Configure IPSec.

2 files changed, 40 insertions, 0 deletions

diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
new file mode 100644
index 0000000..d4270d7
--- /dev/null
+++ b/roles/common/tasks/ipsec.yml
@@ -0,0 +1,39 @@
+- name: Install strongSwan
+  apt: pkg=strongswan-ikev2
+
+- name: Ensure we have our private key
+  file: path=/etc/ipsec.d/private/{{ inventory_hostname }}.key
+        owner=root group=root
+        mode=0600
+  notify:
+    - Missing IPSec certificate
+
+- name: Ensure we have our public key
+  file: path=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
+        owner=root group=root
+        mode=0644
+  notify:
+    - Missing IPSec certificate
+
+- name: Ensure we have the CA's public key
+  file: path=/etc/ipsec.d/cacerts/cacert.pem
+        owner=root group=root
+        mode=0644
+  notify:
+    - Missing IPSec certificate
+
+- name: Configure IPSec's secrets
+  template: src=etc/ipsec.secrets.j2
+            dest=/etc/ipsec.secrets
+            owner=root group=root
+            mode=0600
+  notify:
+    - Restart IPSec
+
+- name: Configure IPSec
+  template: src=etc/ipsec.conf.j2
+            dest=/etc/ipsec.conf
+            owner=root group=root
+            mode=0644
+  notify:
+    - Restart IPSec
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index a2b7aad..ea85900 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -6,3 +6,4 @@
 - include: samhain.yml  tags=samhain
 - include: rkhunter.yml tags=rkhunter
 - include: fail2ban.yml tags=fail2ban
+- include: ipsec.yml    tags=strongswan,ipsec