VPN support
This commit is contained in:
		
							parent
							
								
									d9acf4ff93
								
							
						
					
					
						commit
						647fd78ae2
					
				
					 4 changed files with 68 additions and 3 deletions
				
			
		|  | @ -1,6 +1,8 @@ | |||
| - include_role: | ||||
| - name: Load extensions | ||||
|   include_role: | ||||
|     name: "geoffreyfrogeye.{{ item }}automatrop.entry" | ||||
|   loop: "{{ extensions }}" | ||||
|   tags: always | ||||
| 
 | ||||
| - name: Configure extensions rc sourcing | ||||
|   template: | ||||
|  |  | |||
|  | @ -1,5 +1,5 @@ | |||
| etckeeper | ||||
| {% if has_batttery %} | ||||
| {% if has_battery %} | ||||
| tlp | ||||
| {% endif %} | ||||
| dhcpcd | ||||
|  | @ -8,3 +8,9 @@ chrony | |||
| {% if encrypt_home_stacked_fs %} | ||||
| ecryptfs-utils | ||||
| {% endif %} | ||||
| kexec-tools | ||||
| openvpn | ||||
| {% if arch_based %} | ||||
| openvpn-update-resolv-conf-git | ||||
| {# TODO Other distributions #} | ||||
| {% endif %} | ||||
|  |  | |||
							
								
								
									
										10
									
								
								config/automatrop/roles/system/files/openvpn-client.service
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								config/automatrop/roles/system/files/openvpn-client.service
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | |||
| [Service] | ||||
| ExecStart= | ||||
| ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf | ||||
| # The part before --script-security 2 might need upgrading from | ||||
| # /usr/lib/systemd/system/openvpn-client@.service if it was upgraded | ||||
| Restart=on-failure | ||||
| User= | ||||
| AmbiantCapabilities= | ||||
| # It's not pretty, but other script only work with systemd or call resolvconf with -p, | ||||
| # which doesn't work without a local DNS resolver | ||||
|  | @ -65,6 +65,27 @@ | |||
|   become: yes | ||||
|   when: extlinux.stat.exists | ||||
| 
 | ||||
| - name: Remove bootsplash packages (Arch based) | ||||
|   pacman: | ||||
|     name: | ||||
|       - bootsplash-systemd | ||||
|       - bootsplash-theme-manjaro | ||||
|     state: absent | ||||
|   become: yes | ||||
|   when: arch_based | ||||
| 
 | ||||
| 
 | ||||
| # Display Manager | ||||
| 
 | ||||
| - name: Remove display manager packages (Arch based) | ||||
|   pacman: | ||||
|     name: | ||||
|       - sddm | ||||
|       - sddm-breath2-theme | ||||
|     state: absent | ||||
|   become: yes | ||||
|   when: arch_based | ||||
| 
 | ||||
| # Xorg configuration | ||||
| 
 | ||||
| - name: Check if there is nvidia-xrun is installed | ||||
|  | @ -262,6 +283,15 @@ | |||
|   notify: | ||||
|     - wifi setup changed | ||||
| 
 | ||||
| - name: Mask systemd-networkd | ||||
|   systemd: | ||||
|     name: systemd-networkd | ||||
|     state: stopped | ||||
|     enabled: no | ||||
|     masked: yes | ||||
|   become: yes | ||||
|   notify: etc changed | ||||
| 
 | ||||
| # Time synchronisation | ||||
| 
 | ||||
| - name: Mask systemd-timesyncd | ||||
|  | @ -272,7 +302,6 @@ | |||
|     masked: yes | ||||
|   become: yes | ||||
|   notify: etc changed | ||||
|   when: arch_based | ||||
| 
 | ||||
| - name: Configure chrony | ||||
|   copy: | ||||
|  | @ -309,6 +338,24 @@ | |||
|   notify: | ||||
|     - etc changed | ||||
| 
 | ||||
| # VPN configuration | ||||
| 
 | ||||
| - name: Prepare directory for openvpn-client service override | ||||
|   file: | ||||
|     path: /etc/systemd/system/openvpn-client@.service.d | ||||
|     state: directory | ||||
|     mode: "u=rwx,g=rx,o=rx" | ||||
|   become: yes | ||||
| 
 | ||||
| - name: Make openvpn use hooks for resolvconf | ||||
|   copy: | ||||
|     src: openvpn-client.service | ||||
|     dest: /etc/systemd/system/openvpn-client@.service.d/override.conf | ||||
|   become: yes | ||||
|   notify: | ||||
|     - etc changed | ||||
|     - systemd changed | ||||
| 
 | ||||
| # TODO Hibernation, if that's relevant | ||||
| # $ sudo blkid | grep 'TYPE="swap"' | ||||
| # $ sudoedit /etc/default/grub | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue