senke/talas-group
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
talas-group/04_INFRA_DEPLOIEMENT/Ansible/roles/openvpn/tasks/scripts.yml
senke 66471934af Initial commit: Talas Group project management & documentation 
Knowledge base of ~80+ markdown files across 14 domains (00-13),
Logseq graph, hardware design files (KiCAD), infrastructure configs,
and talas-wiki static site.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 20:10:41 +02:00

150 lines
3.5 KiB
YAML
Raw Blame History

---
# file: roles/openvpn/tasks/main.yml
- name: "install python_package dependencies"
block:
- name: "set fact python_package_install_from_role"
set_fact:
python_package_install_from_role:
- package: pgcos
script: ""
venv: /usr/local/venvs/openvpn
- name: "import role python_package"
import_role:
name: python_package
- name: "unset fact python_package_install"
set_fact:
python_package_install_from_role: []
when: openvpn_client_scripts
tags:
- scripts
- python_package
- openvpn
- name: "dependencies for scripts"
apt:
name:
- build-essential
- python3-dev
- libldap2-dev
- libsasl2-dev
- name: "openvpn group"
group:
name: "openvpn"
system: yes
- name: "openvpn user"
user:
name: "openvpn"
group: "openvpn"
system: yes
- name: "sudo rights for the openvpn"
template:
src: "sudo.j2"
dest: "/etc/sudoers.d/openvpn"
mode: 0440
- name: "dir /var/log/openvpn with owner openvpn/openvpn for scripts"
file:
path: /var/log/openvpn
state: directory
mode: 0700
owner: "openvpn"
group: "openvpn"
- name: "make sure scripts log files are owned by the openvpn user"
file:
path: "/var/log/openvpn/{{ item }}"
state: touch
owner: "openvpn"
group: "openvpn"
modification_time: preserve
access_time: preserve
loop:
- custom.log
- postgres_unavailable.sql
- name: "dir /etc/openvpn/scripts"
file:
path: /etc/openvpn/scripts
state: directory
- name: "/etc/openvpn/scripts/configuration.ini"
template:
src: "configuration.ini"
dest: "/etc/openvpn/scripts/configuration.ini"
backup: yes
- name: "pip upgrade pip in virtualenv"
pip:
name: pip
extra_args: --upgrade
virtualenv: /usr/local/venvs/openvpn
virtualenv_command: /usr/bin/python3 -m venv
when: not ansible_check_mode
- name: "pip install dependencies in virtualenv"
pip:
name:
- geoip2
- python-ldap
extra_args: --upgrade
virtualenv: /usr/local/venvs/openvpn
virtualenv_command: /usr/bin/python3 -m venv
when: not ansible_check_mode
- name: "/usr/local/venvs/openvpn/bin/{{ item }}"
copy:
src: "{{ item }}"
dest: "/usr/local/venvs/openvpn/bin/{{ item }}"
mode: 0755
loop:
- connect.py
- disconnect.py
- name: "ln -s /usr/local/venvs/openvpn/bin/{{ item }} /etc/openvpn/scripts/{{ item }}"
file:
state: link
src: "/usr/local/venvs/openvpn/bin/{{ item }}"
dest: "/etc/openvpn/scripts/{{ item }}"
force: true
loop:
- connect.py
- disconnect.py
- name: "GeoLite2-ASN.mmdb GeoLite2-Country.mmdb"
copy:
src: "{{ item }}"
dest: "/etc/openvpn/scripts/{{ item }}"
mode: 0755
backup: yes
loop:
- GeoLite2-ASN.mmdb
- GeoLite2-Country.mmdb
when: openvpn_client_scripts
- name: "{{ openvpn_auth_user_pass_verify }}"
copy:
src: "{{ openvpn_auth_user_pass_verify }}"
dest: "/etc/openvpn/scripts/{{ openvpn_auth_user_pass_verify }}"
mode: 0755
backup: yes
when: openvpn_auth_user_pass_verify is defined
- name: "/etc/openvpn/scripts/generate_revoked.sh"
template:
src: "generate_revoked.sh.j2"
dest: "/etc/openvpn/scripts/generate_revoked.sh"
mode: 0755
backup: yes
when: openvpn_crl is defined
- name: "crontab to generate revocation serials from CRL"
cron:
name: "generate revocation serials from CRL"
hour: 2
minute: 0
job: "/etc/openvpn/scripts/generate_revoked.sh"
when: openvpn_crl is defined
Reference in a new issue View git blame Copy permalink