Browse Source

VPN support

master
Geoffrey Frogeye 1 year ago
parent
commit
647fd78ae2
Signed by: geoffrey GPG Key ID: C72403E7F82E6AD8
  1. 4
      config/automatrop/roles/extensions/tasks/main.yml
  2. 8
      config/automatrop/roles/software/templates/snippets/pm_system.j2
  3. 10
      config/automatrop/roles/system/files/openvpn-client.service
  4. 49
      config/automatrop/roles/system/tasks/main.yml

4
config/automatrop/roles/extensions/tasks/main.yml

@ -1,6 +1,8 @@
- include_role:
- name: Load extensions
include_role:
name: "geoffreyfrogeye.{{ item }}automatrop.entry"
loop: "{{ extensions }}"
tags: always
- name: Configure extensions rc sourcing
template:

8
config/automatrop/roles/software/templates/snippets/pm_system.j2

@ -1,5 +1,5 @@
etckeeper
{% if has_batttery %}
{% if has_battery %}
tlp
{% endif %}
dhcpcd
@ -8,3 +8,9 @@ chrony
{% if encrypt_home_stacked_fs %}
ecryptfs-utils
{% endif %}
kexec-tools
openvpn
{% if arch_based %}
openvpn-update-resolv-conf-git
{# TODO Other distributions #}
{% endif %}

10
config/automatrop/roles/system/files/openvpn-client.service

@ -0,0 +1,10 @@
[Service]
ExecStart=
ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
# The part before --script-security 2 might need upgrading from
# /usr/lib/systemd/system/openvpn-client@.service if it was upgraded
Restart=on-failure
User=
AmbiantCapabilities=
# It's not pretty, but other script only work with systemd or call resolvconf with -p,
# which doesn't work without a local DNS resolver

49
config/automatrop/roles/system/tasks/main.yml

@ -65,6 +65,27 @@
become: yes
when: extlinux.stat.exists
- name: Remove bootsplash packages (Arch based)
pacman:
name:
- bootsplash-systemd
- bootsplash-theme-manjaro
state: absent
become: yes
when: arch_based
# Display Manager
- name: Remove display manager packages (Arch based)
pacman:
name:
- sddm
- sddm-breath2-theme
state: absent
become: yes
when: arch_based
# Xorg configuration
- name: Check if there is nvidia-xrun is installed
@ -262,6 +283,15 @@
notify:
- wifi setup changed
- name: Mask systemd-networkd
systemd:
name: systemd-networkd
state: stopped
enabled: no
masked: yes
become: yes
notify: etc changed
# Time synchronisation
- name: Mask systemd-timesyncd
@ -272,7 +302,6 @@
masked: yes
become: yes
notify: etc changed
when: arch_based
- name: Configure chrony
copy:
@ -309,6 +338,24 @@
notify:
- etc changed
# VPN configuration
- name: Prepare directory for openvpn-client service override
file:
path: /etc/systemd/system/openvpn-client@.service.d
state: directory
mode: "u=rwx,g=rx,o=rx"
become: yes
- name: Make openvpn use hooks for resolvconf
copy:
src: openvpn-client.service
dest: /etc/systemd/system/openvpn-client@.service.d/override.conf
become: yes
notify:
- etc changed
- systemd changed
# TODO Hibernation, if that's relevant
# $ sudo blkid | grep 'TYPE="swap"'
# $ sudoedit /etc/default/grub

Loading…
Cancel
Save