fedora-infra_ansible/roles/openvpn/client/tasks/main.yml

---
# OpenVpn server

- name: Install needed packages
  ansible.builtin.package:
    state: present
    name:
    - openvpn
  tags:
  - packages
  - openvpn

- name: Install main config file
  ansible.builtin.template: src=client.conf
            dest=/etc/openvpn/client/openvpn.conf
            owner=root group=root mode=0644
  tags:
  - install
  - openvpn
#  notify:
#  - Restart openvpn (Fedora)

- name: Install configuration files (rhel and fedora)
  ansible.builtin.copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ item.mode }}
  with_items:
  - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
      dest: "/etc/openvpn/client/client.crt",
      mode: '0600' }
  - { file: "{{ private }}/files/vpn/pki/private/{{ inventory_hostname }}.key",
      dest: "/etc/openvpn/client/client.key",
      mode: '0600' }
  tags:
  - install
  - openvpn
#  notify:
#  - Restart openvpn (Fedora)

- name: Make sure openvpn is running in rhel 8+
  service: name=openvpn-client@openvpn state=started enabled=true
  tags:
  - service
  - openvpn

- name: Enable openvpn service for Fedora
  service: name=openvpn-client@openvpn state=started enabled=true
  when: is_fedora is defined
  tags:
  - service
  - openvpn

- name: Create directories for post-vpn service configs
  ansible.builtin.file: path="/etc/systemd/system/{{item}}.service.d" state=directory
  with_items: "{{postvpnservices}}"
  when: is_fedora is defined or (ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat')
  tags:
  - service
  - openvpn

- name: Deploy postvpn.conf for post-vpn services
  ansible.builtin.copy: src=postvpn.conf dest="/etc/systemd/system/{{item}}.service.d/postvpn.conf"
  with_items: "{{postvpnservices}}"
  when: is_fedora is defined or (ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat')
  tags:
  - service
  - openvpn