mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
76 lines
3.1 KiB
YAML
76 lines
3.1 KiB
YAML
# Run 'sudo iiab-support' to turn on OpenVPN without hassle. GENERAL TIPS:
|
|
# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
|
|
|
|
|
|
# AUGUST 2018 - AUGUST 2021
|
|
|
|
# (1) openvpn_handle could no longer be left undefined OR null
|
|
# (two different concepts in Ansible, see /opt/iiab/iiab/test.yml)
|
|
|
|
# 2021-08-19 UPDATE: the /usr/bin/iiab-support command can now handle almost
|
|
# any /etc/iiab/local_vars.yml (PR #2957) making it all much more resilient!
|
|
|
|
# (2) openvpn_handle: "" (EMPTY STRING) IS HOWEVER TOLERATED -- in which case
|
|
# the OpenVPN server instead tries to use the 1st 6 chars of /etc/iiab/uuid
|
|
|
|
# (3) Finally if there's no client UUID (/etc/iiab/uuid) -- the OpenVPN server
|
|
# falls back to labelling that machine as generic: "client1's certificate"
|
|
|
|
# SEE ALSO /etc/openvpn/scripts/announcer & /usr/bin/iiab-support from:
|
|
# https://github.com/iiab/iiab/tree/master/roles/openvpn/templates
|
|
|
|
|
|
# "How do i fail a task in Ansible if the variable contains a boolean value?
|
|
# I want to perform input validation for Ansible playbooks"
|
|
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
|
|
|
|
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
|
|
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
|
|
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
|
|
|
|
- name: Assert that "openvpn_install is sameas true" (boolean not string etc)
|
|
assert:
|
|
that: openvpn_install is sameas true
|
|
fail_msg: "PLEASE SET 'openvpn_install: True' e.g. IN: /etc/iiab/local_vars.yml"
|
|
quiet: yes
|
|
|
|
- name: Assert that "openvpn_enabled | type_debug == 'bool'" (boolean not string etc)
|
|
assert:
|
|
that: openvpn_enabled | type_debug == 'bool'
|
|
fail_msg: "PLEASE GIVE VARIABLE 'openvpn_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
|
|
quiet: yes
|
|
|
|
|
|
- name: Install OpenVPN if 'openvpn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
|
|
include_tasks: install.yml
|
|
when: openvpn_installed is undefined
|
|
|
|
|
|
- include_tasks: enable-or-disable.yml
|
|
|
|
|
|
- name: Add 'openvpn' variable values to {{ iiab_ini_file }}
|
|
ini_file:
|
|
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
|
|
section: openvpn
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value | string }}"
|
|
with_items:
|
|
- option: name
|
|
value: OpenVPN
|
|
- option: description
|
|
value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."'
|
|
- option: openvpn_install
|
|
value: "{{ openvpn_install }}"
|
|
- option: openvpn_enabled
|
|
value: "{{ openvpn_enabled }}"
|
|
- option: openvpn_handle
|
|
value: "{{ openvpn_handle }}"
|
|
- option: openvpn_cron_enabled
|
|
value: "{{ openvpn_cron_enabled }}"
|
|
- option: openvpn_server
|
|
value: "{{ openvpn_server }}"
|
|
- option: openvpn_server_virtual_ip
|
|
value: "{{ openvpn_server_virtual_ip }}"
|
|
- option: openvpn_server_port
|
|
value: "{{ openvpn_server_port }}"
|