Nis Wechselberg
b65650d733
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
102 lines
2.9 KiB
YAML
102 lines
2.9 KiB
YAML
---
|
|
- name: 'Install the official package repository for OpenVPN'
|
|
block:
|
|
- name: 'Add the signing key'
|
|
become: true
|
|
ansible.builtin.get_url:
|
|
url: 'https://swupdate.openvpn.net/repos/repo-public.gpg'
|
|
dest: '{{ server_openvpn_signing_file }}'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
- name: 'Add the actual repo'
|
|
become: true
|
|
ansible.builtin.apt_repository:
|
|
repo: '{{ server_openvpn_source_line }}'
|
|
state: 'present'
|
|
|
|
- name: 'Install server software and kernel module'
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: '{{ item }}'
|
|
update_cache: true
|
|
state: 'present'
|
|
loop:
|
|
- 'openvpn'
|
|
- 'openvpn-dco-dkms'
|
|
|
|
- name: 'Prepare the folder for vpn server files'
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: '{{ item }}'
|
|
state: 'directory'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
loop:
|
|
- '/etc/openvpn/{{ server_openvpn_directory }}'
|
|
- '/etc/openvpn/{{ server_openvpn_directory }}/ccd'
|
|
|
|
- name: 'Deploy config files'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: '{{ item.mode }}'
|
|
loop:
|
|
- src: 'ca.crt.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_ca }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
- src: 'cert.crt.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_cert }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
- src: 'cert.key.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_key }}'
|
|
mode: 'u=rw,g=,o='
|
|
- src: 'cert.pwd.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_passfile }}'
|
|
mode: 'u=rw,g=,o='
|
|
- src: 'crl.pem.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_crl }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
- src: 'tls-auth.key.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_tlsauth }}'
|
|
mode: 'u=rw,g=,o='
|
|
- src: 'dh2048.pem.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_dhfile }}'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Restart openvpn server'
|
|
|
|
- name: 'Deploy client specific config'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'ccd.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_directory }}/ccd/{{ item.key }}'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
loop: '{{ server_openvpn_client_configs | dict2items }}'
|
|
notify: 'Restart openvpn server'
|
|
|
|
- name: 'Deploy server config'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'openvpn_server.conf.j2'
|
|
dest: '/etc/openvpn/{{ server_openvpn_config_name }}.conf'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify:
|
|
- 'Reload openvpn services'
|
|
- 'Restart openvpn server'
|
|
|
|
- name: 'Configure ip forwarding to allow external communication throught the vpn'
|
|
become: true
|
|
ansible.posix.sysctl:
|
|
name: '{{ item.key }}'
|
|
value: '{{ item.value }}'
|
|
loop: '{{ server_openvpn_sysctl_settings | dict2items }}'
|
|
notify: 'Restart openvpn server'
|