Unverified Commit 89cff4fb authored by Dmitriy Safronov's avatar Dmitriy Safronov Committed by GitHub
Browse files

initial (#1) 



Signed-off-by: default avatarDmitriy Safronov <zimniy@cyberbrain.pw>

---------

Signed-off-by: default avatarDmitriy Safronov <zimniy@cyberbrain.pw>
parent 17c19236

README.md

+2 −0
Original line number Diff line number Diff line 
# ansible_role-template



Install & configure OpenVPN server.

handlers/main.yml

0 → 100644
+6 −0
Original line number Diff line number Diff line 
- name: (Re)start openvpn service

  ansible.builtin.systemd:

    state: restarted

    enabled: true

    daemon_reload: true

    name: "openvpn@{{ openvpn_server.name }}.service"

meta/main.yml

+4 −4
Original line number Diff line number Diff line 
collections: []

dependencies: []

galaxy_info:

  author: template

  description: template

  author: Dmitriy Safronov

  description: Install & configure OpenVPN server.

  license: Apache-2.0

  min_ansible_version: "2.16"

  namespace: template

  role_name: template
 
  namespace: dmitriysafronov

  role_name: openvpn_server

tasks/main.yml

0 → 100644
+205 −0
Original line number Diff line number Diff line 
- name: Install openvpn

  ansible.builtin.package:

    name: openvpn

    state: present



- name: Create OpenVPN config directory (+ccd)

  ansible.builtin.file:

    path: "/etc/openvpn/{{ openvpn_server.name }}/ccd"

    state: directory

    mode: '0700'

    owner: root

    group: root



- name: Template OpenVPN temporary config into config directory

  ansible.builtin.template:

    src: openvpn.conf.j2

    dest: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

    mode: '0600'

    owner: root

    group: root

  changed_when: false



- name: Set status location in temporary config

  ansible.builtin.lineinfile:

    path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

    regexp: '^status\s+(.*)$'

    line: "status /var/log/openvpn/status-{{ openvpn_server.name }}.log 1"

  changed_when: false



- name: Configure Diffie Hellman

  when:

    - openvpn_server.dh is defined

    - openvpn_server.dh != None

    - openvpn_server.dh | length > 0

  block:



    - name: Template Diffie Hellman file in config directory

      ansible.builtin.template:

        src: openvpn.dh.j2

        dest: "/etc/openvpn/{{ openvpn_server.name }}/dh.pem"

        mode: '0600'

        owner: root

        group: root

      notify: (Re)start openvpn service



    - name: Set Diffie Hellman location in temporary config

      ansible.builtin.lineinfile:

        path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

        regexp: '^dh\s+(.*)$'

        line: "dh /etc/openvpn/{{ openvpn_server.name }}/dh.pem"

      changed_when: false



- name: Configure Certificate Authority

  when:

    - openvpn_server.ca is defined

    - openvpn_server.ca != None

    - openvpn_server.ca | length > 0

  block:



    - name: Template Certificate Authority file in config directory

      ansible.builtin.template:

        src: openvpn.ca.j2

        dest: "/etc/openvpn/{{ openvpn_server.name }}/ca.crt"

        mode: '0600'

        owner: root

        group: root

      notify: (Re)start openvpn service



    - name: Set Certificate Authority location in temporary config

      ansible.builtin.lineinfile:

        path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

        regexp: '^ca\s+(.*)$'

        line: "ca /etc/openvpn/{{ openvpn_server.name }}/ca.crt"

      changed_when: false



- name: Configure server certificate

  when:

    - openvpn_server.cert is defined

    - openvpn_server.cert != None

    - openvpn_server.cert | length > 0

  block:



    - name: Template server certificate file in config directory

      ansible.builtin.template:

        src: openvpn.cert.j2

        dest: "/etc/openvpn/{{ openvpn_server.name }}/server.crt"

        mode: '0600'

        owner: root

        group: root

      notify: (Re)start openvpn service



    - name: Set server certificate location in temporary config

      ansible.builtin.lineinfile:

        path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

        regexp: '^cert\s+(.*)$'

        line: "cert /etc/openvpn/{{ openvpn_server.name }}/server.crt"

      changed_when: false



- name: Configure server certificate key

  when:

    - openvpn_server.ca is defined

    - openvpn_server.ca != None

    - openvpn_server.ca | length > 0

  block:



    - name: Template server certificate key file in config directory

      ansible.builtin.template:

        src: openvpn.key.j2

        dest: "/etc/openvpn/{{ openvpn_server.name }}/server.key"

        mode: '0600'

        owner: root

        group: root

      notify: (Re)start openvpn service



    - name: Set server certificate key location in temporary config

      ansible.builtin.lineinfile:

        path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

        regexp: '^key\s+(.*)$'

        line: "key /etc/openvpn/{{ openvpn_server.name }}/server.key"

      changed_when: false



- name: Configure tls-auth key

  when:

    - openvpn_server.ta is defined

    - openvpn_server.ta != None

    - openvpn_server.ta | length > 0

  block:



    - name: Template tls-auth key file in config directory

      ansible.builtin.template:

        src: openvpn.ta.j2

        dest: "/etc/openvpn/{{ openvpn_server.name }}/ta.key"

        mode: '0600'

        owner: root

        group: root

      notify: (Re)start openvpn service



    - name: Set tls-auth key location in temporary config

      ansible.builtin.lineinfile:

        path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

        regexp: '^tls-auth\s+(.*)$'

        line: "tls-auth /etc/openvpn/{{ openvpn_server.name }}/ta.key 0"

      changed_when: false



- name: Configure Certificate Revocational List

  when:

    - openvpn_server.crl is defined

    - openvpn_server.crl != None

    - openvpn_server.crl | length > 0

  block:



    - name: Template Certificate Revocational List file in config directory

      ansible.builtin.template:

        src: openvpn.crl.j2

        dest: "/etc/openvpn/{{ openvpn_server.name }}/crl.pem"

        mode: '0600'

        owner: root

        group: root

      notify: (Re)start openvpn service



    - name: Set Certificate Revocational List key location in temporary config

      ansible.builtin.lineinfile:

        path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

        regexp: '^crl-verify\s+(.*)$'

        line: "crl-verify /etc/openvpn/{{ openvpn_server.name }}/crl.pem"

      changed_when: false



- name: Set client config directory location in temporary config

  ansible.builtin.lineinfile:

    path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

    regexp: '^client-config-dir\s+(.*)$'

    line: "client-config-dir /etc/openvpn/{{ openvpn_server.name }}/ccd"

  changed_when: false



- name: Copy temporary config in required place

  ansible.builtin.copy:

    src: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

    dest: "/etc/openvpn/{{ openvpn_server.name }}.conf"

    remote_src: true

    mode: '0600'

    owner: root

    group: root

    backup: true

  notify: (Re)start openvpn service



- name: Delete OpenVPN temporary config

  ansible.builtin.file:

    path: "/etc/openvpn/{{ openvpn_server.name }}/conf.tmp"

    state: absent

  changed_when: false



- name: Template openvpn client configs

  when:

    - item.value is defined

    - item.value != None

    - item.value | length > 0

  with_dict: "{{ openvpn_server.ccd }}"

  ansible.builtin.template:

    src: openvpn.ccd.j2

    dest: "/etc/openvpn/{{ openvpn_server.name }}/ccd/{{ item.key }}"

    mode: '0600'

    owner: root

    group: root

  notify: (Re)start openvpn service

  no_log: true

templates/openvpn.ca.j2

0 → 100644
+3 −0
Original line number Diff line number Diff line 
{{ ansible_managed | comment }}



{{ openvpn_server.ca }}