summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-02 20:52:27 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:19 +0200
commite63b5f5e39e2012bbdf1ca8301c6eb2cd13716cb (patch)
tree4bddb44aa939edcd1c0e9204a057e8983b9d9fb6 /roles/common/tasks
parent9ff10c0ebe4d74f433d696232aa57c6a2c9e2aba (diff)
Remove IPSec related files.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/ipsec.yml75
1 files changed, 0 insertions, 75 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
deleted file mode 100644
index 36807d2..0000000
--- a/roles/common/tasks/ipsec.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-- name: Install strongSwan
- apt: pkg=strongswan-ikev2
-
-- name: Generate a private key and a X.509 certificate for IPSec
- command: genkeypair.sh x509
- --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
- --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key
- --dns={{ inventory_hostname }}
- -t ecdsa -b secp521r1 -h sha512
- register: r1
- changed_when: r1.rc == 0
- failed_when: r1.rc > 1
- notify:
- - Restart IPSec
- tags:
- - genkey
-
-- name: Fetch the public part of IPSec's host key
- # Ensure we don't fetch private data
- sudo: False
- fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
- dest=certs/ipsec/
- fail_on_missing=yes
- flat=yes
- tags:
- - genkey
-
-# Don't copy our pubkey due to a possible race condition. Only the
-# remote machine has authority regarding its key.
-- name: Copy IPSec host pubkeys (except ours)
- copy: src=certs/ipsec/{{ item }}.pem
- dest=/etc/ipsec.d/certs/{{ item }}.pem
- owner=root group=root
- mode=0644
- with_items: groups.all | difference([inventory_hostname])
- register: r2
- notify:
- - Restart IPSec
-
-- name: Configure IPSec's secrets
- template: src=etc/ipsec.secrets.j2
- dest=/etc/ipsec.secrets
- owner=root group=root
- mode=0600
- register: r3
- notify:
- - Restart IPSec
-
-- name: Configure IPSec
- template: src=etc/ipsec.conf.j2
- dest=/etc/ipsec.conf
- owner=root group=root
- mode=0644
- register: r4
- notify:
- - Restart IPSec
-
-- name: Start IPSec
- service: name=ipsec state=started
- when: not (r1.changed or r2.changed or r3.changed or r4.changed)
-
-- name: Auto-create a dedicated interface for IPSec
- copy: src=etc/network/if-up.d/ipsec
- dest=/etc/network/if-up.d/ipsec
- owner=root group=root
- mode=0755
- notify:
- - Reload networking
-
-- name: Auto-deactivate the dedicated interface for IPSec
- file: src=../if-up.d/ipsec
- dest=/etc/network/if-down.d/ipsec
- owner=root group=root state=link force=yes
-
-- meta: flush_handlers