openvpn/tasks/server.yml

---
- name: 'openvpn | copy vars'
  template:
    src: "../data/openvpn/vars.j2"
    dest: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/vars"
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | cleanup everything'
  command: "./easyrsa init-pki"
  args:
    chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | create random file'
  command: "dd if=/dev/urandom of=pki/.rnd bs=256 count=1"
  args:
    chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | generate certificates'
  command: "{{ item }}"
  args:
    chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
  environment:
    EASYRSA_BATCH: 1
  with_items:
    - ./easyrsa build-ca nopass
    - ./easyrsa gen-dh
    - ./easyrsa build-server-full {{ ansible_hostname }} nopass
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | copy certificates'
  copy:
    src: "{{ item }}"
    dest: "/etc/openvpn/{{ ansible_hostname }}/keys"
    remote_src: yes
  with_items:
    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/dh.pem
    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ ansible_hostname }}.key
    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ ansible_hostname }}.crt
    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/ca.crt
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | generate ta.key'
  command: "openvpn --genkey --secret /etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | chmod ta.key'
  file:
    path: "/etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
    owner: root
    group: root
    mode: 0644
  when: is_installed
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | configure ifconfig-pool-persist'
  template:
    src: "../data/openvpn/ipp.txt.j2"
    dest: "/etc/openvpn/{{ ansible_hostname }}/ipp.txt"
  when:
    - is_installed
    - openvpn_client is defined
  tags: ['openvpn', 'openvpn_server']

- name: 'openvpn | copy server configuration'
  template:
    src: "../data/openvpn/server.conf.j2"
    dest: "/etc/openvpn/{{ ansible_hostname }}.conf"
  when: is_installed
  tags: ['openvpn', 'openvpn_server']
  notify: openvpn-restart
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								---
 								- name: 'openvpn | copy vars'
 								  template:
 								    src: "../data/openvpn/vars.j2"
 								    dest: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/vars"
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | cleanup everything'
 								  command: "./easyrsa init-pki"
 								  args:
 								    chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | create random file'
 								  command: "dd if=/dev/urandom of=pki/.rnd bs=256 count=1"
 								  args:
 								    chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | generate certificates'
 								  command: "{{ item }}"
 								  args:
 								    chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
 								  environment:
 								    EASYRSA_BATCH: 1
 								  with_items:
 								    - ./easyrsa build-ca nopass
 								    - ./easyrsa gen-dh
 								    - ./easyrsa build-server-full {{ ansible_hostname }} nopass
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | copy certificates'
 								  copy:
 								    src: "{{ item }}"
 								    dest: "/etc/openvpn/{{ ansible_hostname }}/keys"
 								    remote_src: yes
 								  with_items:
 								    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/dh.pem
 								    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ ansible_hostname }}.key
 								    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ ansible_hostname }}.crt
 								    - /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/ca.crt
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | generate ta.key'
 								  command: "openvpn --genkey --secret /etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | chmod ta.key'
 								  file:
 								    path: "/etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
 								    owner: root
 								    group: root
 								    mode: 0644
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | configure ifconfig-pool-persist'
 								  template:
 								    src: "../data/openvpn/ipp.txt.j2"
 								    dest: "/etc/openvpn/{{ ansible_hostname }}/ipp.txt"
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when:
 								    - is_installed
 								    - openvpn_client is defined
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								- name: 'openvpn | copy server configuration'
 								  template:
 								    src: "../data/openvpn/server.conf.j2"
 								    dest: "/etc/openvpn/{{ ansible_hostname }}.conf"
-												add condition

											
										
										
											2020-10-28 17:16:40 +01:00
+								  when: is_installed
-												initial commit

											
										
										
											2020-08-17 11:48:37 +02:00
+								  tags: ['openvpn', 'openvpn_server']
 								  notify: openvpn-restart