The openvpn role is not ready for stable yet

2018-08-09 18:04:02 +02:00 · 2018-08-09 18:04:02 +02:00 · 2752650ea3
parent f2bd125cfc
commit 2752650ea3
9 changed files with 0 additions and 166 deletions
--- a/openvpn/README.md
+++ b/openvpn/README.md
@ -1,13 +0,0 @@
-# OpenVPN
-
-Installation and custom configuration of OpenVPN server.
-
-## Tasks
-
-Everything is in the `tasks/main.yml` file.
-
-## Available variables
-
-The full list of variables (with default values) can be found in `defaults/main.yml`.
-
-NOTE: Make sure you have already cloned shellpki in ~/GIT/
--- a/openvpn/defaults/main.yml
+++ b/openvpn/defaults/main.yml
@ -1,3 +0,0 @@
---
-openvpn_lan: "192.168.42.0"
-openvpn_netmask: "255.255.255.0"
--- a/openvpn/files/shellpki
+++ b/openvpn/files/shellpki
@ -1 +0,0 @@
-/home/tpilat/GIT/shellpki/
--- a/openvpn/files/sudo_shellpki
+++ b/openvpn/files/sudo_shellpki
@ -1 +0,0 @@
-%shellpki ALL = (root) /usr/local/sbin/shellpki
--- a/openvpn/handlers/main.yml
+++ b/openvpn/handlers/main.yml
@ -1,11 +0,0 @@
---
- name: restart openvpn
-  service:
-    name: openvpn
-    state: restarted
-
- name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
-  changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
--- a/openvpn/meta/main.yml
+++ b/openvpn/meta/main.yml
@ -1,19 +0,0 @@
-galaxy_info:
-  author: Evolix
-  description: Installation and custom configuration of OpenVPN server.
-
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
-
-  license: GPLv2
-
-  min_ansible_version: 2.2
-
-  platforms:
-  - name: Debian
-    versions:
-    - stretch
-
-dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
--- a/openvpn/tasks/main.yml
+++ b/openvpn/tasks/main.yml
@ -1,81 +0,0 @@
---
- name: Install OpenVPN package
-  apt:
-    name: "openvpn"
-  tags:
-  - openvpn
-
- name: Deploy OpenVPN configuration
-  template:                    
-    src: "server.conf.j2" 
-    dest: "/etc/openvpn/server.conf"
-    mode: "0600"               
-  notify: restart openvpn
-  tags:
-  - openvpn
-
- name: Allow OpenVPN input
-  lineinfile: 
-    dest: /etc/default/minifirewall
-    line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN"
-    regexp: '#OPENVPN$'
-    state: present
-  failed_when: False
-  tags:
-  - openvpn
-  - openvpn-minifirewall
-
- name: Create /etc/shellpki directory
-  file:
-    path: /etc/shellpki
-    state: directory
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  tags:
-  - openvpn
-
- name: Create shellpki user
-  user:
-    name: "shellpki"
-    system: yes
-    state: present    
-    home: "/etc/shellpki/"
-    shell: "/usr/sbin/nologin"
-  tags:
-  - openvpn
-
- include_role:
-    name: remount-usr
-  tags:
-  - openvpn
-
- name: Copy some shellpki files
-  copy: 
-    src: "{{ item.src }}"      
-    dest: "{{ item.dest }}"    
-    owner: root                
-    group: root
-    mode: "{{ item.mode }}"
-    force: yes                 
-  with_items:
-          - { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
-          - { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' }
-  tags:
-    - openvpn
-
- name: Deploy DH PARAMETERS
-  template:                    
-    src: "dh2048.pem.j2" 
-    dest: "/etc/shellpki/dh2048.pem"
-    mode: "0600"               
-
- name: Verify shellpki sudoers file presence
-  copy:
-    src: "sudo_shellpki"
-    dest: "/etc/sudoers.d/shellpki"
-    force: true
-    mode: "0440"               
-    validate: '/usr/sbin/visudo -cf %s'
-  tags:
-  - openvpn
--- a/openvpn/templates/dh2048.pem.j2
+++ b/openvpn/templates/dh2048.pem.j2
@ -1,8 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAuimweC/f5W/AIIFhLX256Bi5IU+AkN9sKZ9sxGx0xc3J8NwIBnEP
-R/2RgclJqJ8OodY70zeDHNLDyc01crGvihuupiWVlvQxS4osdhfdM+GoV9pcmCVr
-TRTybsUPkkm4rQ/SC7I2MxiYnXwDrrYnpMvBDaRZjoHlgTKjOGoYSd+DIDZSFKkv
-ASkXQkIC9FpvjnxfW5gtzzm6NheqgYUI2Y2QiqM6BmGVZiPcqyUpbWvRCcZLoPa2
-Z+FV9LxE4J7CX0ilTJXXhs3RaMlG8qZha3l0hEL4SAZp5xn74Ej/9hA5cWqnKEOQ
-aLfwADI4rPe9uTu9Qnw87DgM2tQeETBlmwIBAg==
-----END DH PARAMETERS-----
--- a/openvpn/templates/server.conf.j2
+++ b/openvpn/templates/server.conf.j2
@ -1,29 +0,0 @@
-user  nobody
-group nogroup
-
-local {{ ansible_default_ipv4.address }}
-port 1194
-proto udp
-dev tun
-mode server
-keepalive 10 120
-
-cipher AES-128-CBC # AES
-#comp-lzo
-# compress (à partir d'OpenVPN 2.4)
-
-persist-key
-persist-tun
-
-status /var/log/openvpn/openvpn-status.log
-log-append  /var/log/openvpn/openvpn.log
-
-ca   /etc/shellpki/cacert.pem
-cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt
-key  /etc/shellpki/private/{{ ansible_fqdn }}.key
-dh   /etc/shellpki/dh2048.pem
-
-server {{ openvpn_lan }} {{ openvpn_netmask }}
-
-# Management interface (used by check_openvpn for Nagios)
-management 127.0.0.1 1195 /etc/openvpn/management-pwd
				`@ -1 +0,0 @@`
				`%shellpki ALL = (root) /usr/local/sbin/shellpki`