roles/strongswan: Base role for strongSwan setup

The *strongwan* role is intended to be used as a dependency of other
roles that use strongSwan for IPsec configuration. It deploys some basic
configuration and configures the *strongswan* service, but does not
configure any connections, secrets, etc.

roles/strongswan/files/ipsec.secrets

@@ -0,0 +1 @@
+include ipsec.secrets.d/*

roles/strongswan/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart strongswan
+  service:
+    name=strongswan
+    state=restarted

roles/strongswan/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: ensure strongswan is installed
+  package:
+    name=strongswan
+    state=present
+  tags:
+  - install
+
+- name: ensure strongswan ipsec.conf is configured
+  template:
+    src=ipsec.conf.j2
+    dest=/etc/strongswan/ipsec.conf
+    mode=0644
+  notify: restart strongswan
+- name: ensure strongswan conns directory exists
+  file:
+    path=/etc/strongswan/ipsec.d/conns
+    mode=0755
+    state=directory
+- name: ensure strongswan ipsec.secrets is configured
+  copy:
+    src=ipsec.secrets
+    dest=/etc/strongswan/ipsec.secrets
+    mode=0600
+  notify: restart strongswan
+- name: ensure strongswan ipsec.secrets.d directory exists
+  file:
+    path=/etc/strongswan/ipsec.secrets.d
+    mode=0700
+    state=directory
+
+- name: ensure strongswan starts at boot
+  service:
+    name=strongswan
+    enabled=yes

roles/strongswan/templates/ipsec.conf.j2

@@ -0,0 +1,10 @@
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+	# strictcrlpolicy=yes
+	# uniqueids = no
+
+# Define VPN connectsions in files under the ipsec.d/conns directory
+include /etc/strongswan/ipsec.d/conns/*.conf