howtos/add_external_hardware_to_vpn.md

# Add external servers to vpn

- In the Fedora Infra Ansible repo edit the file **roles/batcave/files/allows**.
Under the correct section add **require ip** ***<server_ip>***

- When this change is pushed run the batcave ansible playbook on the batcave.
You will need sysadmin-main access for this

- Create openvpn and 2fa certificates for the new server.
This requires sysadmin main access

>  * https://pagure.io/fedora-infra/howtos/blob/main/f/generate_2fa_keys.md
>  * https://pagure.io/fedora-infra/howtos/blob/main/f/generate_openvpn_keys.md

- In the dns repo on batcave edit the file master/168.192.in-addr.arpa
Add the new host to one of the unused adresses.
Ensure the hostname ends in .vpn.fedoraproject.org.
Don't forget to update the serial before saving.

- Also edit the master/vpn.fedoraproject.org file to add the server with
the new 192.168.*.* address created in the previous step to the required section
Don't forget to update the serial before saving.

- When the above edits are done follow the instructions in the DNS sysadmin sop
about signing and pushing new dns chnages.
> https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/dns/

- Finally in the Fedora Infra Ansible repo add a new file
**roles/openvpn/server/files/ccd/*<server_name>*** with the new 192.168.*.* address.
View one of the existing files in the repo for a sample of formatting.
This change will be run when the server is provisioned.