43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
- name: Install VPN package requirements
|
|
apt:
|
|
name: "{{ strongswan_requeriments }}"
|
|
state: present
|
|
install_recommends: no
|
|
- name: Insert certificates
|
|
no_log: true
|
|
copy:
|
|
content: "{{ item.content }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: "{{ item.mode }}"
|
|
loop: "{{ certificates }}"
|
|
- name: Add private key
|
|
copy:
|
|
content: "{{ lookup(passbolt, 'ipsec_private_key', folder_parent_id=passbolt_folder).description }}"
|
|
dest: /etc/ipsec.d/private/key.pem
|
|
owner: root
|
|
group: root
|
|
mode: u=r,g=r,o=
|
|
- name: Configure ipsec.conf and charon
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- { src: 'ipsec.conf', dest: '/etc/ipsec.conf', mode: 'u=rw,g=r,o=r' }
|
|
- { src: 'vn-attr.conf', dest: '/etc/strongswan.d/charon/vn-attr.conf', mode: 'u=rw,g=r,o=r' }
|
|
- { src: 'vn-eap-radius.conf', dest: '/etc/strongswan.d/charon/vn-eap-radius.conf', mode: 'u=r,g=,o=' }
|
|
- { src: 'ipsec.secrets', dest: '/etc/ipsec.secrets', mode: 'u=r,g=,o=' }
|
|
- name: Copy Configure file
|
|
copy:
|
|
src: vn.conf
|
|
dest: /etc/strongswan.d/vn.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r |