From cc5ac42e6487f4782b6377688cfa5673e590d0bb Mon Sep 17 00:00:00 2001 From: Taha Jahangir Date: Sun, 15 Nov 2020 17:39:39 +0330 Subject: [PATCH] Allow changing config filename and client config dir --- defaults/main.yml | 6 ++++++ tasks/authentication/tls.yml | 4 ++-- tasks/core/clients.yml | 6 +++--- tasks/core/configure.yml | 4 ++-- tasks/core/read-client-files.yml | 2 +- templates/server.conf.j2 | 2 +- 6 files changed, 15 insertions(+), 9 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index af53181..341e1b8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -208,6 +208,12 @@ openvpn_script_output_directories: [] # A path on the OpenVPN server where OpenVPN scripts should be uploaded to. openvpn_scripts_dir: "{{ openvpn_etcdir }}/scripts/" +# In some distros, the server with `foobar.conf` config file can be managed +# using `openvpn@foobar` service +openvpn_config_file: "{{ openvpn_etcdir }}/server.conf" + +openvpn_client_config_dir: "{{ openvpn_client_config_dir }}" + # A list of files located on the Ansible controller that the role should upload. # The scripts will be uploaded under `openvpn_scripts_dir`. You can reference # them in `openvpn_server_options` for the OpenVPN configuration option you diff --git a/tasks/authentication/tls.yml b/tasks/authentication/tls.yml index 1439a58..a4fb111 100644 --- a/tasks/authentication/tls.yml +++ b/tasks/authentication/tls.yml @@ -2,7 +2,7 @@ - name: Generate tls-auth key command: - openvpn --genkey --secret "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}" + openvpn --genkey --secret "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}" args: - creates: "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}" + creates: "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}" when: openvpn_tls_auth diff --git a/tasks/core/clients.yml b/tasks/core/clients.yml index 9252178..63e9d27 100644 --- a/tasks/core/clients.yml +++ b/tasks/core/clients.yml @@ -3,7 +3,7 @@ - name: Generate client configurations template: src: "{{ openvpn_client_conf_template }}" - dest: "{{ openvpn_etcdir }}/ovpns/{{ item }}.ovpn" + dest: "{{ openvpn_client_config_dir }}/{{ item }}.ovpn" loop: "{{ openvpn_clients }}" register: openvpn_clients_changed @@ -20,12 +20,12 @@ loop_control: index_var: index args: - chdir: "{{ openvpn_etcdir }}/ovpns/" + chdir: "{{ openvpn_client_config_dir }}" when: openvpn_clients_changed.results[index] is changed - name: Download client credentials fetch: - src: "{{ openvpn_etcdir }}/ovpns/{{ item }}.zip" + src: "{{ openvpn_client_config_dir }}/{{ item }}.zip" dest: "{{ openvpn_download_dir }}" flat: true validate_checksum: true diff --git a/tasks/core/configure.yml b/tasks/core/configure.yml index 6916598..998a307 100644 --- a/tasks/core/configure.yml +++ b/tasks/core/configure.yml @@ -15,7 +15,7 @@ - name: Configure server template: src: server.conf.j2 - dest: "{{ openvpn_etcdir }}/server.conf" + dest: "{{ openvpn_config_file }}" notify: openvpn restart # Needed by both tls-authentication tasks and client-configuration tasks. Placed @@ -23,5 +23,5 @@ # client-config tasks are located. - name: Create client configuration directory file: - path: "{{ openvpn_etcdir }}/ovpns" + path: "{{ openvpn_client_config_dir }}" state: directory diff --git a/tasks/core/read-client-files.yml b/tasks/core/read-client-files.yml index 362b9e6..ae1b063 100644 --- a/tasks/core/read-client-files.yml +++ b/tasks/core/read-client-files.yml @@ -7,7 +7,7 @@ - name: Read TLS-auth key slurp: - src: "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}" + src: "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}" no_log: true register: openvpn_read_tlsauth_file_results changed_when: false diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index 3b5f910..f7ee72e 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -52,7 +52,7 @@ dh {{ openvpn_keydir }}/dh.pem {% if openvpn_tls_auth -%} # Use a static pre-shared key (PSK) -tls-auth {{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }} 0 +tls-auth {{ openvpn_client_config_dir }}/{{ openvpn_tls_key }} 0 tls-server {% endif %}