bodsch · bodsch · Jun 21, 2024 · Jun 21, 2024
diff --git a/galaxy.yml b/galaxy.yml
@@ -2,7 +2,7 @@
 namespace: bodsch
 name: core
 
-version: 2.0.0
+version: 2.1.0
 
 readme: README.md
 

diff --git a/plugins/filter/dns.py b/plugins/filter/dns.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/filter/linked_version.py b/plugins/filter/linked_version.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/filter/parse_checksum.py b/plugins/filter/parse_checksum.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/filter/python.py b/plugins/filter/python.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/filter/types.py b/plugins/filter/types.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/filter/union_by.py b/plugins/filter/union_by.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/filter/verify.py b/plugins/filter/verify.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/lookup/file_glob.py b/plugins/lookup/file_glob.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>

diff --git a/plugins/module_utils/cache/cache_valid.py b/plugins/module_utils/cache/cache_valid.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/checksum.py b/plugins/module_utils/checksum.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/diff.py b/plugins/module_utils/diff.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/directory.py b/plugins/module_utils/directory.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/dns_lookup.py b/plugins/module_utils/dns_lookup.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/file.py b/plugins/module_utils/file.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/lists.py b/plugins/module_utils/lists.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/module_results.py b/plugins/module_utils/module_results.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/template/template.py b/plugins/module_utils/template/template.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/module_utils/validate.py b/plugins/module_utils/validate.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/aur.py b/plugins/modules/aur.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/easyrsa.py b/plugins/modules/easyrsa.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2022, Bodo Schulz <bodo@boone-schulz.de>
@@ -116,7 +116,8 @@ def run(self):
             """
             args.append("--batch")
             # args.append(f"--pki-dir={self._pki_dir}")
-            args.append(f"--req-cn={self._req_cn_ca}")
+            if self._req_cn_ca:
+                args.append(f"--req-cn={self._req_cn_ca}")
             args.append(self.state)
             args.append(self._req_cn_server)
             args.append("nopass")

diff --git a/plugins/modules/facts.py b/plugins/modules/facts.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/journalctl.py b/plugins/modules/journalctl.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/mysql_schema.py b/plugins/modules/mysql_schema.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/openvpn.py b/plugins/modules/openvpn.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2022, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/openvpn_client_certificate.py b/plugins/modules/openvpn_client_certificate.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2022, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/openvpn_crl.py b/plugins/modules/openvpn_crl.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2022-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/openvpn_ovpn.py b/plugins/modules/openvpn_ovpn.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2022, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/openvpn_version.py b/plugins/modules/openvpn_version.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/package_version.py b/plugins/modules/package_version.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/pip_requirements.py b/plugins/modules/pip_requirements.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/remove_ansible_backups.py b/plugins/modules/remove_ansible_backups.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/sync_directory.py b/plugins/modules/sync_directory.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2023, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/plugins/modules/syslog_cmd.py b/plugins/modules/syslog_cmd.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
 # (c) 2020-2022, Bodo Schulz <bodo@boone-schulz.de>

diff --git a/roles/openvpn/collections.yml b/roles/openvpn/collections.yml
@@ -2,3 +2,4 @@
 
 collections:
   - name: bodsch.core
+  - name: community.crypto
diff --git a/roles/openvpn/molecule/server_with_client/group_vars/openvpn_server/vars.yml b/roles/openvpn/molecule/server_with_client/group_vars/openvpn_server/vars.yml
@@ -50,12 +50,17 @@ openvpn_persistent_pool:
   - name: roadrunner_one
     state: present
     static_ip: 10.8.3.10
+    netmask: 255.255.0.0
   - name: roadrunner_two
     state: present
     static_ip: 10.8.3.11
   - name: molecule
     state: present
     static_ip: 10.8.3.100
+  - name: obsolate
+    state: absent
+    static_ip: 10.8.3.250
+
 
 openvpn_mobile_clients:
   - name: roadrunner_one

diff --git a/roles/openvpn/tasks/configure/client.yml b/roles/openvpn/tasks/configure/client.yml
@@ -47,7 +47,7 @@
 - name: create or revoke client certificate
   delegate_to: "{{ client.remote }}"
   bodsch.core.openvpn_client_certificate:
-    state: "{{ client.state | default('present') }}"
+    state: "{{ client.state }}"
     username: "{{ client.name }}"
   args:
     chdir: '{{ openvpn_easyrsa.directory }}'
@@ -56,7 +56,7 @@
   loop_control:
     index_var: index
     loop_var: client
-    label: "{{ client.name }}, state: {{ client.state | default('present') }}"
+    label: "{{ client.name }}, state: {{ client.state }}"
 
 - name: create openvpn client configs
   ansible.builtin.include_tasks: configure/static_client_instances.yml

diff --git a/roles/openvpn/tasks/configure/server.yml b/roles/openvpn/tasks/configure/server.yml
@@ -268,6 +268,33 @@
     - openvpn_persistent_pool is defined
     - openvpn_persistent_pool | count > 0
 
+- name: remove old static client IPs
+  ansible.builtin.file:
+    state: absent
+    path: "/etc/openvpn/client/{{ item.name }}"
+  loop:
+    "{{ openvpn_persistent_pool }}"
+  loop_control:
+    label: "{{ item.name | default('') }}"
+  when:
+    - openvpn_persistent_pool is defined
+    - openvpn_persistent_pool | count > 0
+    - item.state | default('present') == 'absent'
+
+- name: define static client IPs
+  ansible.builtin.template:
+    src: openvpn/server/static-client.j2
+    dest: "/etc/openvpn/client/{{ item.name }}"
+    mode: 0644
+  loop:
+    "{{ openvpn_persistent_pool }}"
+  loop_control:
+    label: "{{ item.name | default('') }}"
+  when:
+    - openvpn_persistent_pool is defined
+    - openvpn_persistent_pool | count > 0
+    - item.state | default('present') == 'present'
+
 - name: create link for openrc init
   ansible.builtin.file:
     src: "{{ openvpn_directory }}/server/server.conf"

diff --git a/roles/openvpn/tasks/configure/static_client_instances.yml b/roles/openvpn/tasks/configure/static_client_instances.yml
@@ -74,6 +74,12 @@
   when:
     - not _client_checksum.stat.exists or not certificate_equal
   block:
+    - name: create export directory
+      ansible.builtin.file:
+        state: directory
+        path: /root/vpn-configs
+        mode: 0700
+
     - name: create export directory
       ansible.builtin.file:
         state: directory

diff --git a/roles/openvpn/templates/openvpn/server/ipp.txt.j2 b/roles/openvpn/templates/openvpn/server/ipp.txt.j2
@@ -6,6 +6,6 @@
         opp.static_ip | string | length > 0 or
         (opp.static_ip | ansible.utils.ipv4 or
          opp.static_ip | ansible.utils.ipv6) %}
-{{ opp.name }},{{ opp.static_ip }},
+{{ opp.name }},{{ opp.static_ip }}
   {% endif %}
 {% endfor %}
diff --git a/roles/openvpn/templates/openvpn/server/server.conf.j2 b/roles/openvpn/templates/openvpn/server/server.conf.j2
@@ -38,7 +38,12 @@ topology        subnet
       openvpn_subnet.netmask | string | length > 0 %}
 server          {{ openvpn_subnet.ip }} {{ openvpn_subnet.netmask }}
 
-ifconfig-pool-persist ipp.txt
+{% if openvpn_persistent_pool is defined and
+      openvpn_persistent_pool | count > 0 %}
+# ifconfig-pool-persist {{ openvpn_directory }}/ipp.txt 30
+client-config-dir {{ openvpn_directory }}/client
+{% endif %}
+
 {% else %}
 # NO SERVER NETWORK HAS BEEN DEFINED!
 {% endif %}
@@ -78,8 +83,8 @@ push            "rcvbuf {{ _push_rcvbuf }}"
   {% endif %}
 {% endif %}
 
-sndbuf          393216
-rcvbuf          393216
+## sndbuf          393216
+## rcvbuf          393216
 
 {% if openvpn_mtu is defined and
       openvpn_mtu | string | length > 0 %}

diff --git a/roles/openvpn/templates/openvpn/server/static-client.j2 b/roles/openvpn/templates/openvpn/server/static-client.j2
@@ -0,0 +1 @@
+ifconfig-push {{ item.static_ip }} {{ item.netmask | default('255.255.255.0') }}
diff --git a/roles/openvpn/vars/archlinux.yml b/roles/openvpn/vars/archlinux.yml
@@ -5,6 +5,7 @@ openvpn_dependencies:
   - procps-ng
   - rsync
   - sshpass
+  - python-jinja
 
 openvpn_packages:
   - openvpn
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,3 +2,4 @@

		collections:
		- name: bodsch.core
		- name: community.crypto
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ifconfig-push {{ item.static_ip }} {{ item.netmask \| default('255.255.255.0') }}
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,7 @@ openvpn_dependencies: @@
       - procps-ng
       - rsync
       - sshpass
+      - python-jinja
     openvpn_packages:
       - openvpn
@@ Expand Down @@