--- - name: Install OpenVPN package apt: name: "openvpn" tags: - openvpn - name: Deploy OpenVPN configuration template: src: "server.conf.j2" dest: "/etc/openvpn/server.conf" mode: "0600" notify: restart openvpn tags: - openvpn - name: Allow OpenVPN input lineinfile: dest: /etc/default/minifirewall line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN" regexp: '#OPENVPN$' state: present failed_when: False tags: - openvpn - openvpn-minifirewall - name: Create /etc/shellpki directory file: path: /etc/shellpki state: directory owner: "root" group: "root" mode: "0755" tags: - openvpn - name: Create shellpki user user: name: "shellpki" system: yes state: present home: "/etc/shellpki/" shell: "/usr/sbin/nologin" tags: - openvpn - include_role: name: remount-usr tags: - openvpn - name: Copy some shellpki files copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: root mode: "{{ item.mode }}" force: yes with_items: - { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' } - { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' } tags: - openvpn - name: Deploy DH PARAMETERS template: src: "dh2048.pem.j2" dest: "/etc/shellpki/dh2048.pem" mode: "0600" - name: Verify shellpki sudoers file presence copy: src: "sudo_shellpki" dest: "/etc/sudoers.d/shellpki" force: true mode: "0440" validate: '/usr/sbin/visudo -cf %s' tags: - openvpn - name: Copy check_openvpn copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: root mode: "{{ item.mode }}" force: yes with_items: - { src: 'files/check_openvpn.pl', dest: '/usr/lib/nagios/plugins/check_openvpn.pl', mode: '0755' } tags: - openvpn