add openvpn role
This commit is contained in:
parent
5b55cc1a16
commit
d55f62893d
17
roles/openvpn/defaults/main.yaml
Normal file
17
roles/openvpn/defaults/main.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
openvpn_package_name: openvpn
|
||||||
|
openvpn_package_state: present
|
||||||
|
|
||||||
|
openvpn_service_name: openvpn
|
||||||
|
openvpn_service_state: started
|
||||||
|
openvpn_service_enabled: true
|
||||||
|
|
||||||
|
openvpn_etc_path: /etc/openvpn
|
||||||
|
|
||||||
|
openvpn_config: {}
|
||||||
|
openvpn_dh_params: {}
|
||||||
|
openvpn_static_keys: {}
|
||||||
|
openvpn_private_keys: {}
|
||||||
|
openvpn_certificates: {}
|
||||||
|
|
||||||
|
openvpn_ip_forward: 0
|
5
roles/openvpn/handlers/main.yaml
Normal file
5
roles/openvpn/handlers/main.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: restart openvpn instance
|
||||||
|
service:
|
||||||
|
name: "{{ openvpn_service_name }}@{{ openvpn_instance }}"
|
||||||
|
state: restarted
|
0
roles/openvpn/tasks/default.yaml
Normal file
0
roles/openvpn/tasks/default.yaml
Normal file
76
roles/openvpn/tasks/instances.yaml
Normal file
76
roles/openvpn/tasks/instances.yaml
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
---
|
||||||
|
- set_fact:
|
||||||
|
instance_path: "{{ openvpn_etc_path }}/{{ instance }}"
|
||||||
|
openvpn_instance: "{{ instance }}"
|
||||||
|
|
||||||
|
- name: openvpn static keys
|
||||||
|
copy:
|
||||||
|
dest: "{{ instance_path }}/{{ item.key }}"
|
||||||
|
content: "{{ item.value }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
loop: "{{ openvpn_static_keys[instance] | dict2items }}"
|
||||||
|
no_log: true
|
||||||
|
notify: restart openvpn instance
|
||||||
|
|
||||||
|
- name: openvpn dh params
|
||||||
|
copy:
|
||||||
|
dest: "{{ instance_path }}/{{ item.key }}"
|
||||||
|
content: "{{ item.value }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ openvpn_dh_params[instance] | default({}) | dict2items }}"
|
||||||
|
notify: restart openvpn instance
|
||||||
|
|
||||||
|
- name: openvpn private_keys
|
||||||
|
copy:
|
||||||
|
dest: "{{ instance_path }}/{{ item.key }}"
|
||||||
|
content: "{{ item.value }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
loop: "{{ openvpn_private_keys[instance] | dict2items }}"
|
||||||
|
no_log: true
|
||||||
|
notify: restart openvpn instance
|
||||||
|
|
||||||
|
- name: openvpn certificates
|
||||||
|
copy:
|
||||||
|
dest: "{{ instance_path }}/{{ item.key }}"
|
||||||
|
content: "{{ item.value }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ openvpn_certificates[instance] | dict2items }}"
|
||||||
|
notify: restart openvpn instance
|
||||||
|
|
||||||
|
- name: configure openvpn
|
||||||
|
template:
|
||||||
|
src: openvpn.conf.j2
|
||||||
|
dest: "{{ instance_path }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: restart openvpn instance
|
||||||
|
|
||||||
|
- name: mkdir ccd
|
||||||
|
file:
|
||||||
|
path: "{{ instance_path }}/ccd"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: configure ccd
|
||||||
|
template:
|
||||||
|
src: ccd.j2
|
||||||
|
dest: "{{ instance_path }}/ccd/{{ item.key }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ openvpn_ccd[instance] | default({}) | dict2items }}"
|
||||||
|
notify: restart openvpn instance
|
||||||
|
|
||||||
|
- name: "manage openvpn@{{ instance }} service"
|
||||||
|
service:
|
||||||
|
name: "{{ openvpn_service_name }}@{{ instance }}"
|
||||||
|
state: "{{ openvpn_service_state }}"
|
||||||
|
enabled: "{{ openvpn_service_enabled }}"
|
52
roles/openvpn/tasks/main.yaml
Normal file
52
roles/openvpn/tasks/main.yaml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
- name: gather os specific variables
|
||||||
|
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||||
|
vars:
|
||||||
|
possible_files:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||||
|
- "{{ ansible_distribution }}.yaml"
|
||||||
|
- "{{ ansible_os_family }}.yaml"
|
||||||
|
- "default.yaml"
|
||||||
|
paths:
|
||||||
|
- vars
|
||||||
|
|
||||||
|
- name: include os specific tasks
|
||||||
|
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||||
|
vars:
|
||||||
|
possible_files:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||||
|
- "{{ ansible_distribution }}.yaml"
|
||||||
|
- "{{ ansible_os_family }}.yaml"
|
||||||
|
- "default.yaml"
|
||||||
|
paths:
|
||||||
|
- tasks
|
||||||
|
|
||||||
|
- name: "install {{ openvpn_package_name }}"
|
||||||
|
package:
|
||||||
|
name: "{{ openvpn_package_name }}"
|
||||||
|
state: "{{ openvpn_package_state }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: "manage instances {{ item }}"
|
||||||
|
include: instances.yaml
|
||||||
|
loop: "{{ openvpn_config.keys() | list }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: instance
|
||||||
|
|
||||||
|
- name: configure IPv4 forwarding
|
||||||
|
sysctl:
|
||||||
|
name: net.ipv4.ip_forward
|
||||||
|
value: "{{ openvpn_ip_forward | default(0) }}"
|
||||||
|
sysctl_set: yes
|
||||||
|
state: present
|
||||||
|
reload: yes
|
||||||
|
|
||||||
|
- name: configure IPv6 forwarding
|
||||||
|
sysctl:
|
||||||
|
name: net.ipv6.conf.all.forwarding
|
||||||
|
value: "{{ openvpn_ip_forward | default(0) }}"
|
||||||
|
sysctl_set: yes
|
||||||
|
state: present
|
||||||
|
reload: yes
|
15
roles/openvpn/templates/ccd.j2
Normal file
15
roles/openvpn/templates/ccd.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for k, v in item.value.items() %}
|
||||||
|
{% if v is string %}
|
||||||
|
{{ k }} {{ v }}
|
||||||
|
{% elif v is sequence %}
|
||||||
|
{% for vv in v %}
|
||||||
|
{{ k }} {{ vv | quote if k == "push" else vv }}
|
||||||
|
{% endfor %}
|
||||||
|
{% elif v is not defined %}
|
||||||
|
{{ k }}
|
||||||
|
{% else %}
|
||||||
|
{{ k }} {{ v }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
15
roles/openvpn/templates/openvpn.conf.j2
Normal file
15
roles/openvpn/templates/openvpn.conf.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for k, v in openvpn_config[instance].items() %}
|
||||||
|
{% if v is string %}
|
||||||
|
{{ k }} {{ v }}
|
||||||
|
{% elif v is sequence %}
|
||||||
|
{% for vv in v %}
|
||||||
|
{{ k }} {{ vv | quote if k == "push" else vv }}
|
||||||
|
{% endfor %}
|
||||||
|
{% elif v is not defined %}
|
||||||
|
{{ k }}
|
||||||
|
{% else %}
|
||||||
|
{{ k }} {{ v }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
0
roles/openvpn/vars/default.yaml
Normal file
0
roles/openvpn/vars/default.yaml
Normal file
Loading…
Reference in New Issue
Block a user