X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=roles%2Fmsca-openvpn%2Ftasks%2Fmain.yml;h=d58cb3b3cd5d2f49987078eb1b884c06d5547301;hb=d10a4b69962d07e31bd2be65dc044c0268ec28a6;hp=92dec57df48d9dd6a9bdb258d0272636f90fce49;hpb=588872ef49cb75a5ffa775e738ae3c61f9d7bad0;p=awsible diff --git a/roles/msca-openvpn/tasks/main.yml b/roles/msca-openvpn/tasks/main.yml index 92dec57..d58cb3b 100644 --- a/roles/msca-openvpn/tasks/main.yml +++ b/roles/msca-openvpn/tasks/main.yml @@ -9,7 +9,7 @@ - cert != '' - key != '' - ta_secret != '' - + - dhparam != '' tags: ['check_vars'] - assert: @@ -66,13 +66,32 @@ - openvpn.log - connect.log - disconnect.log - file: - state: touch - path: /var/log/openvpn/{{ item }} + copy: + content: "" + force: no + dest: /var/log/openvpn/{{ item }} owner: openvpn group: openvpn mode: "0644" +- name: rotate user logs + when: vpn_mode == 'user-server' + copy: + src: openvpn-user.logrotate + dest: /etc/logrotate.d/openvpn-user + owner: root + group: root + mode: "0644" + +- name: rotate vpc logs + when: vpn_mode == 'vpc-server' + copy: + src: openvpn-vpc.logrotate + dest: /etc/logrotate.d/openvpn-vpc + owner: root + group: root + mode: "0644" + - name: install scripts when: vpn_mode == 'user-server' with_items: @@ -85,13 +104,11 @@ group: openvpn mode: "0755" -- name: generate dh parameters - command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096 - args: - creates: /etc/openvpn/keys/dh.pem - - name: install keys with_items: + - file: dh.pem + content: "{{ dhparam }}" + mode: "0444" - file: ca.{{ ca_name|lower }}.crt content: "{{ ca_cert }}" mode: "0400"