Nis Wechselberg
6e8d01203a
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
99 lines
2.9 KiB
YAML
99 lines
2.9 KiB
YAML
---
|
|
- name: 'Install the official package repository for OpenVPN'
|
|
block:
|
|
- name: 'Add the signing key'
|
|
become: true
|
|
ansible.builtin.get_url:
|
|
url: 'https://swupdate.openvpn.net/repos/repo-public.gpg'
|
|
dest: '/etc/apt/keyrings/openvpn-repo-public.asc'
|
|
|
|
- name: 'Add the actual repo'
|
|
become: true
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/openvpn-repo-public.asc] https://build.openvpn.net/debian/openvpn/stable {{ ansible_distribution_release }} main"
|
|
state: present
|
|
|
|
- name: 'Install server software and kernel module'
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: '{{ item }}'
|
|
update_cache: true
|
|
state: 'present'
|
|
loop:
|
|
- 'openvpn'
|
|
- 'openvpn-dco-dkms'
|
|
|
|
- name: 'Prepare the folder for vpn server files'
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: '{{ item }}'
|
|
state: 'directory'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
loop:
|
|
- '/etc/openvpn/{{ openvpn_server_directory }}'
|
|
- '/etc/openvpn/{{ openvpn_server_directory }}/ccd'
|
|
|
|
- name: 'Deploy config files'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: '{{ item.mode }}'
|
|
loop:
|
|
- src: 'ca.crt.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_ca }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
- src: 'cert.crt.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_cert }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
- src: 'cert.key.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_key }}'
|
|
mode: 'u=rw,g=,o='
|
|
- src: 'cert.pwd.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_passfile }}'
|
|
mode: 'u=rw,g=,o='
|
|
- src: 'crl.pem.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_crl }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
- src: 'tls-auth.key.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_tlsauth }}'
|
|
mode: 'u=rw,g=,o='
|
|
- src: 'dh2048.pem.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_dhfile }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Restart openvpn server'
|
|
|
|
- name: 'Deploy client specific config'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'ccd.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_directory }}/ccd/{{ item.key }}'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
loop: '{{ openvpn_server_client_configs | dict2items }}'
|
|
notify: 'Restart openvpn server'
|
|
|
|
- name: 'Deploy server config'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'openvpn_server.conf.j2'
|
|
dest: '/etc/openvpn/{{ openvpn_server_config_name }}.conf'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify:
|
|
- 'Reload openvpn services'
|
|
- 'Restart openvpn server'
|
|
|
|
- name: 'Configure ip forwarding to allow external communication throught the vpn'
|
|
become: true
|
|
ansible.posix.sysctl:
|
|
name: '{{ item.key }}'
|
|
value: '{{ item.value }}'
|
|
loop: '{{ openvpn_sysctl_settings | dict2items }}'
|
|
notify: 'Restart openvpn server'
|