Home Explore Help
Sign In
blaine
/
infra
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add openvpn role

Blaine Story 1 year ago
parent
806535fb08
commit
5b86fe1e28
4 changed files with 126 additions and 0 deletions
Split View Show Diff Stats
  1. 34 0
      roles/openvpn/tasks/main.yml
  2. 2 0
      roles/openvpn/templates/login.conf.j2
  3. 85 0
      roles/openvpn/templates/proton.conf.j2
  4. 5 0
      roles/openvpn/vars/main.yml

+ 34 - 0
roles/openvpn/tasks/main.yml
View File 

@@ -0,0 +1,34 @@
 
+---
 
+- name: Install openvpn
 
+  ansible.builtin.package:
 
+    name:
 
+      - openvpn
 
+      - openresolv
 
+    state: present
 
+
 
+
 
+- name: Install openresolv script
 
+  ansible.builtin.get_url:
 
+    url: https://raw.githubusercontent.com/ProtonVPN/scripts/master/update-resolv-conf.sh
 
+    dest: /etc/openvpn/update-resolv-conf
 
+    mode: '0755'
 
+
 
+
 
+- name: Write config files
 
+  ansible.builtin.template:
 
+     src: "{{ item }}.conf.j2"
 
+     dest: /etc/openvpn/{{ item }}.conf
 
+     owner: root
 
+     group: root
 
+     mode: '0640'
 
+  loop:
 
+    - login
 
+    - proton
 
+
 
+
 
+- name: Start/enable openvpn service
 
+  ansible.builtin.systemd_service:
 
+    name: openvpn@proton
 
+    state: started
 
+    enabled: true
 
+

+ 2 - 0
roles/openvpn/templates/login.conf.j2
View File 

@@ -0,0 +1,2 @@
 
+{{ openvpn_user }}
 
+{{ openvpn_pass }}

+ 85 - 0
roles/openvpn/templates/proton.conf.j2
View File 

@@ -0,0 +1,85 @@
 
+client
 
+dev tun
 
+proto tcp
 
+
 
+remote {{ openvpn_remote }} 443
 
+remote {{ openvpn_remote }} 7770
 
+remote {{ openvpn_remote }} 8443
 
+
 
+remote-random
 
+resolv-retry infinite
 
+nobind
 
+
 
+cipher AES-256-GCM
 
+
 
+setenv CLIENT_CERT 0
 
+tun-mtu 1500
 
+mssfix 0
 
+persist-key
 
+persist-tun
 
+
 
+reneg-sec 0
 
+
 
+remote-cert-tls server
 
+auth-user-pass login.conf
 
+
 
+script-security 2
 
+up /etc/openvpn/update-resolv-conf
 
+down /etc/openvpn/update-resolv-conf
 
+
 
+<ca>
 
+-----BEGIN CERTIFICATE-----
 
+MIIFnTCCA4WgAwIBAgIUCI574SM3Lyh47GyNl0WAOYrqb5QwDQYJKoZIhvcNAQEL
 
+BQAwXjELMAkGA1UEBhMCQ0gxHzAdBgNVBAoMFlByb3RvbiBUZWNobm9sb2dpZXMg
 
+QUcxEjAQBgNVBAsMCVByb3RvblZQTjEaMBgGA1UEAwwRUHJvdG9uVlBOIFJvb3Qg
 
+Q0EwHhcNMTkxMDE3MDgwNjQxWhcNMzkxMDEyMDgwNjQxWjBeMQswCQYDVQQGEwJD
 
+SDEfMB0GA1UECgwWUHJvdG9uIFRlY2hub2xvZ2llcyBBRzESMBAGA1UECwwJUHJv
 
+dG9uVlBOMRowGAYDVQQDDBFQcm90b25WUE4gUm9vdCBDQTCCAiIwDQYJKoZIhvcN
 
+AQEBBQADggIPADCCAgoCggIBAMkUT7zMUS5C+NjQ7YoGpVFlfbN9HFgG4JiKfHB8
 
+QxnPPRgyTi0zVOAj1ImsRilauY8Ddm5dQtd8qcApoz6oCx5cFiiSQG2uyhS/59Zl
 
+5wqIkw1o+CgwZgeWkq04lcrxhhfPgJZRFjrYVezy/Z2Ssd18s3/FFNQ+2iV1KC2K
 
+z8eSPr50u+l9vEKsKiNGkJTdlWjoDKZM2C15i/h8Smi+PdJlx7WMTtYoVC1Fzq0r
 
+aCPDQl18kspu11b6d8ECPWghKcDIIKuA0r0nGqF1GvH1AmbC/xUaNrKgz9AfioZL
 
+MP/l22tVG3KKM1ku0eYHX7NzNHgkM2JKnBBannImQQBGTAcvvUlnfF3AHx4vzx7H
 
+ahpBz8ebThx2uv+vzu8lCVEcKjQObGwLbAONJN2enug8hwSSZQv7tz7onDQWlYh0
 
+El5fnkrEQGbukNnSyOqTwfobvBllIPzBqdO38eZFA0YTlH9plYjIjPjGl931lFAA
 
+3G9t0x7nxAauLXN5QVp1yoF1tzXc5kN0SFAasM9VtVEOSMaGHLKhF+IMyVX8h5Iu
 
+IRC8u5O672r7cHS+Dtx87LjxypqNhmbf1TWyLJSoh0qYhMr+BbO7+N6zKRIZPI5b
 
+MXc8Be2pQwbSA4ZrDvSjFC9yDXmSuZTyVo6Bqi/KCUZeaXKof68oNxVYeGowNeQd
 
+g/znAgMBAAGjUzBRMB0GA1UdDgQWBBR44WtTuEKCaPPUltYEHZoyhJo+4TAfBgNV
 
+HSMEGDAWgBR44WtTuEKCaPPUltYEHZoyhJo+4TAPBgNVHRMBAf8EBTADAQH/MA0G
 
+CSqGSIb3DQEBCwUAA4ICAQBBmzCQlHxOJ6izys3TVpaze+rUkA9GejgsB2DZXIcm
 
+4Lj/SNzQsPlZRu4S0IZV253dbE1DoWlHanw5lnXwx8iU82X7jdm/5uZOwj2NqSqT
 
+bTn0WLAC6khEKKe5bPTf18UOcwN82Le3AnkwcNAaBO5/TzFQVgnVedXr2g6rmpp9
 
+gdedeEl9acB7xqfYfkrmijqYMm+xeG2rXaanch3HjweMDuZdT/Ub5G6oir0Kowft
 
+lA1ytjXRg+X+yWymTpF/zGLYfSodWWjMKhpzZtRJZ+9B0pWXUyY7SuCj5T5SMIAu
 
+x3NQQ46wSbHRolIlwh7zD7kBgkyLe7ByLvGFKa2Vw4PuWjqYwrRbFjb2+EKAwPu6
 
+VTWz/QQTU8oJewGFipw94Bi61zuaPvF1qZCHgYhVojRy6KcqncX2Hx9hjfVxspBZ
 
+DrVH6uofCmd99GmVu+qizybWQTrPaubfc/a2jJIbXc2bRQjYj/qmjE3hTlmO3k7V
 
+EP6i8CLhEl+dX75aZw9StkqjdpIApYwX6XNDqVuGzfeTXXclk4N4aDPwPFM/Yo/e
 
+KnvlNlKbljWdMYkfx8r37aOHpchH34cv0Jb5Im+1H07ywnshXNfUhRazOpubJRHn
 
+bjDuBwWS1/Vwp5AJ+QHsPXhJdl3qHc1szJZVJb3VyAWvG/bWApKfFuZX18tiI4N0
 
+EA==
 
+-----END CERTIFICATE-----
 
+</ca>
 
+
 
+<tls-crypt>
 
+-----BEGIN OpenVPN Static key V1-----
 
+6acef03f62675b4b1bbd03e53b187727
 
+423cea742242106cb2916a8a4c829756
 
+3d22c7e5cef430b1103c6f66eb1fc5b3
 
+75a672f158e2e2e936c3faa48b035a6d
 
+e17beaac23b5f03b10b868d53d03521d
 
+8ba115059da777a60cbfd7b2c9c57472
 
+78a15b8f6e68a3ef7fd583ec9f398c8b
 
+d4735dab40cbd1e3c62a822e97489186
 
+c30a0b48c7c38ea32ceb056d3fa5a710
 
+e10ccc7a0ddb363b08c3d2777a3395e1
 
+0c0b6080f56309192ab5aacd4b45f55d
 
+a61fc77af39bd81a19218a79762c3386
 
+2df55785075f37d8c71dc8a42097ee43
 
+344739a0dd48d03025b0450cf1fb5e8c
 
+aeb893d9a96d1f15519bb3c4dcb40ee3
 
+16672ea16c012664f8a9f11255518deb
 
+-----END OpenVPN Static key V1-----
 
+</tls-crypt>

+ 5 - 0
roles/openvpn/vars/main.yml
View File 

@@ -0,0 +1,5 @@
 
+---
 
+openvpn_remote: "{{ vaulted_openvpn_remote }}"
 
+openvpn_user: "{{ vaulted_openvpn_user }}"
 
+openvpn_pass: "{{ vaulted_openvpn_pass }}"
 
+