- name: ensure required packages are installed package: name=openvpn,stunnel state=present tags: - install - name: ensure stunnel configuration is set template: src=openvpn.stunnel.conf.j2 dest=/etc/stunnel/openvpn.conf mode=0644 notify: restart stunnel openvpn proxy - name: ensure openvpn server configuration is set template: src=pyrocufflink.openvpn.conf.j2 dest=/etc/openvpn/server/pyrocufflink.conf mode=0644 notify: restart pyrocufflink openvpn server - name: ensure openvpn client config dir exists file: path=/etc/openvpn/server/clients mode=0755 state=directory - name: ensure openvpn client config files are set copy: src={{ item }} dest=/etc/openvpn/server/clients/{{ item|basename }} mode=0640 notify: restart pyrocufflink openvpn server with_fileglob: 'clients/*' - name: ensure openvpn ca certificate is installed copy: src={{ item }} dest=/etc/openvpn/server/ca.crt mode=0644 with_fileglob: '{{ inventory_hostname }}_ca.crt' - name: ensure openvpn server certificate is installed copy: src={{ item }} dest=/etc/pki/tls/certs/openvpn.cer mode=0644 with_fileglob: '{{ inventory_hostname }}.cer' - name: ensure openvpn server private key is installed copy: src={{ item }} dest=/etc/pki/tls/private/openvpn.key mode=0600 with_fileglob: '{{ inventory_hostname }}.key' - name: ensure openvpn diffie-hellman parameters file is installed copy: src={{ item }} dest=/etc/openvpn/server/dh2048.pem mode=0600 with_fileglob: '{{ inventory_hostname }}.dh' - name: ensure stunnel openvpn proxy starts at boot service: name=stunnel@openvpn enabled=yes - name: ensure stunnel openvpn proxy is running service: name=stunnel@openvpn state=started - name: ensure pyrocufflink openvpn server service starts at boot service: name=openvpn-server@pyrocufflink enabled=yes - name: ensure pyrocufflink openvpn server service is running service: name=openvpn-server@pyrocufflink state=started