---
# OpenVpn server

- name: Install needed packages
  ansible.builtin.package: name={{ item }} state=present
  with_items:
  - openvpn
  tags:
  - packages
  - openvpn

- name: Create the /etc/openvpn/server/ccd/ directory
  ansible.builtin.file: >
    dest=/etc/openvpn/server/ccd/
    mode=2755
    owner=root
    state=directory
  tags:
  - openvpn

- name: Install configuration files
  ansible.builtin.copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ item.mode }}
  with_items:
  - { file: server.conf,
      dest: /etc/openvpn/server/openvpn.conf,
      mode: '0644' }
  - { file: "{{ private }}/files/vpn/pki/crl.pem",
      dest: /etc/openvpn/server/crl.pem,
      mode: '0644' }
  - { file: "{{ private }}/files/vpn/pki/issued/bastion.fedoraproject.org.crt",
      dest: /etc/openvpn/server/server.crt,
      mode: '0644' }
  - { file: "{{ private }}/files/vpn/pki/private/bastion.fedoraproject.org.key",
      dest: /etc/openvpn/server/server.key,
      mode: '0600' }
  - { file: "{{ private }}/files/vpn/dh2048.pem",
      dest: /etc/openvpn/server/dh2048.pem,
      mode: '0644' }
  tags:
  - install
  - openvpn

- name: Install the ccd files (rdu3)
  synchronize:
    src: ccd-rdu3/
    dest: /etc/openvpn/server/ccd/
    delete: yes
  tags:
  - openvpn
  when: datacenter == 'rdu3'

- name: Disable old openvpn service for rhel 7 or Fedora
  service: name=openvpn@openvpn state=stopped enabled=false
  when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined
  tags:
  - service
  - openvpn

- name: Enable openvpn service for rhel 7 or Fedora
  service: name=openvpn-server@openvpn state=started enabled=true
  when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined
  tags:
  - service
  - openvpn