forked from FF-RGB/ansible
63 lines
2.0 KiB
YAML
63 lines
2.0 KiB
YAML
---
|
|
|
|
- name: Create group
|
|
group: name=fastd
|
|
|
|
- name: Create user
|
|
user: name=fastd group=fastd
|
|
|
|
- name: Install fastd
|
|
apt: name=fastd state=latest
|
|
|
|
- name: Install haveged (to create entropy)
|
|
apt: name=haveged
|
|
|
|
- name: Systemd unit for fastd
|
|
copy: src=fastd@.service dest=/etc/systemd/system/fastd@.service
|
|
notify:
|
|
- Reload systemd
|
|
- Restart fastd
|
|
|
|
- name: Disable fastd default instance
|
|
service: name=fastd enabled=no
|
|
|
|
- name: Create config directory
|
|
file: path=/etc/fastd/{{ site_code }} state=directory
|
|
|
|
- name: Create config directories
|
|
file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory
|
|
with_sequence: start=0 count={{ fastd_instances }}
|
|
|
|
- name: Configure fastd
|
|
template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf
|
|
with_sequence: start=0 count={{ fastd_instances }}
|
|
notify: Restart fastd
|
|
|
|
- name: Generate fastd secret
|
|
fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf
|
|
notify: Restart fastd
|
|
|
|
- name: Permissions (secret)
|
|
file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf
|
|
|
|
- name: Create symlinks (secret)
|
|
file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link
|
|
with_sequence: start=0 count={{ fastd_instances }}
|
|
|
|
- name: Create Blacklist Script
|
|
copy: src=blacklist.sh dest=/etc/fastd/{{ site_code }}/blacklist.sh mode=0755 force=no
|
|
|
|
- name: Create symlinks (blacklist)
|
|
file: src=/etc/fastd/{{ site_code }}/blacklist.sh dest=/etc/fastd/{{ site_code }}{{ item }}/blacklist.sh state=link
|
|
with_sequence: start=0 count={{ fastd_instances }}
|
|
|
|
- name: Create Blacklist directory
|
|
file: path=/etc/fastd/{{ site_code }}/vpn-blacklist/ state=directory
|
|
|
|
- name: Create Blacklist file
|
|
copy: src=blacklist.json dest=/etc/fastd/{{ site_code }}/vpn-blacklist/blacklist.json mode=0644
|
|
|
|
- name: Enable fastd {{ site_code }}
|
|
service: name=fastd@{{ site_code }}{{ item }} enabled=yes
|
|
with_sequence: start=0 count={{ fastd_instances }}
|