evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
ansible-roles/openvpn/tasks/main.yml
Tristan PILAT 8ad8c2c798 Add the first version of OpenVPN role
2018-07-24 17:16:30 +02:00

79 lines
1.7 KiB
YAML
Raw Blame History

---
- name: Install OpenVPN package
apt:
name: "openvpn"
tags:
- openvpn
- name: Deploy OpenVPN configuration
template:
src: "server.conf.j2"
dest: "/etc/openvpn/server.conf"
mode: "0600"
notify: restart openvpn
tags:
- openvpn
- set_fact:
minifirewall_tail_included: True
minifirewall_tail_file: /etc/default/minifirewall.tail
- include_role:
name: minifirewall
tags:
- openvpn
- name: Allow OpenVPN input
blockinfile:
dest: "{{ minifirewall_tail_file }}"
marker: "# {mark} INPUT OPENVPN"
block: |
/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
notify: restart minifirewall
tags:
- openvpn
- name: Create /etc/shellpki directory
file:
path: /etc/shellpki
state: directory
owner: "root"
group: "root"
mode: "0755"
tags:
- openvpn
- name: Create shellpki user
user:
name: "shellpki"
system: yes
state: present
home: "/etc/shellpki/"
shell: "/usr/sbin/nologin"
tags:
- openvpn
- name: Copy some shellpki files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
force: yes
with_items:
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
- { src: 'files/shellpki/shellpki.sh', dest: '/usr/local/sbin/shellpki', mode: '0755' }
tags:
- openvpn
- name: Verify shellpki sudoers file presence
copy:
src: "sudo_shellpki"
dest: "/etc/sudoers.d/shellpki"
force: true
mode: "0440"
validate: '/usr/sbin/visudo -cf %s'
tags:
- openvpn
Reference in a new issue View git blame Copy permalink