roles/strongswan: Base role for strongSwan setup
The *strongwan* role is intended to be used as a dependency of other roles that use strongSwan for IPsec configuration. It deploys some basic configuration and configures the *strongswan* service, but does not configure any connections, secrets, etc.
This commit is contained in:
34
roles/strongswan/tasks/main.yml
Normal file
34
roles/strongswan/tasks/main.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
- name: ensure strongswan is installed
|
||||
package:
|
||||
name=strongswan
|
||||
state=present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure strongswan ipsec.conf is configured
|
||||
template:
|
||||
src=ipsec.conf.j2
|
||||
dest=/etc/strongswan/ipsec.conf
|
||||
mode=0644
|
||||
notify: restart strongswan
|
||||
- name: ensure strongswan conns directory exists
|
||||
file:
|
||||
path=/etc/strongswan/ipsec.d/conns
|
||||
mode=0755
|
||||
state=directory
|
||||
- name: ensure strongswan ipsec.secrets is configured
|
||||
copy:
|
||||
src=ipsec.secrets
|
||||
dest=/etc/strongswan/ipsec.secrets
|
||||
mode=0600
|
||||
notify: restart strongswan
|
||||
- name: ensure strongswan ipsec.secrets.d directory exists
|
||||
file:
|
||||
path=/etc/strongswan/ipsec.secrets.d
|
||||
mode=0700
|
||||
state=directory
|
||||
|
||||
- name: ensure strongswan starts at boot
|
||||
service:
|
||||
name=strongswan
|
||||
enabled=yes
|
||||
Reference in New Issue
Block a user