openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS

CHANGELOG.md

@@ -26,6 +26,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
 * nagios-nrpe: Add check_domains
 * generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3) 
+* openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
 
 ### Fixed
 

openvpn/tasks/debian.yml

@@ -12,6 +12,14 @@
     - client
     - server
 
+- name: Create the _openvpn user
+  user:
+    name: _openvpn
+    system: yes
+    create_home: no
+    home: "/nonexistent"
+    shell: "/usr/sbin/nologin"
+
 - name: Create the shellpki user
   user:
     name: shellpki

openvpn/templates/server.conf.j2

@@ -1,5 +1,5 @@
-user  nobody
-group nogroup
+user  _openvpn
+group _openvpn
 
 local {{ ansible_default_ipv4.address }}
 port 1194