From 8a3bf7874b4fde4fa2a5ec460bc448577c90e19e Mon Sep 17 00:00:00 2001
From: Mark O'Brien <markobri@redhat.com>
Date: Mon, 24 Aug 2020 16:14:09 +0100
Subject: [PATCH] add_external_hardware_to_vpn howto

---
 add_external_hardware_to_vpn.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 add_external_hardware_to_vpn.md

diff --git a/add_external_hardware_to_vpn.md b/add_external_hardware_to_vpn.md
new file mode 100644
index 0000000..6659d73
--- /dev/null
+++ b/add_external_hardware_to_vpn.md
@@ -0,0 +1,30 @@
+# Add external servers to vpn
+
+- In the Fedora Infra Ansible repo edit the file roles/batcave/files/allows.
+Under the correct section add **require ip** ***<server_ip>***
+
+- When this change is pushed run the batcave ansible playbook on the batcave.
+
+- Create openvpn and 2fa certificates for the new server.
+This requires sysadmin main access
+
+>  https://pagure.io/fedora-infra/howtos/blob/master/f/generate_2fa_keys.md
+>  https://pagure.io/fedora-infra/howtos/blob/master/f/generate_openvpn_keys.md
+
+- In the dns repo on batcave edit the file master/168.192.in-addr.arpa
+Add the new host to one of the unused adresses. 
+Don't forget to update teh serial before saving.
+
+- Also edit the master/vpn.fedoraproject.org file to add the server with
+the new 192.168.*.* address created in the previous step to the required section
+Don't forget to update teh serial before saving.
+
+- When the above edits are done follow the instructions in the DNS sysadmin sop 
+about signing and pushing new dns chnages.
+> https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/dns.html#editing-the-domain-s
+
+- Finally in the Fedora Infra Ansible repo add a new file 
+roles/openvpn/server/files/ccd/*<server_name>* with the new 192.168.*.* address.
+View one of the existing files in the repo for a sample of formatting.
+This change will be run when the server is provisioned.
+