4 files changed, 47 insertions, 0 deletions

diff --git a/roles/sshvpn/tasks/check_sshvpn_exists.yaml b/roles/sshvpn/tasks/check_sshvpn_exists.yaml
new file mode 100644
index 00000000..3939f2d8
--- /dev/null
+++ b/roles/sshvpn/tasks/check_sshvpn_exists.yaml
@@ -0,0 +1,12 @@
+---
+- name: "Check if sshvpn is already installed"
+  ansible.builtin.stat:
+    path: /home/sshvpn
+  register: sshvpn_directory
+
+- name: "Setup sshvpn if directory doesn't exist"
+  ansible.builtin.include_tasks: setup_sshvpn.yaml
+  when:  sshvpn_directory.stat.exists == false
+
+- name: "Create sshvpn users"
+  ansible.builtin.include_tasks: create_users_sshvpn.yaml
diff --git a/roles/sshvpn/tasks/create_users_sshvpn.yaml b/roles/sshvpn/tasks/create_users_sshvpn.yaml
new file mode 100644
index 00000000..f4b0ed68
--- /dev/null
+++ b/roles/sshvpn/tasks/create_users_sshvpn.yaml
@@ -0,0 +1,16 @@
+---
+- name: "sshvpn user management"
+  sshvpn:
+    users: "{{ all_users|default([]) + sshvpn_users|default([]) }}"
+  register: sshvpn_user_pass_dict
+  #no_log: true
+
+- name: "make temp dir"
+  ansible.builtin.file:
+    path: /var/reactance/.temp/
+    state: directory
+
+- name: "add sshvpn user password pair to dict"
+  ansible.builtin.copy:
+    content: "{{ sshvpn_user_pass_dict['msg']|default({}) | to_json }}"
+    dest: /var/reactance/.temp/sshvpn_user_pass_dict
diff --git a/roles/sshvpn/tasks/main.yaml b/roles/sshvpn/tasks/main.yaml
new file mode 100644
index 00000000..78a241af
--- /dev/null
+++ b/roles/sshvpn/tasks/main.yaml
@@ -0,0 +1,3 @@
+---
+- name: "Setup sshvpn"
+  ansible.builtin.include_tasks: check_sshvpn_exists.yaml
diff --git a/roles/sshvpn/tasks/setup_sshvpn.yaml b/roles/sshvpn/tasks/setup_sshvpn.yaml
new file mode 100644
index 00000000..20504e57
--- /dev/null
+++ b/roles/sshvpn/tasks/setup_sshvpn.yaml
@@ -0,0 +1,16 @@
+---
+- name: "Create sshvpns user"
+  ansible.builtin.user:
+    name: sshvpn
+    shell: /sbin/nologin
+    home: /var/reactance/sshvpn
+
+- name: "Create .ssh directory (if not exists)"
+  ansible.builtin.file:
+    path: /var/reactance/sshvpn/.ssh
+    owner: sshvpn
+    group: sshvpn
+    mode: 0700
+
+- name: "Run user management script"
+  include_tasks: create_users_sshvpn.yaml