Refactor lmn_vpn role
- Separate `lmn_vpn` from `lmn_teacherlaptop`. - Implement a check for the availability of the wireguard-server during the wg-config rollout. - Enhance variable support with a standardized naming schema: - VPN selection via `vpn` variable (`none`, `wg`). - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath). - Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked. - Ensure required packages and services are only installed and configured if the `vpn` variable is set. - Provide documentation for `lmn_vpn` module.
This commit is contained in:
Raphael Dannecker
parent
a68aaeb81c
commit
f1cb7486a5
11 changed files with 676 additions and 580 deletions
|
|
@ -47,7 +47,7 @@
|
|||
vars_files: lmn-vault
|
||||
vars:
|
||||
domain: "{{ ansible_domain }}"
|
||||
kerberize_uris: "{{ vault_kerberize_uris }}" ## example.org
|
||||
kerberize_uris: "{{ vault_kerberize_uris | default('example.org') }}"
|
||||
apt_conf: "{{ vault_apt_conf }}" ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
|
||||
ntp_serv: "{{ vault_ntp_serv }}" ## ntp.example.org
|
||||
nfs_server: "{{ vault_nfs_server }}" ## nfs.example.org
|
||||
|
|
@ -400,3 +400,15 @@
|
|||
tags:
|
||||
- never
|
||||
- wlan_8021x
|
||||
|
||||
|
||||
- name: Apply roles that must run serial
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
serial: 1
|
||||
ignore_unreachable: true
|
||||
|
||||
roles:
|
||||
- role: lmn_vpn
|
||||
when: vpn != "none"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue