ansible: break out ipsec and ntp to separate files

diff --git a/ansible/roles/router/tasks/ipsec.yaml b/ansible/roles/router/tasks/ipsec.yaml
new file mode 100644 (file)
index 0000000..16be633
--- /dev/null
+++ b/ansible/roles/router/tasks/ipsec.yaml
@@ -0,0 +1,49 @@
+- name: Install strongswan
+  community.general.pkgng:
+    name: strongswan
+    state: present
+  become: true
+- name: install ipsec.conf
+  template:
+    src: "{{ ipsec_conf }}"
+    dest: "/usr/local/etc/ipsec.conf"
+    owner: root
+    group: wheel
+    mode: 0644
+  become: true
+- name: install certificates
+  template:
+    src: "{{ item.src }}"
+    dest: "/usr/local/etc/ipsec.d/certs/"
+    owner: root
+    group: wheel
+    mode: 0644
+  with_filetree: '{{ role_path }}/templates/certs'
+  when: item.state == 'file'
+  become: true
+- name: install ca cert
+  template:
+    src: "cacerts/sigsegv.be.pem"
+    dest: "/usr/local/etc/ipsec.d/cacert/"
+    owner: root
+    group: wheel
+    mode: 0644
+  become: true
+- name: install private key
+  template:
+    src: "private/{{ hostname }}.key"
+    dest: "/usr/local/etc/ipsec.d/private/"
+    owner: root
+    group: wheel
+    mode: 0644
+  become: true
+- name: ipsec enable
+  community.general.sysrc:
+    name: strongswan_enable
+    value: "YES"
+- name: Start strongswam
+  ansible.builtin.service:
+    name:  strongswan
+    state: started
+  become: true
+

diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml
index 4991049..7d9f3f2 100644 (file)
--- a/ansible/roles/router/tasks/main.yaml
+++ b/ansible/roles/router/tasks/main.yaml
@@ -26,62 +26,9 @@
     name: local_unbound_enable
     value: "YES"
   become: true
-- name: ntp enable
-  community.general.sysrc:
-    name: ntpd_enable
-    value: "YES"
-  become: true
-- name: ntpdate enable
-  community.general.sysrc:
-    name: ntpdate_enable
-    value: "YES"
-- name: Install strongswan
-  community.general.pkgng:
-    name: strongswan
-    state: present
-  become: true
-- name: install ipsec.conf
-  template:
-    src: "{{ ipsec_conf }}"
-    dest: "/usr/local/etc/ipsec.conf"
-    owner: root
-    group: wheel
-    mode: 0644
-  become: true
-- name: install certificates
-  template:
-    src: "{{ item.src }}"
-    dest: "/usr/local/etc/ipsec.d/certs/"
-    owner: root
-    group: wheel
-    mode: 0644
-  with_filetree: '{{ role_path }}/templates/certs'
-  when: item.state == 'file'
-  become: true
-- name: install ca cert
-  template:
-    src: "cacerts/sigsegv.be.pem"
-    dest: "/usr/local/etc/ipsec.d/cacert/"
-    owner: root
-    group: wheel
-    mode: 0644
-  become: true
-- name: install private key
-  template:
-    src: "private/{{ hostname }}.key"
-    dest: "/usr/local/etc/ipsec.d/private/"
-    owner: root
-    group: wheel
-    mode: 0644
-  become: true
-- name: ipsec enable
-  community.general.sysrc:
-    name: strongswan_enable
-    value: "YES"
-- name: Start strongswam
-  ansible.builtin.service:
-    name:  strongswan
-    state: started
-  become: true
+- name: ntp
+  import_tasks: ntp.yaml
+- name: IPSec
+  import_tasks: ipsec.yaml
 - name: dynamic dns
   import_tasks: dyndns.yaml

diff --git a/ansible/roles/router/tasks/ntp.yaml b/ansible/roles/router/tasks/ntp.yaml
new file mode 100644 (file)
index 0000000..4c32b1a
--- /dev/null
+++ b/ansible/roles/router/tasks/ntp.yaml
@@ -0,0 +1,13 @@
+- name: ntp enable
+  community.general.sysrc:
+    name: ntpd_enable
+    value: "YES"
+  become: true
+- name: ntpdate enable
+  community.general.sysrc:
+    name: ntpdate_enable
+    value: "YES"
+- name: sync on start
+  community.general.sysrc:
+    name: ntpd_sync_on_start
+    value: "YES"