From 3f76c8bf8b8e7044c05bc5a25e3ff0d917b97dcb Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Tue, 3 Sep 2024 20:18:26 +0100
Subject: [PATCH 1/5] Add role to install clatd

---
 .../competitorsvcs.studentrobotics.org.yml    |  4 +++
 playbook.yml                                  |  1 +
 roles/clatd/README.md                         |  5 ++++
 roles/clatd/defaults/main.yml                 |  1 +
 roles/clatd/handlers/main.yml                 |  4 +++
 roles/clatd/tasks/main.yml                    | 30 +++++++++++++++++++
 roles/clatd/templates/clatd.conf              |  0
 roles/clatd/vars/main.yml                     |  1 +
 8 files changed, 46 insertions(+)
 create mode 100644 roles/clatd/README.md
 create mode 100644 roles/clatd/defaults/main.yml
 create mode 100644 roles/clatd/handlers/main.yml
 create mode 100644 roles/clatd/tasks/main.yml
 create mode 100644 roles/clatd/templates/clatd.conf
 create mode 100644 roles/clatd/vars/main.yml

diff --git a/host_vars/competitorsvcs.studentrobotics.org.yml b/host_vars/competitorsvcs.studentrobotics.org.yml
index e586f5a..ca2cc0d 100644
--- a/host_vars/competitorsvcs.studentrobotics.org.yml
+++ b/host_vars/competitorsvcs.studentrobotics.org.yml
@@ -11,3 +11,7 @@ add_hsts_header: true
 certbot_certs:
   - domains:
       - "{{ canonical_hostname }}"
+
+# Mythic have additionally routed this IP to the VM
+clatd_conf: |
+  clat-v6-addr=2a00:1098:80:bc::2
diff --git a/playbook.yml b/playbook.yml
index 5f68400..eb3977d 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -20,6 +20,7 @@
   roles:
     - competitor-services-nginx
     - code-submitter
+    - clatd
     - discord-bot
 
 - name: Kit services
diff --git a/roles/clatd/README.md b/roles/clatd/README.md
new file mode 100644
index 0000000..6816b3c
--- /dev/null
+++ b/roles/clatd/README.md
@@ -0,0 +1,5 @@
+# [`clatd`](https://github.com/toreanderson/clatd)
+
+A CLAT / SIIT-DC Edge Relay implementation for Linux.
+
+Used to provide IPv4 outbound connectivity to an IPv6-only VM.
diff --git a/roles/clatd/defaults/main.yml b/roles/clatd/defaults/main.yml
new file mode 100644
index 0000000..66f3064
--- /dev/null
+++ b/roles/clatd/defaults/main.yml
@@ -0,0 +1 @@
+clatd_conf: ""
diff --git a/roles/clatd/handlers/main.yml b/roles/clatd/handlers/main.yml
new file mode 100644
index 0000000..27fdca0
--- /dev/null
+++ b/roles/clatd/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart clatd
+  service:
+    name: clatd
+    state: restarted
diff --git a/roles/clatd/tasks/main.yml b/roles/clatd/tasks/main.yml
new file mode 100644
index 0000000..0c03353
--- /dev/null
+++ b/roles/clatd/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: Download
+  git:
+    repo: https://github.com/toreanderson/clatd
+    dest: "{{ install_dir }}"
+    force: true
+    version: 3ea303b5210bf701df30323933c86f9ffe4d3dd4
+  notify: Restart clatd
+  register: clatd_repo
+
+- name: Install
+  community.general.make:
+    chdir: "{{ install_dir }}"
+    targets:
+      - installdeps  # Install system dependencies
+      - install  # Install clatd
+  when: clatd_repo.changed  # noqa: no-handler - Use a handler to ensure execution order
+  notify: Restart clatd
+
+- name: Install configuration
+  copy:
+    content: "{{ clatd_conf }}"
+    dest: /etc/clatd.conf
+    mode: "0644"
+  notify: Restart clatd
+
+- name: Enable service
+  service:
+    name: clatd
+    state: started
+    enabled: true
diff --git a/roles/clatd/templates/clatd.conf b/roles/clatd/templates/clatd.conf
new file mode 100644
index 0000000..e69de29
diff --git a/roles/clatd/vars/main.yml b/roles/clatd/vars/main.yml
new file mode 100644
index 0000000..ad5abb6
--- /dev/null
+++ b/roles/clatd/vars/main.yml
@@ -0,0 +1 @@
+install_dir: /opt/clatd

From 117d39bf0813161846e30a29bca0a5dea15bcc10 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 5 Sep 2024 19:46:20 +0100
Subject: [PATCH 2/5] Improve documentation on `clat-v6-addr`

---
 roles/clatd/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/clatd/README.md b/roles/clatd/README.md
index 6816b3c..9aa9484 100644
--- a/roles/clatd/README.md
+++ b/roles/clatd/README.md
@@ -3,3 +3,5 @@
 A CLAT / SIIT-DC Edge Relay implementation for Linux.
 
 Used to provide IPv4 outbound connectivity to an IPv6-only VM.
+
+It's likely `clat-v6-addr` will need to be configured to assign the correct IP to the created `clat` interface. This may require an additional IPv6 address be routed to the VM. This is configured with the `clatd_conf` variable.

From 45d3e3e1c0b9bccc8c1b5a74054a405118ee45e3 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 5 Sep 2024 19:46:41 +0100
Subject: [PATCH 3/5] Remove empty file

This was left over from development
---
 roles/clatd/templates/clatd.conf | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 roles/clatd/templates/clatd.conf

diff --git a/roles/clatd/templates/clatd.conf b/roles/clatd/templates/clatd.conf
deleted file mode 100644
index e69de29..0000000

From a544b9de7cde3dfaa88e45db32f85a1ee9baa9a0 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 5 Sep 2024 20:34:55 +0100
Subject: [PATCH 4/5] Use version file to make clatd install idempotent

---
 roles/clatd/tasks/main.yml | 23 +++++++++++++++++++++--
 roles/clatd/vars/main.yml  |  1 +
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/roles/clatd/tasks/main.yml b/roles/clatd/tasks/main.yml
index 0c03353..7b3d624 100644
--- a/roles/clatd/tasks/main.yml
+++ b/roles/clatd/tasks/main.yml
@@ -4,8 +4,19 @@
     dest: "{{ install_dir }}"
     force: true
     version: 3ea303b5210bf701df30323933c86f9ffe4d3dd4
-  notify: Restart clatd
   register: clatd_repo
+  notify: Restart clatd
+
+- name: Get installed version (if installed)
+  slurp:
+    src: "{{ installed_version_file }}"
+  ignore_errors: true  # Ignore if the file is missing, since it's about to be created
+  register: installed_version_slurp
+
+- name: Resolve installed version
+  set_fact:
+    installed_version: "{{ installed_version_slurp.content | b64decode }}"
+  when: not installed_version_slurp.failed
 
 - name: Install
   community.general.make:
@@ -13,8 +24,16 @@
     targets:
       - installdeps  # Install system dependencies
       - install  # Install clatd
-  when: clatd_repo.changed  # noqa: no-handler - Use a handler to ensure execution order
+  when: installed_version is not defined or clatd_repo.after not in installed_version  # noqa: no-handler - Use a handler to ensure execution order
   notify: Restart clatd
+  register: install_clatd
+
+- name: Update installed version
+  copy:
+    content: "{{ clatd_repo.after }}"
+    dest: "{{ installed_version_file }}"
+    mode: "0644"
+  when: install_clatd.changed   # noqa: no-handler - Use a handler to ensure execution order
 
 - name: Install configuration
   copy:
diff --git a/roles/clatd/vars/main.yml b/roles/clatd/vars/main.yml
index ad5abb6..9993952 100644
--- a/roles/clatd/vars/main.yml
+++ b/roles/clatd/vars/main.yml
@@ -1 +1,2 @@
 install_dir: /opt/clatd
+installed_version_file: /opt/clatd.version

From 869a2d0f4d555274ee4b2b8570ae5750a35d1afc Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 5 Sep 2024 21:27:17 +0100
Subject: [PATCH 5/5] Only require specific clatd address to be defined

YAGNAE
---
 host_vars/competitorsvcs.studentrobotics.org.yml | 3 +--
 roles/clatd/README.md                            | 2 +-
 roles/clatd/defaults/main.yml                    | 1 -
 roles/clatd/tasks/main.yml                       | 4 ++--
 roles/clatd/templates/clatd.conf                 | 3 +++
 5 files changed, 7 insertions(+), 6 deletions(-)
 delete mode 100644 roles/clatd/defaults/main.yml
 create mode 100644 roles/clatd/templates/clatd.conf

diff --git a/host_vars/competitorsvcs.studentrobotics.org.yml b/host_vars/competitorsvcs.studentrobotics.org.yml
index ca2cc0d..adc169e 100644
--- a/host_vars/competitorsvcs.studentrobotics.org.yml
+++ b/host_vars/competitorsvcs.studentrobotics.org.yml
@@ -13,5 +13,4 @@ certbot_certs:
       - "{{ canonical_hostname }}"
 
 # Mythic have additionally routed this IP to the VM
-clatd_conf: |
-  clat-v6-addr=2a00:1098:80:bc::2
+clat_v6_addr: 2a00:1098:80:bc::2
diff --git a/roles/clatd/README.md b/roles/clatd/README.md
index 9aa9484..00e7f8c 100644
--- a/roles/clatd/README.md
+++ b/roles/clatd/README.md
@@ -4,4 +4,4 @@ A CLAT / SIIT-DC Edge Relay implementation for Linux.
 
 Used to provide IPv4 outbound connectivity to an IPv6-only VM.
 
-It's likely `clat-v6-addr` will need to be configured to assign the correct IP to the created `clat` interface. This may require an additional IPv6 address be routed to the VM. This is configured with the `clatd_conf` variable.
+It's likely `clat-v6-addr` will need to be configured to assign the correct IP to the created `clat` interface. This may require an additional IPv6 address be routed to the VM.
diff --git a/roles/clatd/defaults/main.yml b/roles/clatd/defaults/main.yml
deleted file mode 100644
index 66f3064..0000000
--- a/roles/clatd/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-clatd_conf: ""
diff --git a/roles/clatd/tasks/main.yml b/roles/clatd/tasks/main.yml
index 7b3d624..cbec919 100644
--- a/roles/clatd/tasks/main.yml
+++ b/roles/clatd/tasks/main.yml
@@ -36,8 +36,8 @@
   when: install_clatd.changed   # noqa: no-handler - Use a handler to ensure execution order
 
 - name: Install configuration
-  copy:
-    content: "{{ clatd_conf }}"
+  template:
+    src: clatd.conf
     dest: /etc/clatd.conf
     mode: "0644"
   notify: Restart clatd
diff --git a/roles/clatd/templates/clatd.conf b/roles/clatd/templates/clatd.conf
new file mode 100644
index 0000000..b36510d
--- /dev/null
+++ b/roles/clatd/templates/clatd.conf
@@ -0,0 +1,3 @@
+{% if clat_v6_addr is defined %}
+clat-v6-addr={{ clat_v6_addr }}
+{% endif %}