adrien/ansible-role-openvpn
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fix lint
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2020-06-04 09:08:42 +02:00
parent 943c172361
commit c8425f2d5a
1 changed files with 42 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

50
tasks/main.yml
View file

@ -3,7 +3,10 @@
include_vars: "{{ ansible_os_family }}.yml" include_vars: "{{ ansible_os_family }}.yml"
- name: Install packages for openvpn - name: Install packages for openvpn
package: name="{{ openvpn_packages }}" state=latest update_cache=yes package:
name: "{{ openvpn_packages }}"
state: present
update_cache: yes
- name: Install OpenVSwitch - name: Install OpenVSwitch
include_role: include_role:
@ -30,12 +33,26 @@
# - openvpn_bridge_type == "bridge" # - openvpn_bridge_type == "bridge"
- name: Make server config directory - name: Make server config directory
file: path=/etc/openvpn/server state=directory owner=root group=root mode=0750 file:
path: /etc/openvpn/server
state: directory
owner: root
group: root
mode: 0750
- name: Install vpn-up.sh script - name: Install vpn-up.sh script
template: src=etc/openvpn/server/vpn-up-down.sh.j2 dest=/etc/openvpn/server/vpn-up.sh owner=root group=root mode=0755 template:
src: etc/openvpn/server/vpn-up-down.sh.j2
dest: /etc/openvpn/server/vpn-up.sh
owner: root
group: root
mode: 0755
- name: Install vpn-down.sh link - name: Install vpn-down.sh link
file: src=vpn-up.sh dest=/etc/openvpn/server/vpn-down.sh state=link force=yes file:
src: vpn-up.sh
dest: /etc/openvpn/server/vpn-down.sh
state: link
force: yes
# setsebool openvpn_run_unconfined on # setsebool openvpn_run_unconfined on
- name: Set boolean selinux flag for scripts - name: Set boolean selinux flag for scripts
seboolean: seboolean:
@ -58,7 +75,12 @@
# Need more step to generate certificat files # Need more step to generate certificat files
- name: Install Certificat files - name: Install Certificat files
copy: src=etc/openvpn/server/easy-rsa/2.0/keys/{{ item }} dest=/etc/openvpn/server/{{ item }} owner=root group=root mode=0600 copy:
src: etc/openvpn/server/easy-rsa/2.0/keys/{{ item }}
dest: /etc/openvpn/server/{{ item }}
owner: root
group: root
mode: 0600
with_items: with_items:
- ca.crt - ca.crt
- dh2048.pem - dh2048.pem
@ -67,18 +89,30 @@
- ta.key - ta.key
- name: Install openvpn configuration files - name: Install openvpn configuration files
template: src=etc/openvpn/server/config.conf.j2 dest=/etc/openvpn/server/{{ openvpn_vpn_name }}.{{ item.proto }}.conf owner=root group=root mode=0644 template:
src: etc/openvpn/server/config.conf.j2
dest: /etc/openvpn/server/{{ openvpn_vpn_name }}.{{ item.proto }}.conf
owner: root
group: root
mode: 0644
with_items: with_items:
- '{{ openvpn_subnets }}' - '{{ openvpn_subnets }}'
notify: Restart openvpn-server-{{ item.proto }} notify: Restart openvpn-server-{{ item.proto }}
- name: Enable openvpn services - name: Enable openvpn services
service: name="openvpn-server@{{ openvpn_vpn_name }}.{{ item.proto }}" enabled=yes service:
name: "openvpn-server@{{ openvpn_vpn_name }}.{{ item.proto }}"
enabled: yes
with_items: with_items:
- '{{ openvpn_subnets }}' - '{{ openvpn_subnets }}'
- name: Install Personnal OpenVPN config file for firewalld - name: Install Personnal OpenVPN config file for firewalld
template: src=etc/firewalld/services/openvpn.xml dest=/etc/firewalld/services/openvpn-{{ openvpn_vpn_name | regex_replace('\.','_') }}.xml owner=root group=root mode=0644 template:
src: etc/firewalld/services/openvpn.xml
dest: /etc/firewalld/services/openvpn-{{ openvpn_vpn_name | regex_replace('\.','_') }}.xml
owner: root
group: root
mode: 0644
register: result register: result
- name: reload firewalld to refresh service list - name: reload firewalld to refresh service list