From 4801f7bd38ddf0d306c686bb0f70b7c3daa5ce25 Mon Sep 17 00:00:00 2001 From: Matthieu Bessat Date: Wed, 3 Jul 2024 18:02:43 +0200 Subject: [PATCH] feat: add openfortivpn role --- ansible/roles/openfortivpn/tasks/main.yaml | 26 +++++++++++++++++++ ansible/templates/openfortivpn/basic_vpn.conf | 9 +++++++ .../systemd/system/openfortivpn.service | 18 +++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 ansible/roles/openfortivpn/tasks/main.yaml create mode 100644 ansible/templates/openfortivpn/basic_vpn.conf create mode 100644 ansible/templates/systemd/system/openfortivpn.service diff --git a/ansible/roles/openfortivpn/tasks/main.yaml b/ansible/roles/openfortivpn/tasks/main.yaml new file mode 100644 index 0000000..9cd79f7 --- /dev/null +++ b/ansible/roles/openfortivpn/tasks/main.yaml @@ -0,0 +1,26 @@ +# - name: Generate openfortivpn systemd service unit +# become: true +# template: +# src: systemd/system/openfortivpn.service +# dest: /usr/lib/systemd/system/openfortivpn@.service + +- name: Create config dir + become: true + file: + path: /etc/openfortivpn + state: directory + +- name: Generate openfortivpn profile config + become: true + template: + src: openfortivpn/basic_vpn.conf + dest: "/etc/openfortivpn/{{ item.name }}.conf" + with_items: "{{ openfortivpn_profiles }}" + +- name: Enable openfortivpn systemd service for a given profile + become: true + ansible.builtin.systemd_service: + name: "openfortivpn@{{ item.name }}" + state: stopped + enabled: true + loop: "{{ openfortivpn_profiles }}" diff --git a/ansible/templates/openfortivpn/basic_vpn.conf b/ansible/templates/openfortivpn/basic_vpn.conf new file mode 100644 index 0000000..306483d --- /dev/null +++ b/ansible/templates/openfortivpn/basic_vpn.conf @@ -0,0 +1,9 @@ +### configuration file for openfortivpn, see man openfortivpn(1) ### +# File generated by monakhos, please change at the template source! + +host = {{ item.p.host }} +port = {{ item.p.port }} +username = {{ item.p.username }} +password = {{ item.p.password }} + +trusted-cert = {{ item.p.trusted_cert }} diff --git a/ansible/templates/systemd/system/openfortivpn.service b/ansible/templates/systemd/system/openfortivpn.service new file mode 100644 index 0000000..816dc47 --- /dev/null +++ b/ansible/templates/systemd/system/openfortivpn.service @@ -0,0 +1,18 @@ +[Unit] +Description=OpenFortiVPN for %I +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +Documentation=man:openfortivpn(1) +Documentation=https://github.com/adrienverge/openfortivpn#readme +Documentation=https://github.com/adrienverge/openfortivpn/wiki + +[Service] +Type=notify +PrivateTmp=true +ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf +Restart=on-failure +OOMScoreAdjust=-100 + +[Install] +WantedBy=multi-user.target +