Skip to content

Commit

Permalink
Support freebsd (#176)
Browse files Browse the repository at this point in the history
* Support FreeBSD: no logrotate, no `wheel` group

* Add FreeBSD to supported OS list

---------

Co-authored-by: Kyle Lexmond <[email protected]>
  • Loading branch information
misdoro and kyl191 authored Dec 22, 2024
1 parent 826ce0b commit 21ebcb8
Show file tree
Hide file tree
Showing 7 changed files with 49 additions and 27 deletions.
5 changes: 5 additions & 0 deletions defaults/main/role.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,15 @@ openvpn_no_nat: false

# Misc
ci_build: false
openvpn_conf_user: root
openvpn_conf_group: root
openvpn_script_user: root
openvpn_script_group: root
openvpn_client_config_no_log: true
openvpn_revoke_these_certs: []
openvpn_selinux_module: my-openvpn-server
openvpn_service_name: openvpn
openvpn_sync_certs: false
openvpn_uninstall: false
openvpn_use_ldap: false
openvpn_use_logrotate: true
7 changes: 7 additions & 0 deletions meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,13 @@ galaxy_info:
- "38"
- "39"
- "40"
- name: FreeBSD
versions:
- "12"
- "13"
- name: Ubuntu
versions:
- trusty
galaxy_tags:
- networking

Expand Down
8 changes: 4 additions & 4 deletions tasks/client_keys.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@
ansible.builtin.copy:
src: openssl-client.ext
dest: "{{ openvpn_key_dir }}"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0400"

- name: Generate client key
Expand Down Expand Up @@ -67,8 +67,8 @@
ansible.builtin.template:
src: client.ovpn.j2
dest: "{{ openvpn_ovpn_dir }}/{{ item.0.item }}-{{ inventory_hostname }}.ovpn"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0400"
with_together:
- "{{ client_certs.results }}"
Expand Down
26 changes: 13 additions & 13 deletions tasks/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
ansible.builtin.template:
src: server.conf.j2
dest: "{{ openvpn_base_dir }}/{{ openvpn_config_file }}.conf"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0644"
notify:
- Restart openvpn
Expand Down Expand Up @@ -54,42 +54,42 @@
ansible.builtin.template:
src: ldap.conf.j2
dest: "{{ openvpn_base_dir }}/auth/ldap.conf"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0644"
when: openvpn_use_ldap

- name: Create log directory
ansible.builtin.file:
dest: "{{ openvpn_log_dir }}"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0755"

- name: Copy openvpn logrotate config file
ansible.builtin.template:
src: openvpn_logrotate.conf.j2
dest: /etc/logrotate.d/openvpn-{{ openvpn_config_file }}.conf
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0400"
when: ansible_os_family != 'Solaris'
when: openvpn_use_logrotate

- name: Create client config directory
ansible.builtin.file:
state: directory
path: "{{ openvpn_base_dir }}/{{ openvpn_client_config_dir }}"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0755"
when: openvpn_client_config

- name: Create client configs
ansible.builtin.template:
src: client_ccd.j2
dest: "{{ openvpn_base_dir }}/{{ openvpn_client_config_dir }}/{{ item.key }}"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0644"
when: openvpn_client_config
with_dict: "{{ openvpn_client_configs }}"
Expand Down
20 changes: 10 additions & 10 deletions tasks/server_keys.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ openvpn_key_dir }}"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0400"
with_items:
- openssl-server.ext
Expand Down Expand Up @@ -94,8 +94,8 @@
ansible.builtin.copy:
src: dh.pem
dest: "{{ openvpn_key_dir }}"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0400"
when: openvpn_use_pregenerated_dh_params|bool

Expand All @@ -111,8 +111,8 @@
ansible.builtin.template:
src: ca.conf.j2
dest: "{{ openvpn_key_dir }}/ca.conf"
owner: root
group: root
owner: "{{ openvpn_conf_user }}"
group: "{{ openvpn_conf_group }}"
mode: "0744"

- name: Create initial certificate revocation list squence number
Expand All @@ -132,8 +132,8 @@
ansible.builtin.template:
src: revoke.sh.j2
dest: "{{ openvpn_key_dir }}/revoke.sh"
owner: root
group: root
owner: "{{ openvpn_script_user }}"
group: "{{ openvpn_script_group }}"
mode: "0744"

- name: Check if certificate revocation list database exists
Expand All @@ -158,8 +158,8 @@
ansible.builtin.template:
src: crl-cron.sh.j2
dest: "{{ openvpn_base_dir }}/crl-cron.sh"
owner: root
group: root
owner: "{{ openvpn_script_user }}"
group: "{{ openvpn_script_group }}"
mode: "0744"

# This should eventually be switched to use a systemd timer
Expand Down
9 changes: 9 additions & 0 deletions vars/FreeBSD.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
manage_firewall_rules: false
openvpn_config_file: "openvpn"
openvpn_base_dir: /usr/local/etc/openvpn
openvpn_key_dir: /usr/local/etc/openvpn/keys
openvpn_conf_user: root
openvpn_conf_group: wheel
openvpn_script_group: wheel
openvpn_use_logrotate: false
1 change: 1 addition & 0 deletions vars/Solaris.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ openvpn_config_file: "openvpn"
openvpn_base_dir: /opt/local/etc/openvpn
openvpn_key_dir: /opt/local/etc/openvpn/keys
openvpn_use_ldap: false
openvpn_use_logrotate: false

0 comments on commit 21ebcb8

Please sign in to comment.