diff --git a/host_vars/webserver b/host_vars/webserver
index 730240f5c3f9b099f3c03fc6662af8f4a846a007..402850d03a5134c2a940a3d7d0efe70fa0b0289f 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -3,16 +3,17 @@
motd_lines:
- "Webserver"
- - "Öffentliche IPs: {{ansible_eth0.ipv4.address}} / {{ansible_eth0.ipv6[0].address}}"
+ - "Öffentliche IPs: {{ansible_ens3.ipv4.address}} / {{ansible_ens3.ipv6[0].address}}"
debian_sources:
- - "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie main contrib non-free"
- - "deb http://security.debian.org/ jessie/updates main contrib non-free"
- - "deb http://ftp.de.debian.org/debian/ jessie-updates main"
- - "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie-updates main contrib non-free"
- - "deb http://apt.dockerproject.org/repo debian-jessie main"
+ - "deb http://ftp.halifax.rwth-aachen.de/debian/ stretch main contrib non-free"
+ - "deb http://security.debian.org/ stretch/updates main contrib non-free"
+ - "deb http://ftp.de.debian.org/debian/ stretch-updates main"
+ - "deb http://ftp.halifax.rwth-aachen.de/debian/ stretch-updates main contrib non-free"
+ - "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
debian_keys:
+ - "https://download.docker.com/linux/debian/gpg"
borgbackup_weekday: "*"
borgbackup_hour: "4"
diff --git a/webserver/docker/tasks/main.yml b/webserver/docker/tasks/main.yml
index 2d93189f719848d73399a075ffca75864e2ec303..650f0aa4ad245b066199d54f961f95b3ead26cb7 100644
--- a/webserver/docker/tasks/main.yml
+++ b/webserver/docker/tasks/main.yml
@@ -11,13 +11,12 @@
update_cache: yes
state: installed
with_items:
- - docker-engine
+ - docker-ce
- python
- python-pip
- name: install pip packages
pip:
- name: docker-py
- version: 1.7.2
+ name: docker-compose
+ version: 1.15.0
state: present
-
diff --git a/webserver/openvpn/handlers/main.yml b/webserver/openvpn/handlers/main.yml
index 3e1e5f9fac81c0dedb5c6bbb090ed508620f6f82..99893c1c11a95474c40f02a5e119a07ef0c11a93 100644
--- a/webserver/openvpn/handlers/main.yml
+++ b/webserver/openvpn/handlers/main.yml
@@ -1,3 +1,3 @@
---
- name: restart openvpn
- service: name=openvpn state=restarted
+ service: name=openvpn-client@warpzone.service state=restarted
diff --git a/webserver/openvpn/tasks/main.yml b/webserver/openvpn/tasks/main.yml
index b67dd24e81d34519d76540b8828d4d1d6d8cd61c..63f6b928dc842e8ba6ddc7ba6b2494cdfdfd0a86 100644
--- a/webserver/openvpn/tasks/main.yml
+++ b/webserver/openvpn/tasks/main.yml
@@ -7,13 +7,27 @@
with_items:
- openvpn
+# Log-Verzeichnis erstellen
+
+- name: create folder struct for openvpn
+ file:
+ path: "/var/log/openvpn/"
+ state: "directory"
+
# Konfigurationsdateien erstellen (ohne Keys)
- name: Konfiguration erstellen
- template: src=warpzone.conf dest=/etc/openvpn/warpzone.conf
+ template: src=warpzone.conf dest=/etc/openvpn/client/warpzone.conf
notify: restart openvpn
- name: Konfiguration erstellen
- template: src=warpzone-up.sh dest=/etc/openvpn/warpzone-up.sh mode=o+x
+ template: src=warpzone-up.sh dest=/etc/openvpn/client/warpzone-up.sh mode=o+x
notify: restart openvpn
+# Enable service
+
+- name: enable openvpn systemd servise
+ systemd:
+ name: openvpn-client@warpzone.service
+ state: started
+ enabled: True
diff --git a/webserver/openvpn/templates/warpzone.conf b/webserver/openvpn/templates/warpzone.conf
index 85eabac150dcb10705913f45f45c0007e2331b2d..989f7d4dc6edafcba8e4e43b469fbff5a6c68f1a 100644
--- a/webserver/openvpn/templates/warpzone.conf
+++ b/webserver/openvpn/templates/warpzone.conf
@@ -9,9 +9,12 @@ client
resolv-retry infinite
remote 212.124.34.242 1195 udp
verify-x509-name "OpenVPN Server" name
-pkcs12 /etc/openvpn/warpzone.p12
-tls-auth /etc/openvpn/warpzone.key 1
+pkcs12 /etc/openvpn/client/warpzone.p12
+tls-auth /etc/openvpn/client/warpzone.key 1
comp-lzo adaptive
script-security 2
-up /etc/openvpn/warpzone-up.sh
+up /etc/openvpn/client/warpzone-up.sh
+
+log /var/log/openvpn/warpzone.log
+verb 3