feat: add openfortivpn role

ansible/roles/openfortivpn/tasks/main.yaml

@@ -0,0 +1,26 @@
+# - name: Generate openfortivpn systemd service unit
+#   become: true
+#   template:
+#     src: systemd/system/openfortivpn.service
+#     dest: /usr/lib/systemd/system/openfortivpn@.service
+
+- name: Create config dir
+  become: true
+  file:
+    path: /etc/openfortivpn
+    state: directory
+
+- name: Generate openfortivpn profile config
+  become: true
+  template:
+    src: openfortivpn/basic_vpn.conf
+    dest: "/etc/openfortivpn/{{ item.name }}.conf"
+  with_items: "{{ openfortivpn_profiles }}"
+
+- name: Enable openfortivpn systemd service for a given profile
+  become: true
+  ansible.builtin.systemd_service:
+    name: "openfortivpn@{{ item.name }}"
+    state: stopped
+    enabled: true
+  loop: "{{ openfortivpn_profiles }}"

ansible/templates/openfortivpn/basic_vpn.conf

@@ -0,0 +1,9 @@
+### configuration file for openfortivpn, see man openfortivpn(1) ###
+# File generated by monakhos, please change at the template source!
+
+host = {{ item.p.host }}
+port = {{ item.p.port }}
+username = {{ item.p.username }}
+password = {{ item.p.password }}
+
+trusted-cert = {{ item.p.trusted_cert }}

ansible/templates/systemd/system/openfortivpn.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=OpenFortiVPN for %I
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+Documentation=man:openfortivpn(1)
+Documentation=https://github.com/adrienverge/openfortivpn#readme
+Documentation=https://github.com/adrienverge/openfortivpn/wiki
+
+[Service]
+Type=notify
+PrivateTmp=true
+ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf
+Restart=on-failure
+OOMScoreAdjust=-100
+
+[Install]
+WantedBy=multi-user.target
+