diff --git a/openvpn/README.md b/openvpn/README.md deleted file mode 100644 index 18b459ff..00000000 --- a/openvpn/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# OpenVPN - -Installation and custom configuration of OpenVPN server. - -## Tasks - -Everything is in the `tasks/main.yml` file. - -## Available variables - -The full list of variables (with default values) can be found in `defaults/main.yml`. - -NOTE: Make sure you have already cloned shellpki in ~/GIT/ diff --git a/openvpn/defaults/main.yml b/openvpn/defaults/main.yml deleted file mode 100644 index dbf2f802..00000000 --- a/openvpn/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -openvpn_lan: "192.168.42.0" -openvpn_netmask: "255.255.255.0" diff --git a/openvpn/files/shellpki b/openvpn/files/shellpki deleted file mode 120000 index 3036d457..00000000 --- a/openvpn/files/shellpki +++ /dev/null @@ -1 +0,0 @@ -/home/tpilat/GIT/shellpki/ \ No newline at end of file diff --git a/openvpn/files/sudo_shellpki b/openvpn/files/sudo_shellpki deleted file mode 100644 index 08ca1ab0..00000000 --- a/openvpn/files/sudo_shellpki +++ /dev/null @@ -1 +0,0 @@ -%shellpki ALL = (root) /usr/local/sbin/shellpki diff --git a/openvpn/handlers/main.yml b/openvpn/handlers/main.yml deleted file mode 100644 index c87985aa..00000000 --- a/openvpn/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: restart openvpn - service: - name: openvpn - state: restarted - -- name: restart minifirewall - command: /etc/init.d/minifirewall restart - register: minifirewall_init_restart - failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout" - changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout" diff --git a/openvpn/meta/main.yml b/openvpn/meta/main.yml deleted file mode 100644 index 7c4a6bd3..00000000 --- a/openvpn/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -galaxy_info: - author: Evolix - description: Installation and custom configuration of OpenVPN server. - - issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues - - license: GPLv2 - - min_ansible_version: 2.2 - - platforms: - - name: Debian - versions: - - stretch - -dependencies: [] - # List your role dependencies here, one per line. - # Be sure to remove the '[]' above if you add dependencies - # to this list. diff --git a/openvpn/tasks/main.yml b/openvpn/tasks/main.yml deleted file mode 100644 index d58dc4bf..00000000 --- a/openvpn/tasks/main.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: Install OpenVPN package - apt: - name: "openvpn" - tags: - - openvpn - -- name: Deploy OpenVPN configuration - template: - src: "server.conf.j2" - dest: "/etc/openvpn/server.conf" - mode: "0600" - notify: restart openvpn - tags: - - openvpn - -- name: Allow OpenVPN input - lineinfile: - dest: /etc/default/minifirewall - line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN" - regexp: '#OPENVPN$' - state: present - failed_when: False - tags: - - openvpn - - openvpn-minifirewall - -- name: Create /etc/shellpki directory - file: - path: /etc/shellpki - state: directory - owner: "root" - group: "root" - mode: "0755" - tags: - - openvpn - -- name: Create shellpki user - user: - name: "shellpki" - system: yes - state: present - home: "/etc/shellpki/" - shell: "/usr/sbin/nologin" - tags: - - openvpn - -- include_role: - name: remount-usr - tags: - - openvpn - -- name: Copy some shellpki files - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - force: yes - with_items: - - { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' } - - { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' } - tags: - - openvpn - -- name: Deploy DH PARAMETERS - template: - src: "dh2048.pem.j2" - dest: "/etc/shellpki/dh2048.pem" - mode: "0600" - -- name: Verify shellpki sudoers file presence - copy: - src: "sudo_shellpki" - dest: "/etc/sudoers.d/shellpki" - force: true - mode: "0440" - validate: '/usr/sbin/visudo -cf %s' - tags: - - openvpn diff --git a/openvpn/templates/dh2048.pem.j2 b/openvpn/templates/dh2048.pem.j2 deleted file mode 100644 index 9db20bb3..00000000 --- a/openvpn/templates/dh2048.pem.j2 +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEAuimweC/f5W/AIIFhLX256Bi5IU+AkN9sKZ9sxGx0xc3J8NwIBnEP -R/2RgclJqJ8OodY70zeDHNLDyc01crGvihuupiWVlvQxS4osdhfdM+GoV9pcmCVr -TRTybsUPkkm4rQ/SC7I2MxiYnXwDrrYnpMvBDaRZjoHlgTKjOGoYSd+DIDZSFKkv -ASkXQkIC9FpvjnxfW5gtzzm6NheqgYUI2Y2QiqM6BmGVZiPcqyUpbWvRCcZLoPa2 -Z+FV9LxE4J7CX0ilTJXXhs3RaMlG8qZha3l0hEL4SAZp5xn74Ej/9hA5cWqnKEOQ -aLfwADI4rPe9uTu9Qnw87DgM2tQeETBlmwIBAg== ------END DH PARAMETERS----- diff --git a/openvpn/templates/server.conf.j2 b/openvpn/templates/server.conf.j2 deleted file mode 100644 index 466bb861..00000000 --- a/openvpn/templates/server.conf.j2 +++ /dev/null @@ -1,29 +0,0 @@ -user nobody -group nogroup - -local {{ ansible_default_ipv4.address }} -port 1194 -proto udp -dev tun -mode server -keepalive 10 120 - -cipher AES-128-CBC # AES -#comp-lzo -# compress (à partir d'OpenVPN 2.4) - -persist-key -persist-tun - -status /var/log/openvpn/openvpn-status.log -log-append /var/log/openvpn/openvpn.log - -ca /etc/shellpki/cacert.pem -cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt -key /etc/shellpki/private/{{ ansible_fqdn }}.key -dh /etc/shellpki/dh2048.pem - -server {{ openvpn_lan }} {{ openvpn_netmask }} - -# Management interface (used by check_openvpn for Nagios) -management 127.0.0.1 1195 /etc/openvpn/management-pwd