: Download & Extract Nebula unarchive: src: "https://github.com/slackhq/nebula/releases/download/v{{ nebula_version }}/nebula-linux-{{ nebula_architectures[ansible_architecture] }}.tar.gz" dest: "/opt/nebula" remote_src: yes when: (installed_nebula_version|default(nebula_version) != nebula_version) or (not installed_nebula_stats.stat.exists) notify: restart nebula - name: Ensure Nebula binaries permissions are correct file: path: "/opt/nebula/{{ item }}" owner: root group: root mode: '0700' with_items: - nebula - nebula-cert - name: Generate SSH host key for Nebula debug console openssh_keypair: path: /opt/nebula/ssh_host_ed25519_key type: ed25519 owner: root group: root mode: '0600' when: nebula_sshd_enabled - name: Read SSH key files and build registry block: - name: Read all SSH key files slurp: src: "{{ item.1 }}" register: ssh_key_files failed_when: false loop: "{{ nebula_sshd_authorized_users | subelements('key_files', skip_missing=True) }}" - name: Build SSH key registry by username set_fact: nebula_sshd_key_registry: >- {{ nebula_sshd_key_registry | default({}) | combine({ result.item.0.user: (nebula_sshd_key_registry | default({})).get(result.item.0.user, []) + [result.content | b64decode | trim] }) }} loop: "{{ ssh_key_files.results | selectattr('content', 'defined') | list }}" loop_control: loop_var: result when: nebula_sshd_enabled