geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 7 Pull requests Releases Activity

VPN support

Browse source
This commit is contained in:
Geoffrey Frogeye 2021-06-26 14:13:05 +02:00
parent d9acf4ff93
commit 647fd78ae2
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
4 changed files with 68 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/automatrop/roles/extensions/tasks/main.yml
View file

@ -1,6 +1,8 @@
- include_role: - name: Load extensions
include_role:
name: "geoffreyfrogeye.{{ item }}automatrop.entry" name: "geoffreyfrogeye.{{ item }}automatrop.entry"
loop: "{{ extensions }}" loop: "{{ extensions }}"
tags: always
- name: Configure extensions rc sourcing - name: Configure extensions rc sourcing
template: template:

8
config/automatrop/roles/software/templates/snippets/pm_system.j2
View file

@ -1,5 +1,5 @@
etckeeper etckeeper
{% if has_batttery %} {% if has_battery %}
tlp tlp
{% endif %} {% endif %}
dhcpcd dhcpcd
@ -8,3 +8,9 @@ chrony
{% if encrypt_home_stacked_fs %} {% if encrypt_home_stacked_fs %}
ecryptfs-utils ecryptfs-utils
{% endif %} {% endif %}
kexec-tools
openvpn
{% if arch_based %}
openvpn-update-resolv-conf-git
{# TODO Other distributions #}
{% endif %}

10
config/automatrop/roles/system/files/openvpn-client.service Normal file
View file

@ -0,0 +1,10 @@
[Service]
ExecStart=
ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
# The part before --script-security 2 might need upgrading from
# /usr/lib/systemd/system/openvpn-client@.service if it was upgraded
Restart=on-failure
User=
AmbiantCapabilities=
# It's not pretty, but other script only work with systemd or call resolvconf with -p,
# which doesn't work without a local DNS resolver

49
config/automatrop/roles/system/tasks/main.yml
View file

@ -65,6 +65,27 @@
become: yes become: yes
when: extlinux.stat.exists when: extlinux.stat.exists
- name: Remove bootsplash packages (Arch based)
pacman:
name:
- bootsplash-systemd
- bootsplash-theme-manjaro
state: absent
become: yes
when: arch_based
# Display Manager
- name: Remove display manager packages (Arch based)
pacman:
name:
- sddm
- sddm-breath2-theme
state: absent
become: yes
when: arch_based
# Xorg configuration # Xorg configuration
- name: Check if there is nvidia-xrun is installed - name: Check if there is nvidia-xrun is installed
@ -262,6 +283,15 @@
notify: notify:
- wifi setup changed - wifi setup changed
- name: Mask systemd-networkd
systemd:
name: systemd-networkd
state: stopped
enabled: no
masked: yes
become: yes
notify: etc changed
# Time synchronisation # Time synchronisation
- name: Mask systemd-timesyncd - name: Mask systemd-timesyncd
@ -272,7 +302,6 @@
masked: yes masked: yes
become: yes become: yes
notify: etc changed notify: etc changed
when: arch_based
- name: Configure chrony - name: Configure chrony
copy: copy:
@ -309,6 +338,24 @@
notify: notify:
- etc changed - etc changed
# VPN configuration
- name: Prepare directory for openvpn-client service override
file:
path: /etc/systemd/system/openvpn-client@.service.d
state: directory
mode: "u=rwx,g=rx,o=rx"
become: yes
- name: Make openvpn use hooks for resolvconf
copy:
src: openvpn-client.service
dest: /etc/systemd/system/openvpn-client@.service.d/override.conf
become: yes
notify:
- etc changed
- systemd changed
# TODO Hibernation, if that's relevant # TODO Hibernation, if that's relevant
# $ sudo blkid | grep 'TYPE="swap"' # $ sudo blkid | grep 'TYPE="swap"'
# $ sudoedit /etc/default/grub # $ sudoedit /etc/default/grub