--- - block: - name: Install dependencies package: name: "{{ item }}" state: present loop: "{{ openvpn_client_packages_extra }}" - name: Install required packages package: name: "{{ item }}" state: present loop: - openvpn - name: Write client config template: src: etc/openvpn/client.conf.j2 dest: "/etc/openvpn/{{ openvpn_client_name }}.conf" mode: 0600 notify: __openvpn_restart - name: Copy cert files (if defined) copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" loop: - { src: "{{ openvpn_client_ca_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ca_file }}", mode: "0640" } - { src: "{{ openvpn_client_cert_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_cert_file }}", mode: "0640" } - { src: "{{ openvpn_client_key_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_key_file }}", mode: "0600" } - { src: "{{ openvpn_client_ta_source | default('') }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ta_file }}", mode: "0600" } loop_control: label: "{{ item.dest }}" when: item.src | length > 0 notify: __openvpn_restart - name: Ensure openvpn service is up and running systemd: name: "openvpn@{{ openvpn_client_name }}" state: "{{ openvpn_service_state }}" enabled: yes become: True become_user: root