forked from Stouts/Stouts.openvpn
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfigure.yml
61 lines (53 loc) · 1.39 KB
/
configure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
- name: Setup PAM
template:
src: openvpn.pam.j2
dest: /etc/pam.d/openvpn
when: openvpn_use_pam | bool
- name: Configure users
htpasswd:
path: "{{ openvpn_etcdir }}/users"
name: "{{ item.name }}"
password: "{{ item.password }}"
crypt_scheme: des_crypt
loop: "{{ openvpn_use_pam_users }}"
- name: Setup LDAP
template:
src: auth-ldap.conf.j2
dest: /etc/openvpn/auth-ldap.conf
when: openvpn_use_ldap | bool
- name: Setup simple authentication
template:
src: auth-client.sh.j2
dest: "{{ openvpn_etcdir }}/auth-client.sh"
mode: 0o755
when:
- openvpn_simple_auth | bool
- openvpn_simple_auth_password | bool
notify: openvpn restart
- name: Configure server
template:
src: server.conf.j2
dest: "{{ openvpn_etcdir }}/server.conf"
notify: openvpn restart
- name: Ensure openvpn key dir has the right permission
file:
path: "{{ openvpn_keydir }}"
state: directory
mode: 0o700
owner: "{{ openvpn_user }}"
- name: Set IPv4 forwarding in the sysctl file and reload if necessary
sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: true
state: present
reload: true
- name: Set IPv6 forwarding in the sysctl file and reload if necessary
sysctl:
name: net.ipv6.conf.all.forwarding
value: '1'
sysctl_set: true
state: present
reload: true
when: openvpn_ipv6_server is defined