configpolicy/roles/dch-vpn-server/tasks/main.yml

- name: ensure pyrocufflink vpn connection is configured
  copy:
    src=vpn.pyrocufflink.net.ipsec.conf
    dest=/etc/strongswan/ipsec.d/conns/vpn.pyrocufflink.net.conf
    mode=0644
  notify: restart strongswan
- name: ensure pyrocufflink vpn secret is configured
  copy:
    src=vpn.pyrocufflink.net.secret
    dest=/etc/strongswan/ipsec.secrets.d/vpn.pyrocufflink.net
    mode=0600
  notify: restart strongswan

- name: ensure dch ca certificates are installed
  copy:
    src={{ item }}
    dest=/etc/strongswan/ipsec.d/cacerts/{{ item|basename }}
    mode=0644
  with_items:
  - certs/dch-root-ca.crt
  - certs/dch-ca.crt
  notify: restart strongswan
- name: ensure vpn server certificate is installed
  copy:
    src=certs/vpn.pyrocufflink.net.cer
    dest=/etc/strongswan/ipsec.d/certs/
    mode=0644
  notify: restart strongswan
- name: ensure vpn server private key is installed
  copy:
    src=certs/vpn.pyrocufflink.net.key
    dest=/etc/strongswan/ipsec.d/private/
    mode=0400
  notify: restart strongswan

- name: ensure strongswan is running
  service:
    name=strongswan
    state=started