diff --git a/common/openvpn/handlers/main.yml b/common/openvpn/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8153a482f819b343c4ada8c0600493176f2cb341
--- /dev/null
+++ b/common/openvpn/handlers/main.yml
@@ -0,0 +1,12 @@
+---
+- name: restart openvpn server
+ service: name=openvpn-server@{{ item }}.service state=restarted
+ with_items:
+ - "{{ openvpn_server }}"
+ when: openvpn_server is defined and openvpn_server > 0
+
+- name: restart openvpn clients
+ service: name=openvpn-client@{{ item }}.service state=restarted
+ with_items:
+ - "{{ openvpn_clients }}"
+ when: openvpn_clients is defined and openvpn_clients > 0
diff --git a/common/openvpn/tasks/main.yml b/common/openvpn/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3b50290e646ff03299da8e46bbd3dd07ce7792d0
--- /dev/null
+++ b/common/openvpn/tasks/main.yml
@@ -0,0 +1,60 @@
+# Pakete installieren
+- name: openvpn installieren
+ apt:
+ pkg: "{{ packages }}"
+ update_cache: yes
+ state: present
+ vars:
+ packages:
+ - logrotate
+ - openvpn
+
+# Log-Verzeichnis erstellen
+
+- name: create folder struct for openvpn
+ file:
+ path: "/var/log/openvpn/"
+ state: "directory"
+
+# Konfigurationsdateien erstellen (ohne Keys)
+
+- name: Konfigurationen (server) erstellen
+ template: src={{ inventory_hostname }}-{{ item }}.conf dest=/etc/openvpn/server/{{ item }}.conf
+ with_items:
+ - "{{ openvpn_server }}"
+ notify: restart openvpn server
+ when: openvpn_server is defined and openvpn_server > 0
+
+- name: Konfigurationen (clients) erstellen
+ template: src={{ inventory_hostname }}-{{ item }}.conf dest=/etc/openvpn/client/{{ item }}.conf
+ with_items:
+ - "{{ openvpn_clients }}"
+ notify: restart openvpn clients
+ when: openvpn_clients is defined and openvpn_clients > 0
+
+- name: OpenVpn LogRotate config erstellen
+ template:
+ src: logrotate
+ dest: /etc/logrotate.d/openvpn
+
+# Enable service
+
+- name: enable openvpn systemd service (server)
+ systemd:
+ name: "openvpn-server@{{ item }}.service"
+ state: started
+ enabled: True
+ daemon_reload: yes
+ with_items:
+ - "{{ openvpn_server }}"
+ when: openvpn_server is defined and openvpn_server > 0
+
+- name: enable openvpn systemd service (client)
+ systemd:
+ name: "openvpn-client@{{ item }}.service"
+ state: started
+ enabled: True
+ daemon_reload: yes
+ with_items:
+ - "{{ openvpn_clients }}"
+ when: openvpn_clients is defined and openvpn_clients > 0
diff --git a/common/openvpn/templates/logrotate b/common/openvpn/templates/logrotate
new file mode 100644
index 0000000000000000000000000000000000000000..6c724764960255fc9e0a63796446e73e17aab384
--- /dev/null
+++ b/common/openvpn/templates/logrotate
@@ -0,0 +1,7 @@
+/var/log/openvpn/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
diff --git a/common/openvpn/templates/openvpn-common b/common/openvpn/templates/openvpn-common
new file mode 100644
index 0000000000000000000000000000000000000000..2fbc51ef890e198d9878bf83ae1b5a88d56be5ed
--- /dev/null
+++ b/common/openvpn/templates/openvpn-common
@@ -0,0 +1,12 @@
+
+persist-tun
+persist-key
+
+cipher AES-256-CBC
+auth SHA256
+
+comp-lzo adaptive
+keepalive 10 60
+ping-timer-rem
+
+verb 3
diff --git a/common/openvpn/templates/verwaltung-client-webs.conf b/common/openvpn/templates/verwaltung-client-webs.conf
new file mode 100644
index 0000000000000000000000000000000000000000..7c73ed3cf0d1cb5ff79e88c9526de61eac0f59dd
--- /dev/null
+++ b/common/openvpn/templates/verwaltung-client-webs.conf
@@ -0,0 +1,12 @@
+
+dev tun1
+remote {{ hostvars['webserver'].ext_ip4 }} 1197 udp
+resolv-retry infinite
+
+ifconfig 10.44.1.2 10.44.1.1
+route 10.42.1.1 255.255.255.255
+
+secret /etc/openvpn/client/client-webs.key
+log /var/log/openvpn/client-webs.log
+
+{% include "openvpn-common" %}
diff --git a/common/openvpn/templates/verwaltung-server-zone.conf b/common/openvpn/templates/verwaltung-server-zone.conf
new file mode 100644
index 0000000000000000000000000000000000000000..58756971c3c275703020e3d2bd57cc0c04165049
--- /dev/null
+++ b/common/openvpn/templates/verwaltung-server-zone.conf
@@ -0,0 +1,11 @@
+
+dev tun0
+port 1196
+
+ifconfig 10.43.2.1 10.43.2.2
+route 192.168.0.0 255.255.255.0
+
+secret /etc/openvpn/server/server-zone.key
+log /var/log/openvpn/server-zone.log
+
+{% include "openvpn-common" %}
diff --git a/common/openvpn/templates/webserver-server-verwaltung.conf b/common/openvpn/templates/webserver-server-verwaltung.conf
new file mode 100644
index 0000000000000000000000000000000000000000..54edd1f29d61da130eec696a1a464da36e833cb1
--- /dev/null
+++ b/common/openvpn/templates/webserver-server-verwaltung.conf
@@ -0,0 +1,11 @@
+
+dev tun1
+port 1197
+
+ifconfig 10.44.1.1 10.44.1.2
+route 10.42.2.1 255.255.255.255
+
+secret /etc/openvpn/server/server-verwaltung.key
+log /var/log/openvpn/server-verwaltung.log
+
+{% include "openvpn-common" %}
diff --git a/common/openvpn/templates/webserver-server-zone.conf b/common/openvpn/templates/webserver-server-zone.conf
new file mode 100644
index 0000000000000000000000000000000000000000..0056c4c60d9a4c7e9fcb4b38e85600d7818bd1f3
--- /dev/null
+++ b/common/openvpn/templates/webserver-server-zone.conf
@@ -0,0 +1,11 @@
+
+dev tun0
+port 1196
+
+ifconfig 10.43.1.1 10.43.1.2
+route 192.168.0.0 255.255.255.0
+
+secret /etc/openvpn/server/server-zone.key
+log /var/log/openvpn/server-zone.conf
+
+{% include "openvpn-common" %}
diff --git a/host_vars/vorstand b/host_vars/verwaltung
similarity index 80%
rename from host_vars/vorstand
rename to host_vars/verwaltung
index bd03105ba46517e3541c5ac285bf2105f1904108..6b6fedb422e00187e377fd0ff46b15aec0402329 100644
--- a/host_vars/vorstand
+++ b/host_vars/verwaltung
@@ -20,6 +20,12 @@ debian_keys_url:
- "https://repos.influxdata.com/influxdb.key"
+# Primäre IP Adressen des Hosts
+ext_ip4: 89.163.231.227
+ext_ip6: 2001:4ba0:ffff:007c::227
+int_ip4: 10.42.2.1
+
+
# Art des Hosts: physical, vm, docker
host_type: "vm"
@@ -29,6 +35,14 @@ webserver_domains:
- "verwaltung-git.warpzone.ms"
+#OpenVPN Konfigurationen
+openvpn_server:
+ - "server-zone"
+
+openvpn_clients:
+ - "client-webs"
+
+
administratorenteam:
- "sandhome"
- "void"
@@ -39,3 +53,4 @@ vorstandteam:
- "ole"
- "larsm"
- "reverend"
+
diff --git a/host_vars/warpsrvint b/host_vars/warpsrvint
index 6c512169c99034d8347c35554aad985e0b8369b5..9275624948e075f716762d54dc8572df1e92d2fd 100644
--- a/host_vars/warpsrvint
+++ b/host_vars/warpsrvint
@@ -21,6 +21,12 @@ debian_keys_url:
- "https://repos.influxdata.com/influxdb.key"
+# Primäre IP Adressen des Hosts
+#ext_ip4: <keine>
+#ext_ip6: <keine>
+int_ip4: 10.42.3.1
+
+
# Art des Hosts: physical, vm, docker
host_type: "physical"
diff --git a/host_vars/webserver b/host_vars/webserver
index da8dec9241fc0b3007b7377378462fd4f05d02ae..7f1ec3c5c314aab5245720e4ad18d0ec5909d6a6 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -20,6 +20,12 @@ debian_keys_url:
- "https://repos.influxdata.com/influxdb.key"
+# Primäre IP Adressen des Hosts
+ext_ip4: 89.163.231.226
+ext_ip6: 2001:4ba0:ffff:007c::2
+int_ip4: 10.42.1.1
+
+
# Art des Hosts: physical, vm, docker
host_type: "vm"
@@ -42,13 +48,20 @@ webserver_domains:
- "wiki.warpzone.ms"
- "www.warpzone.ms"
+
+#OpenVPN Konfigurationen
+openvpn_server:
+ - "server-zone"
+ - "server-verwaltung"
+
administratorenteam:
- "void"
- "dray"
- "sandhome"
- "commander1024"
- # Definition von Borgbackup Repositories
+
+# Definition von Borgbackup Repositories
borgbackup_repos:
warpsrvext:
diff --git a/hosts b/hosts
index 34b8aa571eb5cd708e8463be174a1db093f71c27..15134d093af21a565cdebacc754c83447202fabb 100644
--- a/hosts
+++ b/hosts
@@ -19,7 +19,7 @@ webserver ansible_ssh_host=89.163.231.226
# Vorstands-VM
# VM auf dem Webtropia-Server
# Auch erreichbar unter werwaltung.warpzone.ms
-vorstand ansible_ssh_host=89.163.231.227
+verwaltung ansible_ssh_host=89.163.231.227
# Raspberry-PI Server
diff --git a/site.yml b/site.yml
index bcd3576c3cbffce5a599443fdc8c7f1f6588bebd..558c9b27d2f0266ae554c1e368ad69dd9c26070a 100644
--- a/site.yml
+++ b/site.yml
@@ -2,7 +2,7 @@
# Hauptdatei, includiert lediglich die einzelnen Playbooks
- import_playbook: all/main.yml
-- import_playbook: vorstand/main.yml
+- import_playbook: verwaltung/main.yml
- import_playbook: warphab/main.yml
- import_playbook: warpsrvint/main.yml
- import_playbook: warpsrvext/main.yml
diff --git a/vorstand/Documentation.md b/verwaltung/Documentation.md
similarity index 100%
rename from vorstand/Documentation.md
rename to verwaltung/Documentation.md
diff --git a/vorstand/docker_gitea/tasks/main.yml b/verwaltung/docker_gitea/tasks/main.yml
similarity index 100%
rename from vorstand/docker_gitea/tasks/main.yml
rename to verwaltung/docker_gitea/tasks/main.yml
diff --git a/vorstand/docker_gitea/templates/docker-compose.yml b/verwaltung/docker_gitea/templates/docker-compose.yml
similarity index 100%
rename from vorstand/docker_gitea/templates/docker-compose.yml
rename to verwaltung/docker_gitea/templates/docker-compose.yml
diff --git a/vorstand/docker_mysql/tasks/main.yml b/verwaltung/docker_mysql/tasks/main.yml
similarity index 100%
rename from vorstand/docker_mysql/tasks/main.yml
rename to verwaltung/docker_mysql/tasks/main.yml
diff --git a/vorstand/docker_mysql/templates/docker-compose.yml b/verwaltung/docker_mysql/templates/docker-compose.yml
similarity index 100%
rename from vorstand/docker_mysql/templates/docker-compose.yml
rename to verwaltung/docker_mysql/templates/docker-compose.yml
diff --git a/vorstand/docker_mysql/templates/tuning.cnf b/verwaltung/docker_mysql/templates/tuning.cnf
similarity index 100%
rename from vorstand/docker_mysql/templates/tuning.cnf
rename to verwaltung/docker_mysql/templates/tuning.cnf
diff --git a/vorstand/git/handlers/main.yml b/verwaltung/git/handlers/main.yml
similarity index 100%
rename from vorstand/git/handlers/main.yml
rename to verwaltung/git/handlers/main.yml
diff --git a/vorstand/git/tasks/main.yml b/verwaltung/git/tasks/main.yml
similarity index 100%
rename from vorstand/git/tasks/main.yml
rename to verwaltung/git/tasks/main.yml
diff --git a/vorstand/jameica/tasks/main.yml b/verwaltung/jameica/tasks/main.yml
similarity index 100%
rename from vorstand/jameica/tasks/main.yml
rename to verwaltung/jameica/tasks/main.yml
diff --git a/vorstand/jameica/templates/de.jost_net.JVerein.rmi.JVereinDBService.properties b/verwaltung/jameica/templates/de.jost_net.JVerein.rmi.JVereinDBService.properties
similarity index 100%
rename from vorstand/jameica/templates/de.jost_net.JVerein.rmi.JVereinDBService.properties
rename to verwaltung/jameica/templates/de.jost_net.JVerein.rmi.JVereinDBService.properties
diff --git a/vorstand/jameica/templates/de.willuhn.jameica.hbci.rmi.HBCIDBService.properties b/verwaltung/jameica/templates/de.willuhn.jameica.hbci.rmi.HBCIDBService.properties
similarity index 100%
rename from vorstand/jameica/templates/de.willuhn.jameica.hbci.rmi.HBCIDBService.properties
rename to verwaltung/jameica/templates/de.willuhn.jameica.hbci.rmi.HBCIDBService.properties
diff --git a/vorstand/jameica/templates/jameica.sh b/verwaltung/jameica/templates/jameica.sh
similarity index 100%
rename from vorstand/jameica/templates/jameica.sh
rename to verwaltung/jameica/templates/jameica.sh
diff --git a/vorstand/main.yml b/verwaltung/main.yml
similarity index 87%
rename from vorstand/main.yml
rename to verwaltung/main.yml
index 3f13121d899801c89e1ecb0b763bd5443f994011..717c073ca7e657330b250a593fa15491568c13f4 100644
--- a/vorstand/main.yml
+++ b/verwaltung/main.yml
@@ -1,11 +1,12 @@
---
-- hosts: vorstand
+- hosts: verwaltung
remote_user: root
roles:
- { role: ../common/telegraf, tags: telegraf }
- { role: ../common/docker, tags: docker }
- { role: ../common/nginx, tags: nginx }
+ - { role: ../common/openvpn, tags: openvpn }
- { role: docker_gitea, tags: gitea }
- { role: docker_mysql, tags: mysql }
- { role: user, tags: user }
diff --git a/vorstand/user/tasks/main.yml b/verwaltung/user/tasks/main.yml
similarity index 100%
rename from vorstand/user/tasks/main.yml
rename to verwaltung/user/tasks/main.yml
diff --git a/vorstand/x2goserver/tasks/main.yml b/verwaltung/x2goserver/tasks/main.yml
similarity index 100%
rename from vorstand/x2goserver/tasks/main.yml
rename to verwaltung/x2goserver/tasks/main.yml
diff --git a/webserver/main.yml b/webserver/main.yml
index e7be0116f7bd19590d31f5caa23ba49d98316e52..e640968d1352d2c84e1b5dc62c8d4f1dc0734ce6 100644
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -7,7 +7,7 @@
- { role: ../common/docker, tags: docker }
- { role: ../common/telegraf, tags: telegraf }
- { role: ../common/nginx, tags: nginx }
- - { role: openvpn, tags: openvpn }
+ - { role: ../common/openvpn, tags: openvpn }
- { role: docker_alerta, tags: alerta }
- { role: docker_dokuwiki, tags: dokuwiki }
- { role: docker_etherpad, tags: etherpad }
diff --git a/webserver/openvpn/handlers/main.yml b/webserver/openvpn/handlers/main.yml
deleted file mode 100644
index 99893c1c11a95474c40f02a5e119a07ef0c11a93..0000000000000000000000000000000000000000
--- a/webserver/openvpn/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: restart openvpn
- service: name=openvpn-client@warpzone.service state=restarted
diff --git a/webserver/openvpn/tasks/main.yml b/webserver/openvpn/tasks/main.yml
deleted file mode 100644
index 9e78e87cb232f55b592f5c10a5c21b1e872d8b51..0000000000000000000000000000000000000000
--- a/webserver/openvpn/tasks/main.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-# Pakete installieren
-- name: openvpn installieren
- apt:
- name: "{{ packages }}"
- update_cache: yes
- state: present
- vars:
- packages:
- - openvpn
-
-# Log-Verzeichnis erstellen
-
-- name: create folder struct for openvpn
- file:
- path: "/var/log/openvpn/"
- state: "directory"
-
-# Konfigurationsdateien erstellen (ohne Keys)
-
-- name: Konfiguration erstellen
- template: src=warpzone.conf dest=/etc/openvpn/client/warpzone.conf
- notify: restart openvpn
-
-- name: Konfiguration erstellen
- template: src=warpzone-up.sh dest=/etc/openvpn/client/warpzone-up.sh mode=o+x
- notify: restart openvpn
-
-# Enable service
-
-- name: enable openvpn systemd servise
- systemd:
- name: openvpn-client@warpzone.service
- state: started
- enabled: True
diff --git a/webserver/openvpn/templates/warpzone-up.sh b/webserver/openvpn/templates/warpzone-up.sh
deleted file mode 100644
index 2a0ca20807d71eb6c3e3bf495b26cd20ce25cb53..0000000000000000000000000000000000000000
--- a/webserver/openvpn/templates/warpzone-up.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-# the interface name is passed as first argument ($1)
-
-#modprobe ip_tables
-#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
-#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
diff --git a/webserver/openvpn/templates/warpzone.conf b/webserver/openvpn/templates/warpzone.conf
deleted file mode 100644
index 989f7d4dc6edafcba8e4e43b469fbff5a6c68f1a..0000000000000000000000000000000000000000
--- a/webserver/openvpn/templates/warpzone.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-
-dev tun
-persist-tun
-persist-key
-cipher AES-256-CBC
-auth SHA1
-tls-client
-client
-resolv-retry infinite
-remote 212.124.34.242 1195 udp
-verify-x509-name "OpenVPN Server" name
-pkcs12 /etc/openvpn/client/warpzone.p12
-tls-auth /etc/openvpn/client/warpzone.key 1
-comp-lzo adaptive
-
-script-security 2
-up /etc/openvpn/client/warpzone-up.sh
-
-log /var/log/openvpn/warpzone.log
-verb 3