summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-10-30 21:49:34 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:31 +0200
commit42ec51e418142f68a97d96663a43ae617c971ad5 (patch)
treea329b6705d0c55d33b952c07a032e45fb3919c4c /roles/common/tasks
parent035ea3c7dbe80c92c59635f710076c586c7394c8 (diff)
Configure IPSec.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/ipsec.yml39
-rw-r--r--roles/common/tasks/main.yml1
2 files changed, 40 insertions, 0 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
new file mode 100644
index 0000000..d4270d7
--- /dev/null
+++ b/roles/common/tasks/ipsec.yml
@@ -0,0 +1,39 @@
+- name: Install strongSwan
+ apt: pkg=strongswan-ikev2
+
+- name: Ensure we have our private key
+ file: path=/etc/ipsec.d/private/{{ inventory_hostname }}.key
+ owner=root group=root
+ mode=0600
+ notify:
+ - Missing IPSec certificate
+
+- name: Ensure we have our public key
+ file: path=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
+ owner=root group=root
+ mode=0644
+ notify:
+ - Missing IPSec certificate
+
+- name: Ensure we have the CA's public key
+ file: path=/etc/ipsec.d/cacerts/cacert.pem
+ owner=root group=root
+ mode=0644
+ notify:
+ - Missing IPSec certificate
+
+- name: Configure IPSec's secrets
+ template: src=etc/ipsec.secrets.j2
+ dest=/etc/ipsec.secrets
+ owner=root group=root
+ mode=0600
+ notify:
+ - Restart IPSec
+
+- name: Configure IPSec
+ template: src=etc/ipsec.conf.j2
+ dest=/etc/ipsec.conf
+ owner=root group=root
+ mode=0644
+ notify:
+ - Restart IPSec
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index a2b7aad..ea85900 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -6,3 +6,4 @@
- include: samhain.yml tags=samhain
- include: rkhunter.yml tags=rkhunter
- include: fail2ban.yml tags=fail2ban
+- include: ipsec.yml tags=strongswan,ipsec