evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
EvoBSD/roles/openvpn/tasks/main.yml
Jérémy Dubois dedbdf9822
Some checks failed
continuous-integration/drone/push Build is failing
Details
Added a package needed for the OpenVPN check and changed the default location of the checks
2020-06-23 15:38:21 +02:00

122 lines
2.3 KiB
YAML
Raw Blame History

---
- name: Install OpenVPN package
openbsd_pkg:
name: "openvpn--"
tags:
- openvpn
- name: Create /etc/openvpn directory
file:
path: /etc/openvpn
state: directory
owner: "root"
group: "wheel"
mode: "0755"
tags:
- openvpn
- name: Deploy OpenVPN configuration
template:
src: "server.conf.j2"
dest: "/etc/openvpn/server.conf"
mode: "0600"
notify: restart openvpn
tags:
- openvpn
- name: Enabling OpenVPN
service:
name: openvpn
enabled: true
tags:
- openvpn
- name: Set OpenVPN flag
shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"'
tags:
- openvpn
- name: Create shellpki user
user:
name: "_shellpki"
system: true
state: present
home: "/etc/shellpki/"
shell: "/sbin/nologin"
tags:
- openvpn
- name: Copy some shellpki files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: wheel
mode: "{{ item.mode }}"
force: true
with_items:
- src: 'files/shellpki/openssl.cnf'
dest: '/etc/shellpki/openssl.cnf'
mode: '0640'
- src: 'files/shellpki/shellpki'
dest: '/usr/local/sbin/shellpki'
mode: '0755'
tags:
- openvpn
- name: Deploy DH PARAMETERS
template:
src: "dh2048.pem.j2"
dest: "/etc/shellpki/dh2048.pem"
mode: "0600"
tags:
- openvpn
- name: Create /etc/sudoers.d directory
file:
path: /etc/sudoers.d
state: directory
owner: "root"
group: "wheel"
mode: "0755"
tags:
- openvpn
- name: Include /etc/sudoers.d in sudoers configuration file
lineinfile:
path: /etc/sudoers
line: '#includedir /etc/sudoers.d'
tags:
- openvpn
- name: Verify shellpki sudoers file presence
copy:
src: "sudo_shellpki"
dest: "/etc/sudoers.d/shellpki"
force: true
mode: "0440"
validate: '/usr/local/sbin/visudo -cf %s'
tags:
- openvpn
- name: Copy check_openvpn
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: wheel
mode: "{{ item.mode }}"
force: true
with_items:
- src: 'files/check_openvpn.pl'
dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl'
mode: '0755'
tags:
- openvpn
- name: Install needed package for check_openvpn
openbsd_pkg:
name: "p5-Net-Telnet"
tags:
- openvpn
Reference in a new issue View git blame Copy permalink