openvpn/tasks/server.yml

79 lines
2.3 KiB
YAML
Raw Normal View History

2020-08-17 11:48:37 +02:00
---
- name: 'openvpn | copy vars'
template:
src: "../data/openvpn/vars.j2"
dest: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/vars"
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | cleanup everything'
command: "./easyrsa init-pki"
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | create random file'
command: "dd if=/dev/urandom of=pki/.rnd bs=256 count=1"
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | generate certificates'
command: "{{ item }}"
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
environment:
EASYRSA_BATCH: 1
with_items:
- ./easyrsa build-ca nopass
- ./easyrsa gen-dh
- ./easyrsa build-server-full {{ ansible_hostname }} nopass
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | copy certificates'
copy:
src: "{{ item }}"
dest: "/etc/openvpn/{{ ansible_hostname }}/keys"
remote_src: yes
with_items:
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/dh.pem
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ ansible_hostname }}.key
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ ansible_hostname }}.crt
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/ca.crt
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | generate ta.key'
2022-09-07 17:25:08 +02:00
command: "openvpn --genkey secret /etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | chmod ta.key'
file:
path: "/etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
owner: root
group: root
mode: 0644
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | configure ifconfig-pool-persist'
template:
src: "../data/openvpn/ipp.txt.j2"
dest: "/etc/openvpn/{{ ansible_hostname }}/ipp.txt"
2020-10-28 17:16:40 +01:00
when:
- is_installed
- openvpn_client is defined
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | copy server configuration'
template:
src: "../data/openvpn/server.conf.j2"
dest: "/etc/openvpn/{{ ansible_hostname }}.conf"
2020-10-28 17:16:40 +01:00
when: is_installed
2020-08-17 11:48:37 +02:00
tags: ['openvpn', 'openvpn_server']
notify: openvpn-restart