2020-02-17 04:43:13 +00:00
# Run 'sudo iiab-support' to turn on OpenVPN without hassle. GENERAL TIPS:
# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
2020-01-13 21:19:50 +00:00
2017-05-27 18:09:50 +00:00
2021-08-19 23:35:05 +00:00
# AUGUST 2018 - AUGUST 2021
# (1) openvpn_handle could no longer be left undefined OR null
# (two different concepts in Ansible, see /opt/iiab/iiab/test.yml)
# 2021-08-19 UPDATE: the /usr/bin/iiab-support command can now handle almost
# any /etc/iiab/local_vars.yml (PR #2957) making it all much more resilient!
# (2) openvpn_handle: "" (EMPTY STRING) IS HOWEVER TOLERATED -- in which case
# the OpenVPN server instead tries to use the 1st 6 chars of /etc/iiab/uuid
2021-08-19 23:42:15 +00:00
# (3) Finally if there's no client UUID (/etc/iiab/uuid) -- the OpenVPN server
# falls back to labelling that machine as generic: "client1's certificate"
2021-08-19 23:35:05 +00:00
# SEE ALSO /etc/openvpn/scripts/announcer & /usr/bin/iiab-support from:
# https://github.com/iiab/iiab/tree/master/roles/openvpn/templates
2020-02-17 04:33:09 +00:00
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
2018-09-05 18:48:48 +00:00
2020-02-17 04:33:09 +00:00
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
2020-01-30 09:00:00 +00:00
2020-02-17 04:33:09 +00:00
- name : Assert that "openvpn_install is sameas true" (boolean not string etc)
assert :
that : openvpn_install is sameas true
fail_msg : "PLEASE SET 'openvpn_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet : yes
2020-01-30 09:00:00 +00:00
2020-02-17 04:33:09 +00:00
- name : Assert that "openvpn_enabled | type_debug == 'bool'" (boolean not string etc)
assert :
that : openvpn_enabled | type_debug == 'bool'
fail_msg : "PLEASE GIVE VARIABLE 'openvpn_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet : yes
2020-01-30 09:00:00 +00:00
2020-01-24 03:11:24 +00:00
2020-02-17 04:33:09 +00:00
- name : Install OpenVPN if 'openvpn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks : install.yml
when : openvpn_installed is undefined
2020-01-24 03:11:24 +00:00
2017-10-27 12:18:26 +00:00
2020-02-17 04:33:09 +00:00
- include_tasks : enable-or-disable.yml
2017-10-27 12:18:26 +00:00
2020-01-24 03:11:24 +00:00
2018-10-31 04:57:13 +00:00
- name : Add 'openvpn' variable values to {{ iiab_ini_file }}
2017-11-27 01:19:45 +00:00
ini_file :
2020-02-17 04:33:09 +00:00
path : "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
2017-11-27 01:19:45 +00:00
section : openvpn
option : "{{ item.option }}"
2020-01-12 02:41:37 +00:00
value : "{{ item.value | string }}"
2017-05-27 18:09:50 +00:00
with_items :
2022-01-07 10:29:54 +00:00
- option : name
value : OpenVPN
- option : description
value : '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."'
- option : openvpn_install
value : "{{ openvpn_install }}"
- option : openvpn_enabled
value : "{{ openvpn_enabled }}"
- option : openvpn_handle
value : "{{ openvpn_handle }}"
- option : openvpn_cron_enabled
value : "{{ openvpn_cron_enabled }}"
- option : openvpn_server
value : "{{ openvpn_server }}"
- option : openvpn_server_virtual_ip
value : "{{ openvpn_server_virtual_ip }}"
- option : openvpn_server_port
value : "{{ openvpn_server_port }}"
