Vorstand in Verwaltung umbenannt, Openvpn Tunnel restrukturiert

common/openvpn/handlers/main.yml

+---
+- name: restart openvpn server
+  service: name=openvpn-server@{{ item }}.service state=restarted
+  with_items:
+    - "{{ openvpn_server }}"
+  when: openvpn_server is defined and openvpn_server > 0
+
+- name: restart openvpn clients
+  service: name=openvpn-client@{{ item }}.service state=restarted
+  with_items:
+    - "{{ openvpn_clients }}"
+  when: openvpn_clients is defined and openvpn_clients > 0

common/openvpn/tasks/main.yml

+# Pakete installieren
+- name: openvpn installieren
+  apt:
+    pkg: "{{ packages }}"
+    update_cache: yes
+    state: present
+  vars:
+    packages:
+      - logrotate
+      - openvpn
+
+# Log-Verzeichnis erstellen 
+
+- name: create folder struct for openvpn
+  file:
+    path: "/var/log/openvpn/"
+    state: "directory"
+
+# Konfigurationsdateien erstellen (ohne Keys)
+
+- name: Konfigurationen (server) erstellen 
+  template: src={{ inventory_hostname }}-{{ item }}.conf dest=/etc/openvpn/server/{{ item }}.conf
+  with_items:
+    - "{{ openvpn_server }}"
+  notify: restart openvpn server
+  when: openvpn_server is defined and openvpn_server > 0
+
+- name: Konfigurationen (clients) erstellen 
+  template: src={{ inventory_hostname }}-{{ item }}.conf dest=/etc/openvpn/client/{{ item }}.conf
+  with_items:
+    - "{{ openvpn_clients }}"
+  notify: restart openvpn clients
+  when: openvpn_clients is defined and openvpn_clients > 0
+
+- name: OpenVpn LogRotate config erstellen 
+  template: 
+    src: logrotate 
+    dest: /etc/logrotate.d/openvpn
+
+# Enable service 
+
+- name: enable openvpn systemd service (server) 
+  systemd:
+    name: "openvpn-server@{{ item }}.service"
+    state: started
+    enabled: True
+    daemon_reload: yes
+  with_items:
+    - "{{ openvpn_server }}"
+  when: openvpn_server is defined and openvpn_server > 0
+
+- name: enable openvpn systemd service (client)
+  systemd:
+    name: "openvpn-client@{{ item }}.service"
+    state: started
+    enabled: True
+    daemon_reload: yes
+  with_items:
+    - "{{ openvpn_clients }}"
+  when: openvpn_clients is defined and openvpn_clients > 0

common/openvpn/templates/logrotate

+/var/log/openvpn/*.log {
+  rotate 12
+  monthly
+  compress
+  missingok
+  notifempty
+}

common/openvpn/templates/openvpn-common

+
+persist-tun
+persist-key
+
+cipher AES-256-CBC
+auth SHA256
+
+comp-lzo adaptive
+keepalive 10 60
+ping-timer-rem
+
+verb 3

common/openvpn/templates/verwaltung-client-webs.conf

+
+dev tun1
+remote {{ hostvars['webserver'].ext_ip4 }} 1197 udp
+resolv-retry infinite
+
+ifconfig 10.44.1.2 10.44.1.1
+route 10.42.1.1 255.255.255.255
+
+secret /etc/openvpn/client/client-webs.key 
+log /var/log/openvpn/client-webs.log
+
+{% include "openvpn-common" %}

common/openvpn/templates/verwaltung-server-zone.conf

+
+dev tun0
+port 1196
+
+ifconfig 10.43.2.1 10.43.2.2
+route 192.168.0.0 255.255.255.0
+
+secret /etc/openvpn/server/server-zone.key 
+log /var/log/openvpn/server-zone.log
+
+{% include "openvpn-common" %}

common/openvpn/templates/webserver-server-verwaltung.conf

+
+dev tun1
+port 1197
+
+ifconfig 10.44.1.1 10.44.1.2
+route 10.42.2.1 255.255.255.255
+
+secret /etc/openvpn/server/server-verwaltung.key 
+log /var/log/openvpn/server-verwaltung.log
+
+{% include "openvpn-common" %}

common/openvpn/templates/webserver-server-zone.conf

+
+dev tun0
+port 1196
+
+ifconfig 10.43.1.1 10.43.1.2
+route 192.168.0.0 255.255.255.0
+
+secret /etc/openvpn/server/server-zone.key 
+log /var/log/openvpn/server-zone.conf
+
+{% include "openvpn-common" %}

host_vars/vorstand → host_vars/verwaltung

@@ -20,6 +20,12 @@ debian_keys_url:
   - "https://repos.influxdata.com/influxdb.key"
 
 
+# Primäre IP Adressen des Hosts 
+ext_ip4: 89.163.231.227
+ext_ip6: 2001:4ba0:ffff:007c::227
+int_ip4: 10.42.2.1
+
+
 # Art des Hosts: physical, vm, docker 
 host_type: "vm"
 
@@ -29,6 +35,14 @@ webserver_domains:
   - "verwaltung-git.warpzone.ms"
 
 
+#OpenVPN Konfigurationen 
+openvpn_server:
+  - "server-zone"
+
+openvpn_clients:
+  - "client-webs"
+
+
 administratorenteam:
   - "sandhome"
   - "void"
@@ -39,3 +53,4 @@ vorstandteam:
   - "ole"
   - "larsm"
   - "reverend"
+

host_vars/warpsrvint

@@ -21,6 +21,12 @@ debian_keys_url:
   - "https://repos.influxdata.com/influxdb.key"
 
 
+# Primäre IP Adressen des Hosts 
+#ext_ip4: <keine>
+#ext_ip6: <keine>
+int_ip4: 10.42.3.1
+
+
 # Art des Hosts: physical, vm, docker 
 host_type: "physical"
 

host_vars/webserver

@@ -20,6 +20,12 @@ debian_keys_url:
   - "https://repos.influxdata.com/influxdb.key"
 
 
+# Primäre IP Adressen des Hosts 
+ext_ip4: 89.163.231.226
+ext_ip6: 2001:4ba0:ffff:007c::2
+int_ip4: 10.42.1.1
+
+
 # Art des Hosts: physical, vm, docker 
 host_type: "vm"
 
@@ -42,13 +48,20 @@ webserver_domains:
   - "wiki.warpzone.ms"
   - "www.warpzone.ms"
 
+
+#OpenVPN Konfigurationen 
+openvpn_server:
+  - "server-zone"
+  - "server-verwaltung"
+
 administratorenteam:
   - "void"
   - "dray"
   - "sandhome"
   - "commander1024"
   
-  # Definition von Borgbackup Repositories 
+
+# Definition von Borgbackup Repositories 
 borgbackup_repos:
   
   warpsrvext: 

hosts

@@ -19,7 +19,7 @@ webserver   ansible_ssh_host=89.163.231.226
 # Vorstands-VM
 # VM auf dem Webtropia-Server
 # Auch erreichbar unter werwaltung.warpzone.ms
-vorstand ansible_ssh_host=89.163.231.227
+verwaltung ansible_ssh_host=89.163.231.227
 
 
 # Raspberry-PI Server

site.yml

@@ -2,7 +2,7 @@
 # Hauptdatei, includiert lediglich die einzelnen Playbooks 
 
 - import_playbook: all/main.yml 
-- import_playbook: vorstand/main.yml 
+- import_playbook: verwaltung/main.yml 
 - import_playbook: warphab/main.yml 
 - import_playbook: warpsrvint/main.yml 
 - import_playbook: warpsrvext/main.yml