Etusivu Tutki Apua
Kirjaudu sisään
ffdo-infrastruktur
/
ffdo-ansible-l2tp
peilaus alkaen https://github.com/ffdo/ffdo-ansible-l2tp.git
9
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Branch: master
Branchit Tagit
ffdo-ansible...
/
roles
/
fastd
/
tasks
/
main.yml

main.yml 2.0 KB
Pysyvä linkki Historia Raaka

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. ---
    2. 

  2. # Prüfe Repo-Quelle
    3. 

  3. - name: Schlüssel hinzufügen
    4. 

  4.   apt_key: keyserver=keyserver.ubuntu.com  id=16EF3F64CB201D9C
    5. 

  5. 

  6. - name: set fastd-repo
    7. 

  7.   apt_repository: repo='deb http://repo.universe-factory.net/debian/ sid main' state=present
    8. 

  8. 

  9. # Fastd-Daemon, Habeged-Daemon
    10. 

  10. 

  11. - name: install fastd (vpn daemon) and haveged (entropy daemon)
    12. 

  12.   apt:
    13. 

  13.     pkg: "{{ item }}"
    14. 

  14.     update_cache: yes
    15. 

  15.     state: installed
    16. 

  16.   with_items:
    17. 

  17.     - fastd
    18. 

  18.     - haveged
    19. 

  19. 

  20. - name: create config directory
    21. 

  21.   file: path=/etc/fastd/vpn state=directory
    22. 

  22. 

  23. # generate new fastd keypair if no fastd_key file exists
    24. 

  24. # new key will only be generated, if no secret,key file exists (public key doesn't matter)
    25. 

  25. - name: generate fastd key (if not exists)
    26. 

  26.   shell: fastd --generate-key
    27. 

  27.   register: fastd_key_generated
    28. 

  28.   args:
    29. 

  29.     creates: /etc/fastd/vpn/secret.key
    30. 

  30.   notify:
    31. 

  31.     - restart fastd
    32. 

  32. 

  33. # write public & private key to seperate keyfiles, if new fastd key is generated
    34. 

  34. - template: src=secret.key.j2 dest=/etc/fastd/vpn/secret.key owner=root group=root mode=0600
    35. 

  35.   when: fastd_key_generated|changed
    36. 

  36. - template: src=public.key.j2 dest=/etc/fastd/vpn/public.key
    37. 

  37.   when: fastd_key_generated|changed
    38. 

  38. 

  39. - name: create dummy peer directory
    40. 

  40.   file: path=/etc/fastd/vpn/peers state=directory
    41. 

  41. 

  42. # create dummy peer file
    43. 

  43. - name: create dummy peer
    44. 

  44.   template: src=dummy.j2 dest=/etc/fastd/vpn/peers/dummy
    45. 

  45. 

  46. # create fastd config
    47. 

  47. - name: create config
    48. 

  48.   template: src=fastd.conf.j2 dest=/etc/fastd/vpn/fastd.conf
    49. 

  49.   notify:
    50. 

  50.     - restart fastd
    51. 

  51. 

  52. - name: create verify directory
    53. 

  53.   file: path=/var/gateway-ffms/fastd/ state=directory
    54. 

  54. 

  55. # todo: bessere location wählen
    56. 

  56. - name: create verify script (blacklisting)
    57. 

  57.   template: src=verify.sh.j2 dest=/var/gateway-ffms/fastd/verify.sh
    58. 

  58. 

  59. - stat: path=/var/gateway-ffms/fastd/blacklist
    60. 

  60.   register: blacklist_file
    61. 

  61. 

  62. - name: create blacklist file (if not exists)
    63. 

  63.   file: path=/var/gateway-ffms/fastd/blacklist state=touch
    64. 

  64.   when: blacklist_file.stat.exists == False
    65. 

  65. 

  66. - name: status.pl nach /root kopieren
    67. 

  67.   copy: src=status.pl dest=/root/status.pl owner=root group=root mode=0755
    68. 

  68.