Add variable for server key/cert/ca

defaults/main.yml

@@ -30,6 +30,11 @@ openvpn_keydir: "{{ openvpn_etcdir }}/keys"
 # README. Then you can simply point this variable to the pki folder of the
 # easyrsa installation and all keys/certificates will be located fine.
 # }}}
+
+openvpn_ca_certs_file: '{{ openvpn_keydir }}/ca.crt'
+openvpn_server_cert_file: '{{ openvpn_keydir }}/issued/server.crt'
+openvpn_server_key_file: '{{ openvpn_keydir }}/private/server.key'
+
 # Server configuration {{{
 # Default settings (See OpenVPN documentation)
 openvpn_host: "{{ inventory_hostname }}"

tasks/core/clients.yml

@@ -14,7 +14,7 @@
       {{ openvpn_keydir }}/issued/{{ item }}.crt
       {{ openvpn_keydir }}/private/{{ item }}.key
       {{ item }}.ovpn
-      {{ openvpn_keydir }}/ca.crt
+      {{ openvpn_ca_certs_file }}
       {{ openvpn_tls_key if openvpn_tls_auth else '' }}
   loop: "{{ openvpn_clients }}"
   loop_control:

tasks/core/read-client-files.yml

@@ -1,6 +1,6 @@
 ---
 - name: Read CA file
-  command: cat "{{ openvpn_keydir }}/ca.crt"
+  command: cat "{{ openvpn_ca_certs_file }}"
   no_log: true
   register: openvpn_read_ca_file_results
   changed_when: false

templates/server.conf.j2

@@ -42,9 +42,9 @@ dev {{ openvpn_dev }}
 #
 # Any X509 key management system can be used. OpenVPN can also use a PKCS #12
 # formatted key file (see "pkcs12" directive in man page).
-ca {{ openvpn_keydir }}/ca.crt
-cert {{ openvpn_keydir }}/issued/server.crt
-key {{ openvpn_keydir }}/private/server.key  # This file should be kept secret
+ca {{ openvpn_ca_certs_file }}
+cert {{ openvpn_server_cert_file }}
+key {{ openvpn_server_key_file }}  # This file should be kept secret
 
 # Diffie hellman parameters. Generate your own with: openssl dhparam -out
 # dh1024.pem 1024 Substitute 2048 for 1024 if you are using 2048 bit keys.