- name: create openvpn server directory become: true file: path: '{{ item.path }}' state: directory mode: '{{ item.mode }}' owner: root group: root loop: - { path: '/etc/openvpn/server', mode: '0744', } - { path: '/etc/openvpn/client', mode: '0744' } - { path: '/etc/openvpn/easy-rsa', mode: '0744', } - { path: '/etc/openvpn/easy-rsa/keys', mode: '0700', } - name: copy openvpn credentials become: true copy: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: '{{ item.mode }}' owner: root group: root loop: - { src: 'files/openvpn/ca.crt', dest: '/etc/openvpn/easy-rsa/keys/ca.crt', mode: '0644' } - { src: 'files/openvpn/server.crt', dest: '/etc/openvpn/easy-rsa/keys/server.crt', mode: '0644' } - { src: 'files/openvpn/server.csr', dest: '/etc/openvpn/easy-rsa/keys/server.csr', mode: '0644' } - { src: 'files/openvpn/server.key', dest: '/etc/openvpn/easy-rsa/keys/server.key', mode: '0600' } - { src: 'files/openvpn/dh2048.pem', dest: '/etc/openvpn/easy-rsa/keys/dh2048.pem', mode: '0644' } - { src: 'files/openvpn/ta.key', dest: '/etc/openvpn/easy-rsa/keys/ta.key', mode: '0600' } - name: copy openvpn configuration files become: true template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: root loop: - { src: 'templates/openvpn/server-lan.j2', dest: '/etc/openvpn/server/server-lan.conf', } - { src: 'templates/openvpn/server-mobile.j2', dest: '/etc/openvpn/server/server-mobile.conf', } - name: link openvpn configuration files become: true file: src: '{{ item.src }}' dest: '{{ item.dest }}' state: link loop: - { src: '/etc/openvpn/server/server-lan.conf', dest: '/etc/openvpn/server-lan.conf', } - { src: '/etc/openvpn/server/server-mobile.conf', dest: '/etc/openvpn/server-mobile.conf', } - name: restart openvpn lan server become: true systemd: name: openvpn@server-lan state: restarted enabled: true - name: restart openvpn mobile server become: true systemd: name: openvpn@server-mobile state: restarted enabled: true