Dustin C. Hatch
ae4d1c08f9
The *strongwan* role is intended to be used as a dependency of other roles that use strongSwan for IPsec configuration. It deploys some basic configuration and configures the *strongswan* service, but does not configure any connections, secrets, etc.
35 lines
800 B
YAML
35 lines
800 B
YAML
- name: ensure strongswan is installed
|
|
package:
|
|
name=strongswan
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure strongswan ipsec.conf is configured
|
|
template:
|
|
src=ipsec.conf.j2
|
|
dest=/etc/strongswan/ipsec.conf
|
|
mode=0644
|
|
notify: restart strongswan
|
|
- name: ensure strongswan conns directory exists
|
|
file:
|
|
path=/etc/strongswan/ipsec.d/conns
|
|
mode=0755
|
|
state=directory
|
|
- name: ensure strongswan ipsec.secrets is configured
|
|
copy:
|
|
src=ipsec.secrets
|
|
dest=/etc/strongswan/ipsec.secrets
|
|
mode=0600
|
|
notify: restart strongswan
|
|
- name: ensure strongswan ipsec.secrets.d directory exists
|
|
file:
|
|
path=/etc/strongswan/ipsec.secrets.d
|
|
mode=0700
|
|
state=directory
|
|
|
|
- name: ensure strongswan starts at boot
|
|
service:
|
|
name=strongswan
|
|
enabled=yes
|