fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
766 Commits
1 Branch
0 Tags
7.5 MiB
 
 
 
 
 
 
Tag: Branch: Tree: c8fe1a2671
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8fe1a2671'
${ noResults }
ansible-roles/roles/openvpn/tasks/main.yml

93 lines
3.2 KiB
Raw Blame History

---
- name: Build config for OpenVPN tunnels
set_fact: ovpn_daemons_conf={{ ovpn_daemons_conf | default([]) + [ovpn_daemon_defaults | combine(item)] }}
loop: "{{ ovpn_daemons }}"
tags: ovpn
- set_fact: ovpn_daemons={{ ovpn_daemons_conf | default([]) }}
tags: ovpn
- name: Install OpenVPN
package:
name:
- openvpn
tags: ovpn
- name: Deploy OpenVPN service template
template: src=openvpn@.service.j2 dest=/etc/systemd/system/openvpn@.service
register: ovpn_service_template
notify: restart all openvpn
tags: ovpn
- name: Reload systemd
systemd: daemon_reload=True
when: ovpn_service_template.changed
tags: ovpn
- name: Deploy daemons configuration
template: src=openvpn.conf.j2 dest=/etc/openvpn/{{ item.name }}.conf mode=640
loop: "{{ ovpn_daemons }}"
when: item.enabled
register: ovpn_daemons_mod
notify: restart openvpn
tags: ovpn
- name: Create DH params
command: openssl dhparam /etc/openvpn/{{ item.iname}}.dh 2048
args:
creates: /etc/openvpn/{{ item.name }}.dh
loop: "{{ ovpn_daemons }}"
when:
- item.type == 'server'
- item.enabled
- item.auth == 'cert'
tags: ovpn
- name: Build a list of UDP ports
set_fact: ovpn_udp_ports={{ ovpn_daemons | selectattr('enabled','equalto', True) | selectattr('proto','equalto','udp') | selectattr('type','equalto','server') | map(attribute='port') | list }}
tags: ovpn
- name: Build a list of TCP ports
set_fact: ovpn_tcp_ports={{ ovpn_daemons | selectattr('enabled','equalto', True) | selectattr('proto','equalto','tcp') | selectattr('type','equalto','server') | map(attribute='port') | list }}
tags: ovpn
- name: Handle OpenVPN UDP ports
iptables_raw:
name: ovpn_udp_ports
state: "{{ (ovpn_udp_ports | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state new -p udp -m multiport --dports {{ ovpn_udp_ports | join(',') }} -s {{ ovpn_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: ovpn
- name: Handle OpenVPN TCP ports
iptables_raw:
name: ovpn_tcp_ports
state: "{{ (ovpn_tcp_ports | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state new -p tcp -m multiport --dports {{ ovpn_tcp_ports | join(',') }} -s {{ ovpn_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: ovpn
- name: Handle daemons status
service: name=openvpn@{{ item.name }} state={{ (item.enabled) | ternary('started','stopped') }} enabled={{ (item.enabled) | ternary(True,False) }}
loop: "{{ ovpn_daemons }}"
tags: ovpn
- name: List managed daemons ID
set_fact: ovpn_managed_id={{ ovpn_daemons | map(attribute='name') | list }}
tags: ovpn
- name: List existing conf
shell: find /etc/openvpn -maxdepth 1 -mindepth 1 -type f -name \*.conf -exec basename "{}" \; | sed s/\.conf//
register: ovpn_existing_conf
changed_when: False
tags: ovpn
- name: Disable unmanaged services
service: name=openvpn@{{ item }} state=stopped enabled=False
loop: "{{ ovpn_existing_conf.stdout_lines | difference(ovpn_managed_id) }}"
tags: ovpn
- name: Remove unmanaged conf
file: path=/etc/openvpn/{{ item }}.conf state=absent
loop: "{{ ovpn_existing_conf.stdout_lines | difference(ovpn_managed_id) }}"
tags: ovpn