---
# OpenVpn server

- name: Install needed packages
  yum: pkg={{ item }} state=installed
  with_items:
  - openvpn
  tags:
  - packages
  - openvpn

- name: Create the /etc/openvpn/ccd/ directory
  file: >
    dest=/etc/openvpn/ccd/
    mode=0755
    owner=root
    group=root
    state=directory
  tags:
  - openvpn

- name: Install configuration files
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ item.mode }}
  with_items:
  - { file: server.conf,
      dest: /etc/openvpn/openvpn.conf,
      mode: '0644' }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/crl.pem",
      dest: /etc/openvpn/crl.pem,
      mode: '0644' }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/server.crt",
      dest: /etc/openvpn/server.crt,
      mode: '0644' }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/server.key",
      dest: /etc/openvpn/server.key,
      mode: '0600' }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/dh2048.pem",
      dest: /etc/openvpn/dh2048.pem,
      mode: '0644' }
  tags:
  - install
  - openvpn

- name: Install the ccd files
  copy: src=ccd/ dest=/etc/openvpn/ccd/
  tags:
  - openvpn

- name: enable openvpn service for rhel 7 or Fedora
  service: name=openvpn@openvpn state=running enabled=true
  when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined
  tags:
  - service
  - openvpn