From 851b5fa0ad6d8185de8420089c9561dcf68ea933 Mon Sep 17 00:00:00 2001 From: Nis Wechselberg Date: Sat, 21 Jun 2025 22:30:52 +0200 Subject: [PATCH] Fixed var naming Signed-off-by: Nis Wechselberg --- roles/server/defaults/main.yml | 26 ++++++++--------- roles/server/handlers/main.yml | 2 +- roles/server/tasks/main.yml | 26 ++++++++--------- roles/server/templates/ca.crt.j2 | 2 +- roles/server/templates/cert.crt.j2 | 2 +- roles/server/templates/cert.key.j2 | 2 +- roles/server/templates/cert.pwd.j2 | 2 +- roles/server/templates/crl.pem.j2 | 2 +- roles/server/templates/dh2048.pem.j2 | 2 +- roles/server/templates/openvpn_server.conf.j2 | 28 +++++++++---------- roles/server/templates/tls-auth.key.j2 | 2 +- 11 files changed, 48 insertions(+), 48 deletions(-) diff --git a/roles/server/defaults/main.yml b/roles/server/defaults/main.yml index dc483f8..7f081ef 100644 --- a/roles/server/defaults/main.yml +++ b/roles/server/defaults/main.yml @@ -1,15 +1,15 @@ --- -openvpn_server_port: '1194' -openvpn_server_config_name: 'server' -openvpn_server_directory: 'server' -openvpn_server_routes: [] -openvpn_server_client_configs: {} -openvpn_sysctl_settings: {} +server_openvpn_port: '1194' +server_openvpn_config_name: 'server' +server_openvpn_directory: 'server' +server_openvpn_routes: [] +server_openvpn_client_configs: {} +server_openvpn_sysctl_settings: {} -openvpn_server_ca: '{{ openvpn_server_directory }}/ca.crt' -openvpn_server_cert: '{{ openvpn_server_directory }}/cert.crt' -openvpn_server_key: '{{ openvpn_server_directory }}/cert.key' -openvpn_server_passfile: '{{ openvpn_server_directory }}/cert.pwd' -openvpn_server_crl: '{{ openvpn_server_directory }}/crl.pem' -openvpn_server_dhfile: '{{ openvpn_server_directory }}/dh2048.pem' -openvpn_server_tlsauth: '{{ openvpn_server_directory }}/tls-auth.key' +server_openvpn_ca: '{{ server_openvpn_directory }}/ca.crt' +server_openvpn_cert: '{{ server_openvpn_directory }}/cert.crt' +server_openvpn_key: '{{ server_openvpn_directory }}/cert.key' +server_openvpn_passfile: '{{ server_openvpn_directory }}/cert.pwd' +server_openvpn_crl: '{{ server_openvpn_directory }}/crl.pem' +server_openvpn_dhfile: '{{ server_openvpn_directory }}/dh2048.pem' +server_openvpn_tlsauth: '{{ server_openvpn_directory }}/tls-auth.key' diff --git a/roles/server/handlers/main.yml b/roles/server/handlers/main.yml index 96b8542..e2c8652 100644 --- a/roles/server/handlers/main.yml +++ b/roles/server/handlers/main.yml @@ -7,5 +7,5 @@ - name: 'Restart openvpn server' become: true ansible.builtin.service: - name: 'openvpn@{{ openvpn_server_config_name }}' + name: 'openvpn@{{ server_openvpn_config_name }}' state: 'restarted' diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index fbf6b58..d378ab5 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -32,8 +32,8 @@ group: 'root' mode: 'u=rwx,g=rx,o=rx' loop: - - '/etc/openvpn/{{ openvpn_server_directory }}' - - '/etc/openvpn/{{ openvpn_server_directory }}/ccd' + - '/etc/openvpn/{{ server_openvpn_directory }}' + - '/etc/openvpn/{{ server_openvpn_directory }}/ccd' - name: 'Deploy config files' become: true @@ -45,25 +45,25 @@ mode: '{{ item.mode }}' loop: - src: 'ca.crt.j2' - dest: '/etc/openvpn/{{ openvpn_server_ca }}' + dest: '/etc/openvpn/{{ server_openvpn_ca }}' mode: 'u=rw,g=r,o=r' - src: 'cert.crt.j2' - dest: '/etc/openvpn/{{ openvpn_server_cert }}' + dest: '/etc/openvpn/{{ server_openvpn_cert }}' mode: 'u=rw,g=r,o=r' - src: 'cert.key.j2' - dest: '/etc/openvpn/{{ openvpn_server_key }}' + dest: '/etc/openvpn/{{ server_openvpn_key }}' mode: 'u=rw,g=,o=' - src: 'cert.pwd.j2' - dest: '/etc/openvpn/{{ openvpn_server_passfile }}' + dest: '/etc/openvpn/{{ server_openvpn_passfile }}' mode: 'u=rw,g=,o=' - src: 'crl.pem.j2' - dest: '/etc/openvpn/{{ openvpn_server_crl }}' + dest: '/etc/openvpn/{{ server_openvpn_crl }}' mode: 'u=rw,g=r,o=r' - src: 'tls-auth.key.j2' - dest: '/etc/openvpn/{{ openvpn_server_tlsauth }}' + dest: '/etc/openvpn/{{ server_openvpn_tlsauth }}' mode: 'u=rw,g=,o=' - src: 'dh2048.pem.j2' - dest: '/etc/openvpn/{{ openvpn_server_dhfile }}' + dest: '/etc/openvpn/{{ server_openvpn_dhfile }}' mode: 'u=rw,g=r,o=r' notify: 'Restart openvpn server' @@ -71,18 +71,18 @@ become: true ansible.builtin.template: src: 'ccd.j2' - dest: '/etc/openvpn/{{ openvpn_server_directory }}/ccd/{{ item.key }}' + dest: '/etc/openvpn/{{ server_openvpn_directory }}/ccd/{{ item.key }}' owner: 'root' group: 'root' mode: 'u=rw,g=r,o=r' - loop: '{{ openvpn_server_client_configs | dict2items }}' + loop: '{{ server_openvpn_client_configs | dict2items }}' notify: 'Restart openvpn server' - name: 'Deploy server config' become: true ansible.builtin.template: src: 'openvpn_server.conf.j2' - dest: '/etc/openvpn/{{ openvpn_server_config_name }}.conf' + dest: '/etc/openvpn/{{ server_openvpn_config_name }}.conf' owner: 'root' group: 'root' mode: 'u=rw,g=r,o=r' @@ -95,5 +95,5 @@ ansible.posix.sysctl: name: '{{ item.key }}' value: '{{ item.value }}' - loop: '{{ openvpn_sysctl_settings | dict2items }}' + loop: '{{ server_openvpn_sysctl_settings | dict2items }}' notify: 'Restart openvpn server' diff --git a/roles/server/templates/ca.crt.j2 b/roles/server/templates/ca.crt.j2 index 0850aad..e24d211 100644 --- a/roles/server/templates/ca.crt.j2 +++ b/roles/server/templates/ca.crt.j2 @@ -1 +1 @@ -{{ openvpn_server_ca_content }} +{{ server_openvpn_ca_content }} diff --git a/roles/server/templates/cert.crt.j2 b/roles/server/templates/cert.crt.j2 index c5d8917..43e83af 100644 --- a/roles/server/templates/cert.crt.j2 +++ b/roles/server/templates/cert.crt.j2 @@ -1 +1 @@ -{{ openvpn_server_cert_content }} +{{ server_openvpn_cert_content }} diff --git a/roles/server/templates/cert.key.j2 b/roles/server/templates/cert.key.j2 index 10e9f95..bd1a0ef 100644 --- a/roles/server/templates/cert.key.j2 +++ b/roles/server/templates/cert.key.j2 @@ -1 +1 @@ -{{ openvpn_server_key_content }} +{{ server_openvpn_key_content }} diff --git a/roles/server/templates/cert.pwd.j2 b/roles/server/templates/cert.pwd.j2 index 8a39604..0b90879 100644 --- a/roles/server/templates/cert.pwd.j2 +++ b/roles/server/templates/cert.pwd.j2 @@ -1 +1 @@ -{{ openvpn_server_askpass_content }} +{{ server_openvpn_askpass_content }} diff --git a/roles/server/templates/crl.pem.j2 b/roles/server/templates/crl.pem.j2 index 07e06de..af9ecdf 100644 --- a/roles/server/templates/crl.pem.j2 +++ b/roles/server/templates/crl.pem.j2 @@ -1 +1 @@ -{{ openvpn_server_crl_content }} +{{ server_openvpn_crl_content }} diff --git a/roles/server/templates/dh2048.pem.j2 b/roles/server/templates/dh2048.pem.j2 index cc6e520..a24248f 100644 --- a/roles/server/templates/dh2048.pem.j2 +++ b/roles/server/templates/dh2048.pem.j2 @@ -1 +1 @@ -{{ openvpn_server_dh_content }} +{{ server_openvpn_dh_content }} diff --git a/roles/server/templates/openvpn_server.conf.j2 b/roles/server/templates/openvpn_server.conf.j2 index 6ddfb02..b5cb4c4 100644 --- a/roles/server/templates/openvpn_server.conf.j2 +++ b/roles/server/templates/openvpn_server.conf.j2 @@ -18,7 +18,7 @@ proto udp6 topology subnet # Which TCP/UDP port should OpenVPN listen on? -port {{ openvpn_server_port }} +port {{ server_openvpn_port }} # "dev tun" will create a routed IP tunnel, "dev tap" will create an # ethernet tunnel @@ -28,19 +28,19 @@ dev tun comp-lzo # Maintain a record of client virtual IP address associations in this file. -ifconfig-pool-persist {{ openvpn_server_directory }}/ipp.txt +ifconfig-pool-persist {{ server_openvpn_directory }}/ipp.txt # Output a short status file showing current connections, truncated # and rewritten every minute. -status {{ openvpn_server_directory }}/openvpn-status.log +status {{ server_openvpn_directory }}/openvpn-status.log # Configure server mode and supply a VPN subnet for OpenVPN to draw client # addresses from. The server will take subnet ip .1 for itself, the rest will # be made available to clients. -server {{ openvpn_server_ipv4_pool }} {{ openvpn_server_ipv4_subnet }} -server-ipv6 {{ openvpn_server_ipv6 }} +server {{ server_openvpn_ipv4_pool }} {{ server_openvpn_ipv4_subnet }} +server-ipv6 {{ server_openvpn_ipv6 }} -{% for route in openvpn_server_routes %} +{% for route in server_openvpn_routes %} route {{route.network }} {{ route.subnet }} {% endfor %} @@ -58,7 +58,7 @@ persist-key persist-tun # Allow client specific configurations -client-config-dir {{ openvpn_server_directory }}/ccd +client-config-dir {{ server_openvpn_directory }}/ccd # Set the appropriate level of log # file verbosity. @@ -78,25 +78,25 @@ verb 4 ## ## ## ## ## ## ## ## ## ## ## ## ###### ######## ###### ####### ## ## #### ## ## # SSL/TLS root certificate (ca), certificate (cert), and private key (key) -ca {{ openvpn_server_ca }} -cert {{ openvpn_server_cert }} -key {{ openvpn_server_key }} +ca {{ server_openvpn_ca }} +cert {{ server_openvpn_cert }} +key {{ server_openvpn_key }} # Password for certificate provided in separate file -askpass {{ openvpn_server_passfile }} +askpass {{ server_openvpn_passfile }} auth-nocache # Verify against revoked certificates -crl-verify {{ openvpn_server_crl }} +crl-verify {{ server_openvpn_crl }} # Diffie hellman parameters -dh {{ openvpn_server_dhfile }} +dh {{ server_openvpn_dhfile }} # For extra security beyond that provided by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # The server and each client must have a copy of this key. # The second parameter should be '0' on the server and '1' on the clients. -tls-auth {{ openvpn_server_tlsauth }} 0 +tls-auth {{ server_openvpn_tlsauth }} 0 # Select a cryptographic cipher cipher AES-256-CBC diff --git a/roles/server/templates/tls-auth.key.j2 b/roles/server/templates/tls-auth.key.j2 index f7d7c02..28b8d46 100644 --- a/roles/server/templates/tls-auth.key.j2 +++ b/roles/server/templates/tls-auth.key.j2 @@ -1 +1 @@ -{{ openvpn_server_tlsauth_content }} +{{ server_openvpn_tlsauth_content }}