From e63b5f5e39e2012bbdf1ca8301c6eb2cd13716cb Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 2 Jul 2014 20:52:27 +0200
Subject: Remove IPSec related files.

---
 roles/common/tasks/ipsec.yml | 75 --------------------------------------------
 1 file changed, 75 deletions(-)
 delete mode 100644 roles/common/tasks/ipsec.yml

(limited to 'roles/common/tasks')

diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
deleted file mode 100644
index 36807d2..0000000
--- a/roles/common/tasks/ipsec.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-- name: Install strongSwan
-  apt: pkg=strongswan-ikev2
-
-- name: Generate a private key and a X.509 certificate for IPSec
-  command: genkeypair.sh x509
-                         --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
-                         --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key
-                         --dns={{ inventory_hostname }}
-                         -t ecdsa -b secp521r1 -h sha512
-  register: r1
-  changed_when: r1.rc == 0
-  failed_when: r1.rc > 1
-  notify:
-    - Restart IPSec
-  tags:
-    - genkey
-
-- name: Fetch the public part of IPSec's host key
-  # Ensure we don't fetch private data
-  sudo: False
-  fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
-         dest=certs/ipsec/
-         fail_on_missing=yes
-         flat=yes
-  tags:
-    - genkey
-
-# Don't copy our pubkey due to a possible race condition.  Only the
-# remote machine has authority regarding its key.
-- name: Copy IPSec host pubkeys (except ours)
-  copy: src=certs/ipsec/{{ item }}.pem
-        dest=/etc/ipsec.d/certs/{{ item }}.pem
-        owner=root group=root
-        mode=0644
-  with_items: groups.all | difference([inventory_hostname])
-  register: r2
-  notify:
-    - Restart IPSec
-
-- name: Configure IPSec's secrets
-  template: src=etc/ipsec.secrets.j2
-            dest=/etc/ipsec.secrets
-            owner=root group=root
-            mode=0600
-  register: r3
-  notify:
-    - Restart IPSec
-
-- name: Configure IPSec
-  template: src=etc/ipsec.conf.j2
-            dest=/etc/ipsec.conf
-            owner=root group=root
-            mode=0644
-  register: r4
-  notify:
-    - Restart IPSec
-
-- name: Start IPSec
-  service: name=ipsec state=started
-  when: not (r1.changed or r2.changed or r3.changed or r4.changed)
-
-- name: Auto-create a dedicated interface for IPSec
-  copy: src=etc/network/if-up.d/ipsec
-        dest=/etc/network/if-up.d/ipsec
-        owner=root group=root
-        mode=0755
-  notify:
-    - Reload networking
-
-- name: Auto-deactivate the dedicated interface for IPSec
-  file: src=../if-up.d/ipsec
-        dest=/etc/network/if-down.d/ipsec
-        owner=root group=root state=link force=yes
-
-- meta: flush_handlers
-- 
cgit v1.2.3