forked from evolix/ansible-roles
Ajout verification minifirewall + /usr en ro + port management pour check_openvpn + certificat dhparam
This commit is contained in:
parent
8ad8c2c798
commit
14e270b688
|
@ -14,24 +14,16 @@
|
|||
tags:
|
||||
- openvpn
|
||||
|
||||
- set_fact:
|
||||
minifirewall_tail_included: True
|
||||
minifirewall_tail_file: /etc/default/minifirewall.tail
|
||||
|
||||
- include_role:
|
||||
name: minifirewall
|
||||
tags:
|
||||
- openvpn
|
||||
|
||||
- name: Allow OpenVPN input
|
||||
blockinfile:
|
||||
dest: "{{ minifirewall_tail_file }}"
|
||||
marker: "# {mark} INPUT OPENVPN"
|
||||
block: |
|
||||
/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
||||
notify: restart minifirewall
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN"
|
||||
regexp: '#OPENVPN$'
|
||||
state: present
|
||||
failed_when: False
|
||||
tags:
|
||||
- openvpn
|
||||
- openvpn-minifirewall
|
||||
|
||||
- name: Create /etc/shellpki directory
|
||||
file:
|
||||
|
@ -53,6 +45,11 @@
|
|||
tags:
|
||||
- openvpn
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
tags:
|
||||
- openvpn
|
||||
|
||||
- name: Copy some shellpki files
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
|
@ -67,6 +64,12 @@
|
|||
tags:
|
||||
- openvpn
|
||||
|
||||
- name: Deploy DH PARAMETERS
|
||||
template:
|
||||
src: "dh2048.pem.j2"
|
||||
dest: "/etc/shellpki/dh2048.pem"
|
||||
mode: "0600"
|
||||
|
||||
- name: Verify shellpki sudoers file presence
|
||||
copy:
|
||||
src: "sudo_shellpki"
|
||||
|
|
8
openvpn/templates/dh2048.pem.j2
Normal file
8
openvpn/templates/dh2048.pem.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEAuimweC/f5W/AIIFhLX256Bi5IU+AkN9sKZ9sxGx0xc3J8NwIBnEP
|
||||
R/2RgclJqJ8OodY70zeDHNLDyc01crGvihuupiWVlvQxS4osdhfdM+GoV9pcmCVr
|
||||
TRTybsUPkkm4rQ/SC7I2MxiYnXwDrrYnpMvBDaRZjoHlgTKjOGoYSd+DIDZSFKkv
|
||||
ASkXQkIC9FpvjnxfW5gtzzm6NheqgYUI2Y2QiqM6BmGVZiPcqyUpbWvRCcZLoPa2
|
||||
Z+FV9LxE4J7CX0ilTJXXhs3RaMlG8qZha3l0hEL4SAZp5xn74Ej/9hA5cWqnKEOQ
|
||||
aLfwADI4rPe9uTu9Qnw87DgM2tQeETBlmwIBAg==
|
||||
-----END DH PARAMETERS-----
|
|
@ -21,7 +21,9 @@ log-append /var/log/openvpn/openvpn.log
|
|||
ca /etc/shellpki/cacert.pem
|
||||
cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt
|
||||
key /etc/shellpki/private/{{ ansible_fqdn }}.key
|
||||
dh /etc/shellpkca/dh2048.pem
|
||||
dh /etc/shellpki/dh2048.pem
|
||||
|
||||
server {{ openvpn_lan }} {{ openvpn_netmask }}
|
||||
|
||||
# Management interface (used by check_openvpn for Nagios)
|
||||
management 127.0.0.1 1195 /etc/openvpn/management-pwd
|
||||
|
|
Loading…
Reference in a new issue