vpn-server:
  pkg.installed:
    - name: openvpn

#generate diff-hellman param files
#build only
gen-dh-param:
  cmd.run:
    - name: "openssl dhparam -out /etc/openvpn/server/dh.pem 2048"
    - onlyif: 'test ! -e /etc/openvpn/server/dh.pem'

#generate hmac key
#build only
gen-hmac-key:
  cmd.run:
    - name: "openvpn --genkey --secret /etc/openvpn/server/ta.key"
    - onlyif: 'test ! -e /etc/openvpn/server/ta.key'