From 65fb49fc5f3e4628353ee2e54c5ced76c5bc40fa Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 16 Nov 2021 22:34:30 +0100
Subject: openvpn: initial support for server/client

---
 roles/network/openvpn/server/tasks/main.yml | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

(limited to 'roles/network/openvpn/server/tasks/main.yml')

diff --git a/roles/network/openvpn/server/tasks/main.yml b/roles/network/openvpn/server/tasks/main.yml
index 98bb220b..181feec9 100644
--- a/roles/network/openvpn/server/tasks/main.yml
+++ b/roles/network/openvpn/server/tasks/main.yml
@@ -2,7 +2,27 @@
 - name: create TLS certificate and key
   import_tasks: tls.yml
 
-## TODO:
-## - generate/install openvpn configuration
-## - generate/install client config directory
-## - enable/start "openvpn-server@{{ openvpn_zone.name }}"
+- name: generate openvpn config
+  template:
+    src: conf.j2
+    dest: "/etc/openvpn/server/{{ openvpn_zone.name }}.conf"
+  notify: restart openvpn-server
+
+- name: create client-config directory
+  file:
+    path: "/etc/openvpn/server/{{ openvpn_zone.name }}-ccd"
+    state: directory
+
+- name: generate client-config snippets
+  loop: "{{ openvpn_zone.offsets | list | difference([inventory_hostname]) }}"
+  loop_control:
+    loop_var: client
+  template:
+    src: client.j2
+    dest: "/etc/openvpn/server/{{ openvpn_zone.name }}-ccd/{{ client }}"
+
+- name: make sure openvpn-server systemd unit is enabled and started
+  systemd:
+    name: "openvpn-server@{{ openvpn_zone.name }}"
+    state: started
+    enabled: yes
-- 
cgit v1.2.3