Add desktop openvpn setup

roles/arch/tasks/main.yml

@@ -34,5 +34,5 @@
 - include_tasks: postgres.yml # TODO
 - include_tasks: syncthing.yml # TODO depending on platform
 - include_tasks: git.yml # TODO (identify)
-- include_tasks: openvpn.yml # TODO depending on platform
+- include_tasks: openvpn.yml # TODO (laptop)
 - include_tasks: timer.yml

roles/arch/tasks/openvpn.yml

@@ -0,0 +1,48 @@
+- name: create configuration directories
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: openvpn
+    group: openvpn
+    mode: "0750"
+  loop:
+    - "/etc/openvpn/client"
+    - "/etc/openvpn/client/zeus"
+    - "/etc/openvpn/server"
+
+- name: copy configuration
+  become: yes
+  template:
+    src: "{{ platform }}/openvpn.j2"
+    dest: "/etc/openvpn/client/zeus.conf"
+    owner: openvpn
+    group: openvpn
+    mode: "0644"
+
+- name: copy credentials
+  become: yes
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: openvpn
+    group: openvpn
+    mode: "0600"
+  loop:
+    - {
+        src: "{{ platform }}/openvpn/ca.crt",
+        dest: "/etc/openvpn/client/zeus/ca.crt",
+      }
+    - {
+        src: "{{ platform }}/openvpn/desktop.crt",
+        dest: "/etc/openvpn/client/zeus/desktop.crt",
+      }
+    - {
+        src: "{{ platform }}/openvpn/desktop.key",
+        dest: "/etc/openvpn/client/zeus/desktop.key",
+      }
+    - {
+        src: "{{ platform }}/openvpn/ta.key",
+        dest: "/etc/openvpn/client/zeus/ta.key",
+      }
+  notify: restart vpn