From: Kristof Provost Date: Sun, 28 Apr 2024 20:40:53 +0000 (+0200) Subject: ansible: break out ipsec and ntp to separate files X-Git-Url: https://git.sigsegv.be/?a=commitdiff_plain;h=ecb4dce26dedd17ceadc68e5a23942189a5e6970;p=pennestraat-domotica ansible: break out ipsec and ntp to separate files --- diff --git a/ansible/roles/router/tasks/ipsec.yaml b/ansible/roles/router/tasks/ipsec.yaml new file mode 100644 index 0000000..16be633 --- /dev/null +++ b/ansible/roles/router/tasks/ipsec.yaml @@ -0,0 +1,49 @@ +- name: Install strongswan + community.general.pkgng: + name: strongswan + state: present + become: true +- name: install ipsec.conf + template: + src: "{{ ipsec_conf }}" + dest: "/usr/local/etc/ipsec.conf" + owner: root + group: wheel + mode: 0644 + become: true +- name: install certificates + template: + src: "{{ item.src }}" + dest: "/usr/local/etc/ipsec.d/certs/" + owner: root + group: wheel + mode: 0644 + with_filetree: '{{ role_path }}/templates/certs' + when: item.state == 'file' + become: true +- name: install ca cert + template: + src: "cacerts/sigsegv.be.pem" + dest: "/usr/local/etc/ipsec.d/cacert/" + owner: root + group: wheel + mode: 0644 + become: true +- name: install private key + template: + src: "private/{{ hostname }}.key" + dest: "/usr/local/etc/ipsec.d/private/" + owner: root + group: wheel + mode: 0644 + become: true +- name: ipsec enable + community.general.sysrc: + name: strongswan_enable + value: "YES" +- name: Start strongswam + ansible.builtin.service: + name: strongswan + state: started + become: true + diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml index 4991049..7d9f3f2 100644 --- a/ansible/roles/router/tasks/main.yaml +++ b/ansible/roles/router/tasks/main.yaml @@ -26,62 +26,9 @@ name: local_unbound_enable value: "YES" become: true -- name: ntp enable - community.general.sysrc: - name: ntpd_enable - value: "YES" - become: true -- name: ntpdate enable - community.general.sysrc: - name: ntpdate_enable - value: "YES" -- name: Install strongswan - community.general.pkgng: - name: strongswan - state: present - become: true -- name: install ipsec.conf - template: - src: "{{ ipsec_conf }}" - dest: "/usr/local/etc/ipsec.conf" - owner: root - group: wheel - mode: 0644 - become: true -- name: install certificates - template: - src: "{{ item.src }}" - dest: "/usr/local/etc/ipsec.d/certs/" - owner: root - group: wheel - mode: 0644 - with_filetree: '{{ role_path }}/templates/certs' - when: item.state == 'file' - become: true -- name: install ca cert - template: - src: "cacerts/sigsegv.be.pem" - dest: "/usr/local/etc/ipsec.d/cacert/" - owner: root - group: wheel - mode: 0644 - become: true -- name: install private key - template: - src: "private/{{ hostname }}.key" - dest: "/usr/local/etc/ipsec.d/private/" - owner: root - group: wheel - mode: 0644 - become: true -- name: ipsec enable - community.general.sysrc: - name: strongswan_enable - value: "YES" -- name: Start strongswam - ansible.builtin.service: - name: strongswan - state: started - become: true +- name: ntp + import_tasks: ntp.yaml +- name: IPSec + import_tasks: ipsec.yaml - name: dynamic dns import_tasks: dyndns.yaml diff --git a/ansible/roles/router/tasks/ntp.yaml b/ansible/roles/router/tasks/ntp.yaml new file mode 100644 index 0000000..4c32b1a --- /dev/null +++ b/ansible/roles/router/tasks/ntp.yaml @@ -0,0 +1,13 @@ +- name: ntp enable + community.general.sysrc: + name: ntpd_enable + value: "YES" + become: true +- name: ntpdate enable + community.general.sysrc: + name: ntpdate_enable + value: "YES" +- name: sync on start + community.general.sysrc: + name: ntpd_sync_on_start + value: "YES"