--- # Prüfe Repo-Quelle - name: Schlüssel hinzufügen apt_key: keyserver=keyserver.ubuntu.com id=16EF3F64CB201D9C - name: set fastd-repo apt_repository: repo='deb http://repo.universe-factory.net/debian/ sid main' state=present # Fastd-Daemon, Habeged-Daemon - name: install fastd (vpn daemon) and haveged (entropy daemon) apt: pkg: "{{ item }}" update_cache: yes state: installed with_items: - fastd - haveged - name: create config directory file: path=/etc/fastd/vpn state=directory # generate new fastd keypair if no fastd_key file exists # new key will only be generated, if no secret,key file exists (public key doesn't matter) - name: generate fastd key (if not exists) shell: fastd --generate-key register: fastd_key_generated args: creates: /etc/fastd/vpn/secret.key notify: - restart fastd # write public & private key to seperate keyfiles, if new fastd key is generated - template: src=secret.key.j2 dest=/etc/fastd/vpn/secret.key owner=root group=root mode=0600 when: fastd_key_generated|changed - template: src=public.key.j2 dest=/etc/fastd/vpn/public.key when: fastd_key_generated|changed - name: create dummy peer directory file: path=/etc/fastd/vpn/peers state=directory # create dummy peer file - name: create dummy peer template: src=dummy.j2 dest=/etc/fastd/vpn/peers/dummy # create fastd config - name: create config template: src=fastd.conf.j2 dest=/etc/fastd/vpn/fastd.conf notify: - restart fastd - name: create verify directory file: path=/var/gateway-ffms/fastd/ state=directory # todo: bessere location wählen - name: create verify script (blacklisting) template: src=verify.sh.j2 dest=/var/gateway-ffms/fastd/verify.sh - stat: path=/var/gateway-ffms/fastd/blacklist register: blacklist_file - name: create blacklist file (if not exists) file: path=/var/gateway-ffms/fastd/blacklist state=touch when: blacklist_file.stat.exists == False - name: status.pl nach /root kopieren copy: src=status.pl dest=/root/status.pl owner=root group=root mode=0755