Vorstand in Verwaltung umbenannt, Openvpn Tunnel restrukturiert

vorstand/main.yml → verwaltung/main.yml

 ---
 
-- hosts: vorstand
+- hosts: verwaltung
   remote_user: root
   roles:
     - { role: ../common/telegraf, tags: telegraf }
     - { role: ../common/docker, tags: docker }
     - { role: ../common/nginx, tags: nginx }
+    - { role: ../common/openvpn, tags: openvpn }
     - { role: docker_gitea, tags: gitea }
     - { role: docker_mysql, tags: mysql }
     - { role: user, tags: user }

webserver/main.yml

@@ -7,7 +7,7 @@
     - { role: ../common/docker, tags: docker }
     - { role: ../common/telegraf, tags: telegraf }
     - { role: ../common/nginx, tags: nginx }
-    - { role: openvpn, tags: openvpn }
+    - { role: ../common/openvpn, tags: openvpn }
     - { role: docker_alerta, tags: alerta }
     - { role: docker_dokuwiki, tags: dokuwiki }
     - { role: docker_etherpad, tags: etherpad }

webserver/openvpn/handlers/main.yml

----
-- name: restart openvpn
-  service: name=openvpn-client@warpzone.service state=restarted

webserver/openvpn/tasks/main.yml

-# Pakete installieren
-- name: openvpn installieren
-  apt:
-    name: "{{ packages }}"
-    update_cache: yes
-    state: present
-  vars:
-    packages:
-      - openvpn
-
-# Log-Verzeichnis erstellen 
-
-- name: create folder struct for openvpn
-  file:
-    path: "/var/log/openvpn/"
-    state: "directory"
-
-# Konfigurationsdateien erstellen (ohne Keys)
-
-- name: Konfiguration erstellen 
-  template: src=warpzone.conf dest=/etc/openvpn/client/warpzone.conf
-  notify: restart openvpn
-
-- name: Konfiguration erstellen 
-  template: src=warpzone-up.sh dest=/etc/openvpn/client/warpzone-up.sh mode=o+x
-  notify: restart openvpn
-
-# Enable service 
-
-- name: enable openvpn systemd servise 
-  systemd:
-    name: openvpn-client@warpzone.service
-    state: started
-    enabled: True

webserver/openvpn/templates/warpzone-up.sh

-#!/bin/sh
-# the interface name is passed as first argument ($1)
-
-#modprobe ip_tables
-#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
-#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636

webserver/openvpn/templates/warpzone.conf

-
-dev tun
-persist-tun
-persist-key
-cipher AES-256-CBC
-auth SHA1
-tls-client
-client
-resolv-retry infinite
-remote 212.124.34.242 1195 udp
-verify-x509-name "OpenVPN Server" name
-pkcs12 /etc/openvpn/client/warpzone.p12
-tls-auth /etc/openvpn/client/warpzone.key 1
-comp-lzo adaptive
-
-script-security 2
-up /etc/openvpn/client/warpzone-up.sh
-
-log /var/log/openvpn/warpzone.log
-verb 3