--- - name: Install OpenVPN package openbsd_pkg: name: "openvpn--" tags: - openvpn - name: Create /etc/openvpn directory file: path: /etc/openvpn state: directory owner: "root" group: "wheel" mode: "0755" tags: - openvpn - name: Deploy OpenVPN configuration template: src: "server.conf.j2" dest: "/etc/openvpn/server.conf" mode: "0600" notify: restart openvpn tags: - openvpn - name: Enabling OpenVPN service: name: openvpn enabled: true tags: - openvpn - name: Set OpenVPN flag shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"' tags: - openvpn - name: Create shellpki user user: name: "_shellpki" system: true state: present home: "/etc/shellpki/" shell: "/sbin/nologin" tags: - openvpn - name: Copy some shellpki files copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: wheel mode: "{{ item.mode }}" force: true with_items: - src: 'files/shellpki/openssl.cnf' dest: '/etc/shellpki/openssl.cnf' mode: '0640' - src: 'files/shellpki/shellpki' dest: '/usr/local/sbin/shellpki' mode: '0755' tags: - openvpn - name: Deploy DH PARAMETERS template: src: "dh2048.pem.j2" dest: "/etc/shellpki/dh2048.pem" mode: "0600" tags: - openvpn - name: Create /etc/sudoers.d directory file: path: /etc/sudoers.d state: directory owner: "root" group: "wheel" mode: "0755" tags: - openvpn - name: Include /etc/sudoers.d in sudoers configuration file lineinfile: path: /etc/sudoers line: '#includedir /etc/sudoers.d' tags: - openvpn - name: Verify shellpki sudoers file presence copy: src: "sudo_shellpki" dest: "/etc/sudoers.d/shellpki" force: true mode: "0440" validate: '/usr/local/sbin/visudo -cf %s' tags: - openvpn - name: Copy check_openvpn copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: wheel mode: "{{ item.mode }}" force: true with_items: - src: 'files/check_openvpn.pl' dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl' mode: '0755' tags: - openvpn