75 lines
2.1 KiB
YAML
75 lines
2.1 KiB
YAML
- name: ensure required packages are installed
|
|
package:
|
|
name=openvpn,stunnel
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure stunnel configuration is set
|
|
template:
|
|
src=openvpn.stunnel.conf.j2
|
|
dest=/etc/stunnel/openvpn.conf
|
|
mode=0644
|
|
notify: restart stunnel openvpn proxy
|
|
|
|
- name: ensure openvpn server configuration is set
|
|
template:
|
|
src=pyrocufflink.openvpn.conf.j2
|
|
dest=/etc/openvpn/server/pyrocufflink.conf
|
|
mode=0644
|
|
notify: restart pyrocufflink openvpn server
|
|
- name: ensure openvpn client config dir exists
|
|
file:
|
|
path=/etc/openvpn/server/clients
|
|
mode=0755
|
|
state=directory
|
|
- name: ensure openvpn client config files are set
|
|
template:
|
|
src={{ item }}
|
|
dest=/etc/openvpn/server/clients/{{ (item|basename|splitext)[0] }}
|
|
mode=0640
|
|
notify: restart pyrocufflink openvpn server
|
|
with_fileglob: '../templates/clients/*.j2'
|
|
|
|
- name: ensure openvpn ca certificate is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/openvpn/server/ca.crt
|
|
mode=0644
|
|
with_fileglob: '{{ inventory_hostname }}_ca.crt'
|
|
- name: ensure openvpn server certificate is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/pki/tls/certs/openvpn.cer
|
|
mode=0644
|
|
with_fileglob: '{{ inventory_hostname }}.cer'
|
|
- name: ensure openvpn server private key is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/pki/tls/private/openvpn.key
|
|
mode=0600
|
|
with_fileglob: '{{ inventory_hostname }}.key'
|
|
- name: ensure openvpn diffie-hellman parameters file is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/openvpn/server/dh2048.pem
|
|
mode=0600
|
|
with_fileglob: '{{ inventory_hostname }}.dh'
|
|
|
|
- name: ensure stunnel openvpn proxy starts at boot
|
|
service:
|
|
name=stunnel@openvpn
|
|
enabled=yes
|
|
- name: ensure stunnel openvpn proxy is running
|
|
service:
|
|
name=stunnel@openvpn
|
|
state=started
|
|
- name: ensure pyrocufflink openvpn server service starts at boot
|
|
service:
|
|
name=openvpn-server@pyrocufflink
|
|
enabled=yes
|
|
- name: ensure pyrocufflink openvpn server service is running
|
|
service:
|
|
name=openvpn-server@pyrocufflink
|
|
state=started
|