ansible/roles/fastd/tasks/main.yml

63 lines
2.0 KiB
YAML

---
- name: Create group
group: name=fastd
- name: Create user
user: name=fastd group=fastd
- name: Install fastd
apt: name=fastd state=latest
- name: Install haveged (to create entropy)
apt: name=haveged
- name: Systemd unit for fastd
copy: src=fastd@.service dest=/etc/systemd/system/fastd@.service
notify:
- Reload systemd
- Restart fastd
- name: Disable fastd default instance
service: name=fastd enabled=no
- name: Create config directory
file: path=/etc/fastd/{{ site_code }} state=directory
- name: Create config directories
file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory
with_sequence: start=0 count={{ fastd_instances }}
- name: Configure fastd
template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf
with_sequence: start=0 count={{ fastd_instances }}
notify: Restart fastd
- name: Generate fastd secret
fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf
notify: Restart fastd
- name: Permissions (secret)
file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf
- name: Create symlinks (secret)
file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link
with_sequence: start=0 count={{ fastd_instances }}
- name: Create Blacklist Script
copy: src=blacklist.sh dest=/etc/fastd/{{ site_code }}/blacklist.sh mode=0755 force=no
- name: Create symlinks (blacklist)
file: src=/etc/fastd/{{ site_code }}/blacklist.sh dest=/etc/fastd/{{ site_code }}{{ item }}/blacklist.sh state=link
with_sequence: start=0 count={{ fastd_instances }}
- name: Create Blacklist directory
file: path=/etc/fastd/{{ site_code }}/vpn-blacklist/ state=directory
- name: Create Blacklist file
copy: src=blacklist.json dest=/etc/fastd/{{ site_code }}/vpn-blacklist/blacklist.sh mode=0755
- name: Enable fastd {{ site_code }}
service: name=fastd@{{ site_code }}{{ item }} enabled=yes
with_sequence: start=0 count={{ fastd_instances }}