Coding/ansible-collection-openvpn
1
0
Fork 0
Code Activity

Fixed var naming
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse source 
Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
This commit is contained in:
Nis Wechselberg 2025-06-21 22:30:52 +02:00
parent 6e8d01203a
commit 851b5fa0ad
Signed by: enbewe
GPG key ID: 7B25171F921B9E57
11 changed files with 48 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

26
roles/server/defaults/main.yml
View file

@ -1,15 +1,15 @@
--- ---
openvpn_server_port: '1194' server_openvpn_port: '1194'
openvpn_server_config_name: 'server' server_openvpn_config_name: 'server'
openvpn_server_directory: 'server' server_openvpn_directory: 'server'
openvpn_server_routes: [] server_openvpn_routes: []
openvpn_server_client_configs: {} server_openvpn_client_configs: {}
openvpn_sysctl_settings: {} server_openvpn_sysctl_settings: {}
openvpn_server_ca: '{{ openvpn_server_directory }}/ca.crt' server_openvpn_ca: '{{ server_openvpn_directory }}/ca.crt'
openvpn_server_cert: '{{ openvpn_server_directory }}/cert.crt' server_openvpn_cert: '{{ server_openvpn_directory }}/cert.crt'
openvpn_server_key: '{{ openvpn_server_directory }}/cert.key' server_openvpn_key: '{{ server_openvpn_directory }}/cert.key'
openvpn_server_passfile: '{{ openvpn_server_directory }}/cert.pwd' server_openvpn_passfile: '{{ server_openvpn_directory }}/cert.pwd'
openvpn_server_crl: '{{ openvpn_server_directory }}/crl.pem' server_openvpn_crl: '{{ server_openvpn_directory }}/crl.pem'
openvpn_server_dhfile: '{{ openvpn_server_directory }}/dh2048.pem' server_openvpn_dhfile: '{{ server_openvpn_directory }}/dh2048.pem'
openvpn_server_tlsauth: '{{ openvpn_server_directory }}/tls-auth.key' server_openvpn_tlsauth: '{{ server_openvpn_directory }}/tls-auth.key'

2
roles/server/handlers/main.yml
View file

@ -7,5 +7,5 @@
- name: 'Restart openvpn server' - name: 'Restart openvpn server'
become: true become: true
ansible.builtin.service: ansible.builtin.service:
name: 'openvpn@{{ openvpn_server_config_name }}' name: 'openvpn@{{ server_openvpn_config_name }}'
state: 'restarted' state: 'restarted'

26
roles/server/tasks/main.yml
View file

@ -32,8 +32,8 @@
group: 'root' group: 'root'
mode: 'u=rwx,g=rx,o=rx' mode: 'u=rwx,g=rx,o=rx'
loop: loop:
- '/etc/openvpn/{{ openvpn_server_directory }}' - '/etc/openvpn/{{ server_openvpn_directory }}'
- '/etc/openvpn/{{ openvpn_server_directory }}/ccd' - '/etc/openvpn/{{ server_openvpn_directory }}/ccd'
- name: 'Deploy config files' - name: 'Deploy config files'
become: true become: true
@ -45,25 +45,25 @@
mode: '{{ item.mode }}' mode: '{{ item.mode }}'
loop: loop:
- src: 'ca.crt.j2' - src: 'ca.crt.j2'
dest: '/etc/openvpn/{{ openvpn_server_ca }}' dest: '/etc/openvpn/{{ server_openvpn_ca }}'
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
- src: 'cert.crt.j2' - src: 'cert.crt.j2'
dest: '/etc/openvpn/{{ openvpn_server_cert }}' dest: '/etc/openvpn/{{ server_openvpn_cert }}'
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
- src: 'cert.key.j2' - src: 'cert.key.j2'
dest: '/etc/openvpn/{{ openvpn_server_key }}' dest: '/etc/openvpn/{{ server_openvpn_key }}'
mode: 'u=rw,g=,o=' mode: 'u=rw,g=,o='
- src: 'cert.pwd.j2' - src: 'cert.pwd.j2'
dest: '/etc/openvpn/{{ openvpn_server_passfile }}' dest: '/etc/openvpn/{{ server_openvpn_passfile }}'
mode: 'u=rw,g=,o=' mode: 'u=rw,g=,o='
- src: 'crl.pem.j2' - src: 'crl.pem.j2'
dest: '/etc/openvpn/{{ openvpn_server_crl }}' dest: '/etc/openvpn/{{ server_openvpn_crl }}'
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
- src: 'tls-auth.key.j2' - src: 'tls-auth.key.j2'
dest: '/etc/openvpn/{{ openvpn_server_tlsauth }}' dest: '/etc/openvpn/{{ server_openvpn_tlsauth }}'
mode: 'u=rw,g=,o=' mode: 'u=rw,g=,o='
- src: 'dh2048.pem.j2' - src: 'dh2048.pem.j2'
dest: '/etc/openvpn/{{ openvpn_server_dhfile }}' dest: '/etc/openvpn/{{ server_openvpn_dhfile }}'
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: 'Restart openvpn server' notify: 'Restart openvpn server'
@ -71,18 +71,18 @@
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'ccd.j2' src: 'ccd.j2'
dest: '/etc/openvpn/{{ openvpn_server_directory }}/ccd/{{ item.key }}' dest: '/etc/openvpn/{{ server_openvpn_directory }}/ccd/{{ item.key }}'
owner: 'root' owner: 'root'
group: 'root' group: 'root'
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
loop: '{{ openvpn_server_client_configs | dict2items }}' loop: '{{ server_openvpn_client_configs | dict2items }}'
notify: 'Restart openvpn server' notify: 'Restart openvpn server'
- name: 'Deploy server config' - name: 'Deploy server config'
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'openvpn_server.conf.j2' src: 'openvpn_server.conf.j2'
dest: '/etc/openvpn/{{ openvpn_server_config_name }}.conf' dest: '/etc/openvpn/{{ server_openvpn_config_name }}.conf'
owner: 'root' owner: 'root'
group: 'root' group: 'root'
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
@ -95,5 +95,5 @@
ansible.posix.sysctl: ansible.posix.sysctl:
name: '{{ item.key }}' name: '{{ item.key }}'
value: '{{ item.value }}' value: '{{ item.value }}'
loop: '{{ openvpn_sysctl_settings | dict2items }}' loop: '{{ server_openvpn_sysctl_settings | dict2items }}'
notify: 'Restart openvpn server' notify: 'Restart openvpn server'

2
roles/server/templates/ca.crt.j2
View file

@ -1 +1 @@
{{ openvpn_server_ca_content }} {{ server_openvpn_ca_content }}

2
roles/server/templates/cert.crt.j2
View file

@ -1 +1 @@
{{ openvpn_server_cert_content }} {{ server_openvpn_cert_content }}

2
roles/server/templates/cert.key.j2
View file

@ -1 +1 @@
{{ openvpn_server_key_content }} {{ server_openvpn_key_content }}

2
roles/server/templates/cert.pwd.j2
View file

@ -1 +1 @@
{{ openvpn_server_askpass_content }} {{ server_openvpn_askpass_content }}

2
roles/server/templates/crl.pem.j2
View file

@ -1 +1 @@
{{ openvpn_server_crl_content }} {{ server_openvpn_crl_content }}

2
roles/server/templates/dh2048.pem.j2
View file

@ -1 +1 @@
{{ openvpn_server_dh_content }} {{ server_openvpn_dh_content }}

28
roles/server/templates/openvpn_server.conf.j2
View file

@ -18,7 +18,7 @@ proto udp6
topology subnet topology subnet
# Which TCP/UDP port should OpenVPN listen on? # Which TCP/UDP port should OpenVPN listen on?
port {{ openvpn_server_port }} port {{ server_openvpn_port }}
# "dev tun" will create a routed IP tunnel, "dev tap" will create an # "dev tun" will create a routed IP tunnel, "dev tap" will create an
# ethernet tunnel # ethernet tunnel
@ -28,19 +28,19 @@ dev tun
comp-lzo comp-lzo
# Maintain a record of client virtual IP address associations in this file. # Maintain a record of client virtual IP address associations in this file.
ifconfig-pool-persist {{ openvpn_server_directory }}/ipp.txt ifconfig-pool-persist {{ server_openvpn_directory }}/ipp.txt
# Output a short status file showing current connections, truncated # Output a short status file showing current connections, truncated
# and rewritten every minute. # and rewritten every minute.
status {{ openvpn_server_directory }}/openvpn-status.log status {{ server_openvpn_directory }}/openvpn-status.log
# Configure server mode and supply a VPN subnet for OpenVPN to draw client # Configure server mode and supply a VPN subnet for OpenVPN to draw client
# addresses from. The server will take subnet ip .1 for itself, the rest will # addresses from. The server will take subnet ip .1 for itself, the rest will
# be made available to clients. # be made available to clients.
server {{ openvpn_server_ipv4_pool }} {{ openvpn_server_ipv4_subnet }} server {{ server_openvpn_ipv4_pool }} {{ server_openvpn_ipv4_subnet }}
server-ipv6 {{ openvpn_server_ipv6 }} server-ipv6 {{ server_openvpn_ipv6 }}
{% for route in openvpn_server_routes %} {% for route in server_openvpn_routes %}
route {{route.network }} {{ route.subnet }} route {{route.network }} {{ route.subnet }}
{% endfor %} {% endfor %}
@ -58,7 +58,7 @@ persist-key
persist-tun persist-tun
# Allow client specific configurations # Allow client specific configurations
client-config-dir {{ openvpn_server_directory }}/ccd client-config-dir {{ server_openvpn_directory }}/ccd
# Set the appropriate level of log # Set the appropriate level of log
# file verbosity. # file verbosity.
@ -78,25 +78,25 @@ verb 4
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
###### ######## ###### ####### ## ## #### ## ## ###### ######## ###### ####### ## ## #### ## ##
# SSL/TLS root certificate (ca), certificate (cert), and private key (key) # SSL/TLS root certificate (ca), certificate (cert), and private key (key)
ca {{ openvpn_server_ca }} ca {{ server_openvpn_ca }}
cert {{ openvpn_server_cert }} cert {{ server_openvpn_cert }}
key {{ openvpn_server_key }} key {{ server_openvpn_key }}
# Password for certificate provided in separate file # Password for certificate provided in separate file
askpass {{ openvpn_server_passfile }} askpass {{ server_openvpn_passfile }}
auth-nocache auth-nocache
# Verify against revoked certificates # Verify against revoked certificates
crl-verify {{ openvpn_server_crl }} crl-verify {{ server_openvpn_crl }}
# Diffie hellman parameters # Diffie hellman parameters
dh {{ openvpn_server_dhfile }} dh {{ server_openvpn_dhfile }}
# For extra security beyond that provided by SSL/TLS, create an "HMAC firewall" # For extra security beyond that provided by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding. # to help block DoS attacks and UDP port flooding.
# The server and each client must have a copy of this key. # The server and each client must have a copy of this key.
# The second parameter should be '0' on the server and '1' on the clients. # The second parameter should be '0' on the server and '1' on the clients.
tls-auth {{ openvpn_server_tlsauth }} 0 tls-auth {{ server_openvpn_tlsauth }} 0
# Select a cryptographic cipher # Select a cryptographic cipher
cipher AES-256-CBC cipher AES-256-CBC

2
roles/server/templates/tls-auth.key.j2
View file

@ -1 +1 @@
{{ openvpn_server_tlsauth_content }} {{ server_openvpn_tlsauth_content }}