ansible-roles/openvpn
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openvpn/tasks/server.yml
ludal f780588779 update server task
2022-09-07 17:25:08 +02:00

79 lines
2.3 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: 'openvpn | copy vars'
template:
src: "../data/openvpn/vars.j2"
dest: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/vars"
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | cleanup everything'
command: "./easyrsa init-pki"
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | create random file'
command: "dd if=/dev/urandom of=pki/.rnd bs=256 count=1"
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | generate certificates'
command: "{{ item }}"
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
environment:
EASYRSA_BATCH: 1
with_items:
- ./easyrsa build-ca nopass
- ./easyrsa gen-dh
- ./easyrsa build-server-full {{ ansible_hostname }} nopass
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | copy certificates'
copy:
src: "{{ item }}"
dest: "/etc/openvpn/{{ ansible_hostname }}/keys"
remote_src: yes
with_items:
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/dh.pem
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ ansible_hostname }}.key
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ ansible_hostname }}.crt
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/ca.crt
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | generate ta.key'
command: "openvpn --genkey secret /etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | chmod ta.key'
file:
path: "/etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
owner: root
group: root
mode: 0644
when: is_installed
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | configure ifconfig-pool-persist'
template:
src: "../data/openvpn/ipp.txt.j2"
dest: "/etc/openvpn/{{ ansible_hostname }}/ipp.txt"
when:
- is_installed
- openvpn_client is defined
tags: ['openvpn', 'openvpn_server']
- name: 'openvpn | copy server configuration'
template:
src: "../data/openvpn/server.conf.j2"
dest: "/etc/openvpn/{{ ansible_hostname }}.conf"
when: is_installed
tags: ['openvpn', 'openvpn_server']
notify: openvpn-restart
Reference in New Issue View Git Blame Copy Permalink