diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-02 20:52:27 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:19 +0200 |
| commit | e63b5f5e39e2012bbdf1ca8301c6eb2cd13716cb (patch) | |
| tree | 4bddb44aa939edcd1c0e9204a057e8983b9d9fb6 /roles/common/tasks | |
| parent | 9ff10c0ebe4d74f433d696232aa57c6a2c9e2aba (diff) | |
Remove IPSec related files.
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml deleted file mode 100644 index 36807d2..0000000 --- a/roles/common/tasks/ipsec.yml +++ /dev/null @@ -1,75 +0,0 @@ -- name: Install strongSwan - apt: pkg=strongswan-ikev2 - -- name: Generate a private key and a X.509 certificate for IPSec - command: genkeypair.sh x509 - --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem - --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key - --dns={{ inventory_hostname }} - -t ecdsa -b secp521r1 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 - notify: - - Restart IPSec - tags: - - genkey - -- name: Fetch the public part of IPSec's host key - # Ensure we don't fetch private data - sudo: False - fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem - dest=certs/ipsec/ - fail_on_missing=yes - flat=yes - tags: - - genkey - -# Don't copy our pubkey due to a possible race condition. Only the -# remote machine has authority regarding its key. -- name: Copy IPSec host pubkeys (except ours) - copy: src=certs/ipsec/{{ item }}.pem - dest=/etc/ipsec.d/certs/{{ item }}.pem - owner=root group=root - mode=0644 - with_items: groups.all | difference([inventory_hostname]) - register: r2 - notify: - - Restart IPSec - -- name: Configure IPSec's secrets - template: src=etc/ipsec.secrets.j2 - dest=/etc/ipsec.secrets - owner=root group=root - mode=0600 - register: r3 - notify: - - Restart IPSec - -- name: Configure IPSec - template: src=etc/ipsec.conf.j2 - dest=/etc/ipsec.conf - owner=root group=root - mode=0644 - register: r4 - notify: - - Restart IPSec - -- name: Start IPSec - service: name=ipsec state=started - when: not (r1.changed or r2.changed or r3.changed or r4.changed) - -- name: Auto-create a dedicated interface for IPSec - copy: src=etc/network/if-up.d/ipsec - dest=/etc/network/if-up.d/ipsec - owner=root group=root - mode=0755 - notify: - - Reload networking - -- name: Auto-deactivate the dedicated interface for IPSec - file: src=../if-up.d/ipsec - dest=/etc/network/if-down.d/ipsec - owner=root group=root state=link force=yes - -- meta: flush_handlers |