HuehnerCloud/cloud-environments-example
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d225f220b5
cloud-environments-example/roles/vpn/tasks/server.yml
lhahn d225f220b5 Git initial commit
2023-08-20 10:30:41 +02:00

78 lines
2.0 KiB
YAML
Executable File
Raw Blame History

---
- name: find installed openvpn clients
find:
paths: "{{ vpn_home }}/client/"
patterns: "*.crt"
register: easyrsa_key_file
#- name: Setup default OpenVPN configuration
# shell:
# cmd: "gunzip -c {{ vpn_doc_examples }}/server.conf.gz > {{ vpn_home }}/server.conf"
# creates: "{{ vpn_home }}/server.conf"
- name: Setup default OpenVPN configuration
copy:
src: "{{ vpn_doc_examples }}/server.conf"
dest: "{{ vpn_home }}/server.conf"
owner: root
group: root
force: no
- name: find server TLS-Auth key
find:
paths: "{{ vpn_home }}/server/"
patterns: "ta.key"
register: tlsauth_key_files
- name: generate TLS-Auth key
command: "openvpn --genkey --secret {{ vpn_tlsauth_key_file }}"
when: tlsauth_key_files.matched == 0
- name: install easy-rsa CA and server certs
copy:
src: "{{ easy_rsa_home }}/pki/{{ item }}"
dest: "{{ vpn_home }}/server/"
mode: 0600
owner: root
group: root
loop:
- "ca.crt"
- "dh.pem"
- "private/{{ vpn_server }}.key"
- "issued/{{ vpn_server }}.crt"
- name: setup OpenVPN configuration
lineinfile:
path: "{{ vpn_home }}/server.conf"
regexp: '^;?{{ configline.split(" ")[0] }}{% if configline.split(" ") | length > 1 %} {% endif %}'
line: "{{ configline }}"
owner: root
group: root
mode: 0644
loop: "{{ vpn_server_conf }}"
loop_control:
loop_var: configline
label: "{{ configline }}"
notify: restart openvpn
- name: off-setup OpenVPN configuration
lineinfile:
path: "{{ vpn_home }}/server.conf"
regexp: '^{{ configline.split(" ")[0] }}{% if configline.split(" ") | length > 1 %} {% endif %}'
line: ";{{ configline }}"
backrefs: yes
owner: root
group: root
mode: 0644
loop: "{{ vpn_server_conf_off }}"
loop_control:
loop_var: configline
label: ";{{ configline }}"
notify: restart openvpn
- name: enable openvpn@server systemd unit
systemd:
name: openvpn@server
enabled: yes
daemon_reload: yes
state: started
Reference in New Issue View Git Blame Copy Permalink