diff options
Diffstat (limited to 'ansible/experiments/strongswan/roles')
-rw-r--r-- | ansible/experiments/strongswan/roles/strongswan-rw/tasks/main.yml | 21 | ||||
-rw-r--r-- | ansible/experiments/strongswan/roles/strongswan-rw/templates/swanctl.conf | 34 |
2 files changed, 0 insertions, 55 deletions
diff --git a/ansible/experiments/strongswan/roles/strongswan-rw/tasks/main.yml b/ansible/experiments/strongswan/roles/strongswan-rw/tasks/main.yml deleted file mode 100644 index fb09476..0000000 --- a/ansible/experiments/strongswan/roles/strongswan-rw/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: packages - apt: - name: "{{ item }}" - install_recommends: no - with_items: - - strongswan-swanctl -- name: Install CA certificate - copy: - src=swanctl/CA/ca-cert.der - dest=/etc/swanctl/x509ca/ca-cert.der -- name: Install key - copy: - src=swanctl/{{ inventory_hostname }}/rsa/{{ inventory_hostname }}-key.der - dest=/etc/swanctl/rsa/{{ inventory_hostname }}-key.der -- name: Install certificate - copy: - src=swanctl/{{ inventory_hostname }}/x509/{{ inventory_hostname }}-cert.der - dest=/etc/swanctl/x509/{{ inventory_hostname }}-cert.der -- template: - src: swanctl.conf - dest: /etc/swanctl/conf.d/trygvis.io.conf diff --git a/ansible/experiments/strongswan/roles/strongswan-rw/templates/swanctl.conf b/ansible/experiments/strongswan/roles/strongswan-rw/templates/swanctl.conf deleted file mode 100644 index 90d212b..0000000 --- a/ansible/experiments/strongswan/roles/strongswan-rw/templates/swanctl.conf +++ /dev/null @@ -1,34 +0,0 @@ -connections { - - home { - local_addrs = {{ strongswan_rw[inventory_hostname].local_addrs }} - remote_addrs = {{ strongswan_home_addrs }} - - local { - auth = pubkey - certs = {{ inventory_hostname }}-cert.der - id = {{ inventory_hostname }}.trygvis.io - } - remote { - auth = pubkey - id = {{ strongswan_remote_id }} - } - children { - home { - remote_ts = {{ strongswan_ts }} - -# updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-x25519 - } - } - version = 2 - proposals = aes128-sha256-x25519 - } -} - -authorities { - strongswan { - cacert = ca-cert.der - crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl - } -} |