11 лет назад · 19a9e90ce8
--- a/README.textile
+++ b/README.textile
@@ -1,3 +1,5 @@
 
				
				+!https://travis-ci.org/al3x/sovereign.png?branch=master!:https://travis-ci.org/al3x/sovereign
			
 
				
				+
			
 
				
				 h1. Introduction
			
 
				
				 
			
 
				
				 Sovereign is a set of "Ansible":http://ansibleworks.com playbooks that you can use to build and maintain your own "personal cloud":http://www.urbandictionary.com/define.php?term=clown%20computing (I know I know). It's based entirely on open source software, so you're in control.
			
--- a/roles/vpn/tasks/openvpn.yml
+++ b/roles/vpn/tasks/openvpn.yml
@@ -32,7 +32,7 @@
 
				
				         mode=600
			
 
				
				 
			
 
				
				 - name: Generate CA certificate
			
 
				
				-  command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -subj "{{ openssl_request_subject }}/CN=ca-certificate"
			
 
				
				+  command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -days {{ openvpn_days_valid }} -subj "{{ openssl_request_subject }}/CN=ca-certificate"
			
 
				
				            creates={{ openvpn_ca }}.crt
			
 
				
				 
			
 
				
				 - name: Generate the OpenSSL configuration that will be used for the Server certificate's req and ca commands
			
@@ -70,7 +70,7 @@
 
				
				   with_items: openvpn_clients
			
 
				
				 
			
 
				
				 - name: Generate certificates for the clients
			
 
				
				-  command: openssl x509 -CA {{ openvpn_ca }}.crt -CAkey {{ openvpn_ca }}.key -CAcreateserial -req -in {{ item }}.csr -out {{ item }}.crt
			
 
				
				+  command: openssl x509 -CA {{ openvpn_ca }}.crt -CAkey {{ openvpn_ca }}.key -CAcreateserial -req -days {{ openvpn_days_valid }} -in {{ item }}.csr -out {{ item }}.crt
			
 
				
				            chdir={{ openvpn_path }}
			
 
				
				            creates={{ item }}.crt
			
 
				
				   with_items: openvpn_clients
			
--- a/roles/vpn/templates/openssl-server-certificate.cnf.j2
+++ b/roles/vpn/templates/openssl-server-certificate.cnf.j2
@@ -17,7 +17,7 @@ RANDFILE = $dir/.rand
 
				
				 
			
 
				
				 x509_extensions = server
			
 
				
				 
			
 
				
				-default_days = 3650
			
 
				
				+default_days = {{ openvpn_days_valid }}
			
 
				
				 default_crl_days= 30
			
 
				
				 default_md = sha256
			
 
				
				 preserve = no
			
--- a/vars/defaults.yml
+++ b/vars/defaults.yml
@@ -42,6 +42,7 @@ tarsnap_version: 1.0.35
 
				
				 # openvpn_key_city: (required)
			
 
				
				 # openvpn_key_org: (required)
			
 
				
				 # openvpn_key_ou: (required)
			
 
				
				+openvpn_days_valid: "1825"
			
 
				
				 openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
			
 
				
				 openvpn_key_size: "2048"
			
 
				
				 openvpn_cipher: "BF-CBC"