diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2013-10-30 21:49:34 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:31 +0200 |
commit | 42ec51e418142f68a97d96663a43ae617c971ad5 (patch) | |
tree | a329b6705d0c55d33b952c07a032e45fb3919c4c /roles/common/tasks | |
parent | 035ea3c7dbe80c92c59635f710076c586c7394c8 (diff) |
Configure IPSec.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r-- | roles/common/tasks/ipsec.yml | 39 | ||||
-rw-r--r-- | roles/common/tasks/main.yml | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml new file mode 100644 index 0000000..d4270d7 --- /dev/null +++ b/roles/common/tasks/ipsec.yml @@ -0,0 +1,39 @@ +- name: Install strongSwan + apt: pkg=strongswan-ikev2 + +- name: Ensure we have our private key + file: path=/etc/ipsec.d/private/{{ inventory_hostname }}.key + owner=root group=root + mode=0600 + notify: + - Missing IPSec certificate + +- name: Ensure we have our public key + file: path=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem + owner=root group=root + mode=0644 + notify: + - Missing IPSec certificate + +- name: Ensure we have the CA's public key + file: path=/etc/ipsec.d/cacerts/cacert.pem + owner=root group=root + mode=0644 + notify: + - Missing IPSec certificate + +- name: Configure IPSec's secrets + template: src=etc/ipsec.secrets.j2 + dest=/etc/ipsec.secrets + owner=root group=root + mode=0600 + notify: + - Restart IPSec + +- name: Configure IPSec + template: src=etc/ipsec.conf.j2 + dest=/etc/ipsec.conf + owner=root group=root + mode=0644 + notify: + - Restart IPSec diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index a2b7aad..ea85900 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -6,3 +6,4 @@ - include: samhain.yml tags=samhain - include: rkhunter.yml tags=rkhunter - include: fail2ban.yml tags=fail2ban +- include: ipsec.yml tags=strongswan,ipsec |