diff --git a/tasks/main.yml b/tasks/main.yml index e8387a0..1f69f7a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,45 +1,2 @@ --- -- block: - - name: Install dependencies - package: - name: "{{ item }}" - state: present - loop: "{{ openvpn_client_packages_extra }}" - - - name: Install required packages - package: - name: "{{ item }}" - state: present - loop: - - openvpn - - - name: Write client config - template: - src: etc/openvpn/client.conf.j2 - dest: "/etc/openvpn/{{ openvpn_client_name }}.conf" - mode: 0600 - notify: __openvpn_restart - - - name: Copy cert files (if defined) - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "{{ openvpn_client_ca_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ca_file }}", mode: "0650" } - - { src: "{{ openvpn_client_cert_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_cert_file }}", mode: "0650" } - - { src: "{{ openvpn_client_key_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_key_file }}", mode: "0600" } - - { src: "{{ openvpn_client_ta_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ta_file }}", mode: "0600" } - loop_control: - label: "{{ item.dest }}" - when: item.src | length > 0 - - notify: __openvpn_restart - - - name: Ensure openvpn service is up and running - systemd: - name: "openvpn@{{ openvpn_client_name }}" - state: "{{ openvpn_service_state }}" - enabled: yes - become: True - become_user: root +- include_tasks: setup.yml diff --git a/tasks/setup.yml b/tasks/setup.yml new file mode 100644 index 0000000..a1a626d --- /dev/null +++ b/tasks/setup.yml @@ -0,0 +1,45 @@ +--- +- block: + - name: Install dependencies + package: + name: "{{ item }}" + state: present + loop: "{{ openvpn_client_packages_extra }}" + + - name: Install required packages + package: + name: "{{ item }}" + state: present + loop: + - openvpn + + - name: Write client config + template: + src: etc/openvpn/client.conf.j2 + dest: "/etc/openvpn/{{ openvpn_client_name }}.conf" + mode: 0600 + notify: __openvpn_restart + + - name: Copy cert files (if defined) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + loop: + - { src: "{{ openvpn_client_ca_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ca_file }}", mode: "0640" } + - { src: "{{ openvpn_client_cert_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_cert_file }}", mode: "0640" } + - { src: "{{ openvpn_client_key_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_key_file }}", mode: "0600" } + - { src: "{{ openvpn_client_ta_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ta_file }}", mode: "0600" } + loop_control: + label: "{{ item.dest }}" + when: item.src | length > 0 + + notify: __openvpn_restart + + - name: Ensure openvpn service is up and running + systemd: + name: "openvpn@{{ openvpn_client_name }}" + state: "{{ openvpn_service_state }}" + enabled: yes + become: True + become_user: root