Luke Cyca 11年前
コミット
19a9e90ce8
4個のファイルの変更6行の追加3行の削除
  1. 2
    0
      README.textile
  2. 2
    2
      roles/vpn/tasks/openvpn.yml
  3. 1
    1
      roles/vpn/templates/openssl-server-certificate.cnf.j2
  4. 1
    0
      vars/defaults.yml

+ 2
- 0
README.textile ファイルの表示

@@ -1,3 +1,5 @@
1
+!https://travis-ci.org/al3x/sovereign.png?branch=master!:https://travis-ci.org/al3x/sovereign
2
+
1 3
 h1. Introduction
2 4
 
3 5
 Sovereign is a set of "Ansible":http://ansibleworks.com playbooks that you can use to build and maintain your own "personal cloud":http://www.urbandictionary.com/define.php?term=clown%20computing (I know I know). It's based entirely on open source software, so you're in control.

+ 2
- 2
roles/vpn/tasks/openvpn.yml ファイルの表示

@@ -32,7 +32,7 @@
32 32
         mode=600
33 33
 
34 34
 - name: Generate CA certificate
35
-  command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -subj "{{ openssl_request_subject }}/CN=ca-certificate"
35
+  command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -days {{ openvpn_days_valid }} -subj "{{ openssl_request_subject }}/CN=ca-certificate"
36 36
            creates={{ openvpn_ca }}.crt
37 37
 
38 38
 - name: Generate the OpenSSL configuration that will be used for the Server certificate's req and ca commands
@@ -70,7 +70,7 @@
70 70
   with_items: openvpn_clients
71 71
 
72 72
 - name: Generate certificates for the clients
73
-  command: openssl x509 -CA {{ openvpn_ca }}.crt -CAkey {{ openvpn_ca }}.key -CAcreateserial -req -in {{ item }}.csr -out {{ item }}.crt
73
+  command: openssl x509 -CA {{ openvpn_ca }}.crt -CAkey {{ openvpn_ca }}.key -CAcreateserial -req -days {{ openvpn_days_valid }} -in {{ item }}.csr -out {{ item }}.crt
74 74
            chdir={{ openvpn_path }}
75 75
            creates={{ item }}.crt
76 76
   with_items: openvpn_clients

+ 1
- 1
roles/vpn/templates/openssl-server-certificate.cnf.j2 ファイルの表示

@@ -17,7 +17,7 @@ RANDFILE = $dir/.rand
17 17
 
18 18
 x509_extensions = server
19 19
 
20
-default_days = 3650
20
+default_days = {{ openvpn_days_valid }}
21 21
 default_crl_days= 30
22 22
 default_md = sha256
23 23
 preserve = no

+ 1
- 0
vars/defaults.yml ファイルの表示

@@ -42,6 +42,7 @@ tarsnap_version: 1.0.35
42 42
 # openvpn_key_city: (required)
43 43
 # openvpn_key_org: (required)
44 44
 # openvpn_key_ou: (required)
45
+openvpn_days_valid: "1825"
45 46
 openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
46 47
 openvpn_key_size: "2048"
47 48
 openvpn_cipher: "BF-CBC"

読み込み中…
キャンセル
保存