2019-10-30 11:00:29 +01:00
|
|
|
---
|
|
|
|
- name: Install OpenVPN package
|
|
|
|
openbsd_pkg:
|
|
|
|
name: "openvpn--"
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Create /etc/openvpn directory
|
|
|
|
file:
|
|
|
|
path: /etc/openvpn
|
|
|
|
state: directory
|
|
|
|
owner: "root"
|
|
|
|
group: "wheel"
|
|
|
|
mode: "0755"
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Deploy OpenVPN configuration
|
2020-06-01 11:37:15 +02:00
|
|
|
template:
|
|
|
|
src: "server.conf.j2"
|
2019-10-30 11:00:29 +01:00
|
|
|
dest: "/etc/openvpn/server.conf"
|
2020-06-01 11:37:15 +02:00
|
|
|
mode: "0600"
|
2019-10-30 11:00:29 +01:00
|
|
|
notify: restart openvpn
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Enabling OpenVPN
|
|
|
|
service:
|
|
|
|
name: openvpn
|
2020-06-01 11:37:15 +02:00
|
|
|
enabled: true
|
2019-10-30 11:00:29 +01:00
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Set OpenVPN flag
|
|
|
|
shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"'
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Create shellpki user
|
|
|
|
user:
|
|
|
|
name: "_shellpki"
|
2020-06-01 11:37:15 +02:00
|
|
|
system: true
|
|
|
|
state: present
|
2019-10-30 11:00:29 +01:00
|
|
|
home: "/etc/shellpki/"
|
|
|
|
shell: "/sbin/nologin"
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Copy some shellpki files
|
2020-06-01 11:37:15 +02:00
|
|
|
copy:
|
|
|
|
src: "{{ item.src }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
owner: root
|
2019-10-30 11:00:29 +01:00
|
|
|
group: wheel
|
|
|
|
mode: "{{ item.mode }}"
|
2020-06-01 11:37:15 +02:00
|
|
|
force: true
|
2019-10-30 11:00:29 +01:00
|
|
|
with_items:
|
2020-06-04 18:51:53 +02:00
|
|
|
- src: 'files/shellpki/openssl.cnf'
|
|
|
|
dest: '/etc/shellpki/openssl.cnf'
|
|
|
|
mode: '0640'
|
|
|
|
- src: 'files/shellpki/shellpki'
|
|
|
|
dest: '/usr/local/sbin/shellpki'
|
|
|
|
mode: '0755'
|
2019-10-30 11:00:29 +01:00
|
|
|
tags:
|
|
|
|
- openvpn
|
|
|
|
|
|
|
|
- name: Deploy DH PARAMETERS
|
2020-06-01 11:37:15 +02:00
|
|
|
template:
|
|
|
|
src: "dh2048.pem.j2"
|
2019-10-30 11:00:29 +01:00
|
|
|
dest: "/etc/shellpki/dh2048.pem"
|
2020-06-01 11:37:15 +02:00
|
|
|
mode: "0600"
|
2019-10-30 11:00:29 +01:00
|
|
|
tags:
|
|
|
|
- openvpn
|
|
|
|
|
|
|
|
- name: Create /etc/sudoers.d directory
|
|
|
|
file:
|
|
|
|
path: /etc/sudoers.d
|
|
|
|
state: directory
|
|
|
|
owner: "root"
|
|
|
|
group: "wheel"
|
|
|
|
mode: "0755"
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Include /etc/sudoers.d in sudoers configuration file
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/sudoers
|
|
|
|
line: '#includedir /etc/sudoers.d'
|
|
|
|
tags:
|
|
|
|
- openvpn
|
|
|
|
|
|
|
|
- name: Verify shellpki sudoers file presence
|
|
|
|
copy:
|
|
|
|
src: "sudo_shellpki"
|
|
|
|
dest: "/etc/sudoers.d/shellpki"
|
|
|
|
force: true
|
2020-06-01 11:37:15 +02:00
|
|
|
mode: "0440"
|
2019-10-30 11:00:29 +01:00
|
|
|
validate: '/usr/local/sbin/visudo -cf %s'
|
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- openvpn
|
2019-10-30 11:00:29 +01:00
|
|
|
|
|
|
|
- name: Copy check_openvpn
|
2020-06-01 11:37:15 +02:00
|
|
|
copy:
|
|
|
|
src: "{{ item.src }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
owner: root
|
2019-10-30 11:00:29 +01:00
|
|
|
group: wheel
|
|
|
|
mode: "{{ item.mode }}"
|
2020-06-01 11:37:15 +02:00
|
|
|
force: true
|
2019-10-30 11:00:29 +01:00
|
|
|
with_items:
|
2020-06-04 18:51:53 +02:00
|
|
|
- src: 'files/check_openvpn.pl'
|
|
|
|
dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl'
|
|
|
|
mode: '0755'
|
2019-10-30 11:00:29 +01:00
|
|
|
tags:
|
|
|
|
- openvpn
|
2020-06-23 15:38:21 +02:00
|
|
|
|
|
|
|
- name: Install needed package for check_openvpn
|
|
|
|
openbsd_pkg:
|
|
|
|
name: "p5-Net-Telnet"
|
|
|
|
tags:
|
|
|
|
- openvpn
|