The openvpn role is not ready for stable yet
This commit is contained in:
parent
f2bd125cfc
commit
2752650ea3
|
@ -1,13 +0,0 @@
|
||||||
# OpenVPN
|
|
||||||
|
|
||||||
Installation and custom configuration of OpenVPN server.
|
|
||||||
|
|
||||||
## Tasks
|
|
||||||
|
|
||||||
Everything is in the `tasks/main.yml` file.
|
|
||||||
|
|
||||||
## Available variables
|
|
||||||
|
|
||||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
|
||||||
|
|
||||||
NOTE: Make sure you have already cloned shellpki in ~/GIT/
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
openvpn_lan: "192.168.42.0"
|
|
||||||
openvpn_netmask: "255.255.255.0"
|
|
|
@ -1 +0,0 @@
|
||||||
/home/tpilat/GIT/shellpki/
|
|
|
@ -1 +0,0 @@
|
||||||
%shellpki ALL = (root) /usr/local/sbin/shellpki
|
|
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
- name: restart openvpn
|
|
||||||
service:
|
|
||||||
name: openvpn
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: restart minifirewall
|
|
||||||
command: /etc/init.d/minifirewall restart
|
|
||||||
register: minifirewall_init_restart
|
|
||||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
|
||||||
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
|
|
@ -1,19 +0,0 @@
|
||||||
galaxy_info:
|
|
||||||
author: Evolix
|
|
||||||
description: Installation and custom configuration of OpenVPN server.
|
|
||||||
|
|
||||||
issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
|
|
||||||
|
|
||||||
license: GPLv2
|
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
|
||||||
|
|
||||||
platforms:
|
|
||||||
- name: Debian
|
|
||||||
versions:
|
|
||||||
- stretch
|
|
||||||
|
|
||||||
dependencies: []
|
|
||||||
# List your role dependencies here, one per line.
|
|
||||||
# Be sure to remove the '[]' above if you add dependencies
|
|
||||||
# to this list.
|
|
|
@ -1,81 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install OpenVPN package
|
|
||||||
apt:
|
|
||||||
name: "openvpn"
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
|
|
||||||
- name: Deploy OpenVPN configuration
|
|
||||||
template:
|
|
||||||
src: "server.conf.j2"
|
|
||||||
dest: "/etc/openvpn/server.conf"
|
|
||||||
mode: "0600"
|
|
||||||
notify: restart openvpn
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
|
|
||||||
- name: Allow OpenVPN input
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/default/minifirewall
|
|
||||||
line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN"
|
|
||||||
regexp: '#OPENVPN$'
|
|
||||||
state: present
|
|
||||||
failed_when: False
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
- openvpn-minifirewall
|
|
||||||
|
|
||||||
- name: Create /etc/shellpki directory
|
|
||||||
file:
|
|
||||||
path: /etc/shellpki
|
|
||||||
state: directory
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
mode: "0755"
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
|
|
||||||
- name: Create shellpki user
|
|
||||||
user:
|
|
||||||
name: "shellpki"
|
|
||||||
system: yes
|
|
||||||
state: present
|
|
||||||
home: "/etc/shellpki/"
|
|
||||||
shell: "/usr/sbin/nologin"
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: remount-usr
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
|
|
||||||
- name: Copy some shellpki files
|
|
||||||
copy:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
force: yes
|
|
||||||
with_items:
|
|
||||||
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
|
|
||||||
- { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' }
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
||||||
|
|
||||||
- name: Deploy DH PARAMETERS
|
|
||||||
template:
|
|
||||||
src: "dh2048.pem.j2"
|
|
||||||
dest: "/etc/shellpki/dh2048.pem"
|
|
||||||
mode: "0600"
|
|
||||||
|
|
||||||
- name: Verify shellpki sudoers file presence
|
|
||||||
copy:
|
|
||||||
src: "sudo_shellpki"
|
|
||||||
dest: "/etc/sudoers.d/shellpki"
|
|
||||||
force: true
|
|
||||||
mode: "0440"
|
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
|
||||||
tags:
|
|
||||||
- openvpn
|
|
|
@ -1,8 +0,0 @@
|
||||||
-----BEGIN DH PARAMETERS-----
|
|
||||||
MIIBCAKCAQEAuimweC/f5W/AIIFhLX256Bi5IU+AkN9sKZ9sxGx0xc3J8NwIBnEP
|
|
||||||
R/2RgclJqJ8OodY70zeDHNLDyc01crGvihuupiWVlvQxS4osdhfdM+GoV9pcmCVr
|
|
||||||
TRTybsUPkkm4rQ/SC7I2MxiYnXwDrrYnpMvBDaRZjoHlgTKjOGoYSd+DIDZSFKkv
|
|
||||||
ASkXQkIC9FpvjnxfW5gtzzm6NheqgYUI2Y2QiqM6BmGVZiPcqyUpbWvRCcZLoPa2
|
|
||||||
Z+FV9LxE4J7CX0ilTJXXhs3RaMlG8qZha3l0hEL4SAZp5xn74Ej/9hA5cWqnKEOQ
|
|
||||||
aLfwADI4rPe9uTu9Qnw87DgM2tQeETBlmwIBAg==
|
|
||||||
-----END DH PARAMETERS-----
|
|
|
@ -1,29 +0,0 @@
|
||||||
user nobody
|
|
||||||
group nogroup
|
|
||||||
|
|
||||||
local {{ ansible_default_ipv4.address }}
|
|
||||||
port 1194
|
|
||||||
proto udp
|
|
||||||
dev tun
|
|
||||||
mode server
|
|
||||||
keepalive 10 120
|
|
||||||
|
|
||||||
cipher AES-128-CBC # AES
|
|
||||||
#comp-lzo
|
|
||||||
# compress (à partir d'OpenVPN 2.4)
|
|
||||||
|
|
||||||
persist-key
|
|
||||||
persist-tun
|
|
||||||
|
|
||||||
status /var/log/openvpn/openvpn-status.log
|
|
||||||
log-append /var/log/openvpn/openvpn.log
|
|
||||||
|
|
||||||
ca /etc/shellpki/cacert.pem
|
|
||||||
cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt
|
|
||||||
key /etc/shellpki/private/{{ ansible_fqdn }}.key
|
|
||||||
dh /etc/shellpki/dh2048.pem
|
|
||||||
|
|
||||||
server {{ openvpn_lan }} {{ openvpn_netmask }}
|
|
||||||
|
|
||||||
# Management interface (used by check_openvpn for Nagios)
|
|
||||||
management 127.0.0.1 1195 /etc/openvpn/management-pwd
|
|
Loading…
Reference in a new issue