blob: a31a2ee59b953e97cc0a1bbbee7177b88271c3b4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
---
# ocserv has built-in chroot functionality
# it's fine here, other roles won't be running any pkg_add
- name: "install ocserv"
community.general.openbsd_pkg:
name: ocserv--
state: present
- name: "create directory"
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: _vpn
group: _vpn
mode: 0700
loop:
- /var/reactance/ocserv
- /var/reactance/ocserv/run
- /var/reactance/ocserv/certs
- name: "create log file"
ansible.builtin.file:
path: /var/log/ocserv.log
state: touch
mode: "0600"
changed_when: false
- name: "create temporary directory"
ansible.builtin.tempfile:
state: directory
suffix: temp
register: ocserv_tempdir
notify:
- remove_ocserv_tempdir
- name: "template out config"
ansible.builtin.template:
src: ocserv.conf.j2
dest: /var/reactance/ocserv/ocserv.conf
- name: "template out init script"
ansible.builtin.template:
src: ocserv.rc.j2
dest: "{{ ocserv_tempdir.path }}/ocserv.rc"
# will fail without it
- name: "copy ocserv-worker"
ansible.builtin.copy:
owner: _vpn
group: _vpn
remote_src: true
src: /usr/local/sbin/ocserv-worker
dest: /var/reactance/ocserv/ocserv-worker
mode: 0770
- name: "install init script"
ansible.builtin.shell: "install -m 755 -g bin {{ ocserv_tempdir.path }}/ocserv.rc /etc/rc.d/ocserv && rm -rf /var/reactance/ocserv/ocserv.rc"
- name: "remove /etc/ocserv (we are using /var/reactance/ocserv)"
ansible.builtin.file:
path: /etc/ocserv
state: absent
|
