48 lines
1.1 KiB
Text
48 lines
1.1 KiB
Text
vpn-server:
|
|
pkg.installed:
|
|
- name: openvpn
|
|
|
|
#generate diff-hellman param files
|
|
#build only
|
|
gen-dh-param:
|
|
cmd.run:
|
|
- name: "openssl dhparam -out /etc/openvpn/server/dh.pem 2048"
|
|
- onlyif: 'test ! -e /etc/openvpn/server/dh.pem'
|
|
|
|
#generate hmac key
|
|
#build only
|
|
gen-hmac-key:
|
|
cmd.run:
|
|
- name: "openvpn --genkey --secret /etc/openvpn/server/ta.key"
|
|
- onlyif: 'test ! -e /etc/openvpn/server/ta.key'
|
|
|
|
vpn-server-conf:
|
|
file.managed:
|
|
- name: /etc/openvpn/server/server.conf
|
|
- source: salt://roles/maintain/vpnserver/server.conf
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
vpn-client-conf:
|
|
file.managed:
|
|
- name: /etc/openvpn/client/client.conf
|
|
- source: salt://roles/maintain/vpnserver/client.conf
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
vpn-ca-cert:
|
|
file.managed:
|
|
- name: /etc/openvpn/server/ca.crt
|
|
- source: salt://secure/ca/ca.crt
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
vpn-server-service:
|
|
service.running:
|
|
- name: openvpn-server@server.service
|
|
- enable: true
|
|
- watch:
|
|
- file: vpn-server-conf
|