Created
May 18, 2019 00:58
-
-
Save TimDumol/362a505b4b705e49647586568757a452 to your computer and use it in GitHub Desktop.
openvpn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: restart openvpn | |
| systemd: | |
| name: docker-openvpn | |
| daemon_reload: yes | |
| state: restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Setup EasyRSA store | |
| docker_container: | |
| name: ovpn-data | |
| image: busybox | |
| state: present | |
| volumes: | |
| - /etc/openvpn | |
| - name: Check if config exists | |
| command: docker run --volumes-from ovpn-data --rm busybox /bin/stat /etc/openvpn/openvpn.conf | |
| ignore_errors: yes | |
| register: config_exists | |
| - name: Initialize config | |
| command: docker run --volumes-from ovpn-data --rm kylemanna/openvpn ovpn_genconfig -u udp://tango.timdumol.com:1194 | |
| when: config_exists|failed | |
| # TODO: automate this | |
| #- name: Initialize PKI | |
| # command: docker run --volumes-from ovpn-data --rm -it kylemanna/openvpn ovpn_initpki | |
| - name: Update openvpn image | |
| docker_image: | |
| name: kylemanna/openvpn | |
| force: yes | |
| - name: Create OpenVPN container | |
| docker_container: | |
| name: ovpn | |
| image: kylemanna/openvpn | |
| state: present | |
| volumes_from: | |
| - ovpn-data | |
| published_ports: | |
| - 1194:1194/udp | |
| - 1194:1194 | |
| capabilities: | |
| - NET_ADMIN | |
| notify: restart openvpn | |
| # TODO: automate this | |
| # % docker run --volumes-from ovpn-data --rm -it kylemanna/openvpn easyrsa build-client-full tim-linux-msi nopass | |
| # % docker run --volumes-from ovpn-data --rm kylemanna/openvpn ovpn_getclient tim-linux-msi > tango.ovpn | |
| - name: Create OpenVPN service | |
| template: | |
| src: docker-openvpn.service.j2 | |
| dest: /etc/systemd/system/docker-openvpn.service | |
| notify: restart openvpn | |
| - name: Start and enable OpenVPN | |
| systemd: | |
| daemon_reload: yes | |
| name: docker-openvpn | |
| state: started | |
| enabled: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Dockerized OpenVPN | |
| Requires=network.target docker.service | |
| After=network.target docker.service | |
| [Service] | |
| Type=simple | |
| Restart=always | |
| ExecStart=/usr/bin/docker start -a ovpn | |
| ExecStop=/usr/bin/docker stop -t 2 ovpn | |
| [Install] | |
| WantedBy=docker.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment