evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
ansible-roles/openvpn/tasks/main.yml

95 lines
2.1 KiB
YAML
Raw Blame History

---
- name: Install OpenVPN package
apt:
name: "openvpn"
tags:
- openvpn
- name: Deploy OpenVPN configuration
template:
src: "server.conf.j2"
dest: "/etc/openvpn/server.conf"
mode: "0600"
notify: restart openvpn
tags:
- openvpn
- name: Allow OpenVPN input
lineinfile:
dest: /etc/default/minifirewall
line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN"
regexp: '#OPENVPN$'
state: present
failed_when: False
tags:
- openvpn
- openvpn-minifirewall
- name: Create /etc/shellpki directory
file:
path: /etc/shellpki
state: directory
owner: "root"
group: "root"
mode: "0755"
tags:
- openvpn
- name: Create shellpki user
user:
name: "shellpki"
system: yes
state: present
home: "/etc/shellpki/"
shell: "/usr/sbin/nologin"
tags:
- openvpn
- include_role:
name: remount-usr
tags:
- openvpn
- name: Copy some shellpki files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
force: yes
with_items:
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
- { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' }
tags:
- openvpn
- name: Deploy DH PARAMETERS
template:
src: "dh2048.pem.j2"
dest: "/etc/shellpki/dh2048.pem"
mode: "0600"
- name: Verify shellpki sudoers file presence
copy:
src: "sudo_shellpki"
dest: "/etc/sudoers.d/shellpki"
force: true
mode: "0440"
validate: '/usr/sbin/visudo -cf %s'
tags:
- openvpn
- name: Copy check_openvpn
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
force: yes
with_items:
- { src: 'files/check_openvpn.pl', dest: '/usr/lib/nagios/plugins/check_openvpn.pl', mode: '0755' }
tags:
- openvpn
Reference in a new issue View git blame Copy permalink