only run/set this up if we're not inside phx2
This commit is contained in:
parent
9d1fa6f2ab
commit
cb9aa62459
2 changed files with 8 additions and 2 deletions
|
|
@ -37,6 +37,7 @@
|
||||||
- include: $tasks/base.yml
|
- include: $tasks/base.yml
|
||||||
- include: $tasks/fas_client.yml
|
- include: $tasks/fas_client.yml
|
||||||
- include: $tasks/2fa_client.yml
|
- include: $tasks/2fa_client.yml
|
||||||
|
- include: $tasks/openvpn_client.yml
|
||||||
- include: $tasks/motd.yml
|
- include: $tasks/motd.yml
|
||||||
- include: $tasks/sudo.yml
|
- include: $tasks/sudo.yml
|
||||||
- include: $tasks/rkhunter.yml
|
- include: $tasks/rkhunter.yml
|
||||||
|
|
|
||||||
|
|
@ -11,13 +11,15 @@
|
||||||
- config
|
- config
|
||||||
notify:
|
notify:
|
||||||
- restart openvpn
|
- restart openvpn
|
||||||
|
when_string: "10.5" not in ${ansible_default_ipv4.address}
|
||||||
|
|
||||||
- name: /etc/openvpn/crl.pem g/secure/vpn/openvpn/keys/crl.pem
|
- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
|
||||||
copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
|
copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
notify:
|
notify:
|
||||||
- restart openvpn
|
- restart openvpn
|
||||||
|
when_string: "10.5" not in ${ansible_default_ipv4.address}
|
||||||
|
|
||||||
- name: /etc/openvpn/openvpn.conf
|
- name: /etc/openvpn/openvpn.conf
|
||||||
copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
|
copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
|
||||||
|
|
@ -25,6 +27,7 @@
|
||||||
- config
|
- config
|
||||||
notify:
|
notify:
|
||||||
- restart openvpn
|
- restart openvpn
|
||||||
|
when_string: "10.5" not in ${ansible_default_ipv4.address}
|
||||||
|
|
||||||
- name: /etc/openvpn/client.crt
|
- name: /etc/openvpn/client.crt
|
||||||
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
|
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
|
||||||
|
|
@ -32,6 +35,7 @@
|
||||||
- config
|
- config
|
||||||
notify:
|
notify:
|
||||||
- restart openvpn
|
- restart openvpn
|
||||||
|
when_string: "10.5" not in ${ansible_default_ipv4.address}
|
||||||
|
|
||||||
- name: /etc/openvpn/client.key
|
- name: /etc/openvpn/client.key
|
||||||
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
|
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
|
||||||
|
|
@ -39,10 +43,11 @@
|
||||||
- config
|
- config
|
||||||
notify:
|
notify:
|
||||||
- restart openvpn
|
- restart openvpn
|
||||||
|
when_string: "10.5" not in ${ansible_default_ipv4.address}
|
||||||
|
|
||||||
- name: enable openvpn service
|
- name: enable openvpn service
|
||||||
service: name=openvpn state=running enabled=true
|
service: name=openvpn state=running enabled=true
|
||||||
tags:
|
tags:
|
||||||
- service
|
- service
|
||||||
|
when_string: "10.5" not in ${ansible_default_ipv4.address}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue