forked from evolix/ansible-roles
82 lines
1.8 KiB
YAML
82 lines
1.8 KiB
YAML
---
|
|
- name: Install OpenVPN package
|
|
apt:
|
|
name: "openvpn"
|
|
tags:
|
|
- openvpn
|
|
|
|
- name: Deploy OpenVPN configuration
|
|
template:
|
|
src: "server.conf.j2"
|
|
dest: "/etc/openvpn/server.conf"
|
|
mode: "0600"
|
|
notify: restart openvpn
|
|
tags:
|
|
- openvpn
|
|
|
|
- name: Allow OpenVPN input
|
|
lineinfile:
|
|
dest: /etc/default/minifirewall
|
|
line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN"
|
|
regexp: '#OPENVPN$'
|
|
state: present
|
|
failed_when: False
|
|
tags:
|
|
- openvpn
|
|
- openvpn-minifirewall
|
|
|
|
- name: Create /etc/shellpki directory
|
|
file:
|
|
path: /etc/shellpki
|
|
state: directory
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
tags:
|
|
- openvpn
|
|
|
|
- name: Create shellpki user
|
|
user:
|
|
name: "shellpki"
|
|
system: yes
|
|
state: present
|
|
home: "/etc/shellpki/"
|
|
shell: "/usr/sbin/nologin"
|
|
tags:
|
|
- openvpn
|
|
|
|
- include_role:
|
|
name: remount-usr
|
|
tags:
|
|
- openvpn
|
|
|
|
- name: Copy some shellpki files
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: "{{ item.mode }}"
|
|
force: yes
|
|
with_items:
|
|
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
|
|
- { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' }
|
|
tags:
|
|
- openvpn
|
|
|
|
- name: Deploy DH PARAMETERS
|
|
template:
|
|
src: "dh2048.pem.j2"
|
|
dest: "/etc/shellpki/dh2048.pem"
|
|
mode: "0600"
|
|
|
|
- name: Verify shellpki sudoers file presence
|
|
copy:
|
|
src: "sudo_shellpki"
|
|
dest: "/etc/sudoers.d/shellpki"
|
|
force: true
|
|
mode: "0440"
|
|
validate: '/usr/sbin/visudo -cf %s'
|
|
tags:
|
|
- openvpn
|