Allow changing config filename and client config dir

Stouts · Nov 18, 2020 · cc5ac42 · cc5ac42
1 parent 32125cb
commit cc5ac42
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 9 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -208,6 +208,12 @@ openvpn_script_output_directories: []
 # A path on the OpenVPN server where OpenVPN scripts should be uploaded to.
 openvpn_scripts_dir: "{{ openvpn_etcdir }}/scripts/"
 
+# In some distros, the server with `foobar.conf` config file can be managed
+# using `openvpn@foobar` service
+openvpn_config_file: "{{ openvpn_etcdir }}/server.conf"
+
+openvpn_client_config_dir: "{{ openvpn_client_config_dir }}"
+
 # A list of files located on the Ansible controller that the role should upload.
 # The scripts will be uploaded under `openvpn_scripts_dir`. You can reference
 # them in `openvpn_server_options` for the OpenVPN configuration option you

diff --git a/tasks/authentication/tls.yml b/tasks/authentication/tls.yml
@@ -2,7 +2,7 @@
 
 - name: Generate tls-auth key
   command:
-    openvpn --genkey --secret "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}"
+    openvpn --genkey --secret "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}"
   args:
-    creates: "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}"
+    creates: "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}"
   when: openvpn_tls_auth
diff --git a/tasks/core/clients.yml b/tasks/core/clients.yml
@@ -3,7 +3,7 @@
 - name: Generate client configurations
   template:
     src: "{{ openvpn_client_conf_template }}"
-    dest: "{{ openvpn_etcdir }}/ovpns/{{ item }}.ovpn"
+    dest: "{{ openvpn_client_config_dir }}/{{ item }}.ovpn"
   loop: "{{ openvpn_clients }}"
   register: openvpn_clients_changed
 
@@ -20,12 +20,12 @@
   loop_control:
     index_var: index
   args:
-    chdir: "{{ openvpn_etcdir }}/ovpns/"
+    chdir: "{{ openvpn_client_config_dir }}"
   when: openvpn_clients_changed.results[index] is changed
 
 - name: Download client credentials
   fetch:
-    src: "{{ openvpn_etcdir }}/ovpns/{{ item }}.zip"
+    src: "{{ openvpn_client_config_dir }}/{{ item }}.zip"
     dest: "{{ openvpn_download_dir }}"
     flat: true
     validate_checksum: true

diff --git a/tasks/core/configure.yml b/tasks/core/configure.yml
@@ -15,13 +15,13 @@
 - name: Configure server
   template:
     src: server.conf.j2
-    dest: "{{ openvpn_etcdir }}/server.conf"
+    dest: "{{ openvpn_config_file }}"
   notify: openvpn restart
 
 # Needed by both tls-authentication tasks and client-configuration tasks. Placed
 # here to avoid repeating it twice in both places where the tls and
 # client-config tasks are located.
 - name: Create client configuration directory
   file:
-    path: "{{ openvpn_etcdir }}/ovpns"
+    path: "{{ openvpn_client_config_dir }}"
     state: directory
diff --git a/tasks/core/read-client-files.yml b/tasks/core/read-client-files.yml
@@ -7,7 +7,7 @@
 
 - name: Read TLS-auth key
   slurp:
-    src: "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}"
+    src: "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}"
   no_log: true
   register: openvpn_read_tlsauth_file_results
   changed_when: false

diff --git a/templates/server.conf.j2 b/templates/server.conf.j2
@@ -52,7 +52,7 @@ dh {{ openvpn_keydir }}/dh.pem
 
 {% if openvpn_tls_auth -%}
 # Use a static pre-shared key (PSK)
-tls-auth {{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }} 0
+tls-auth {{ openvpn_client_config_dir }}/{{ openvpn_tls_key }} 0
 tls-server
 {% endif %}