11 년 전 · 19a9e90ce8
--- a/README.textile
+++ b/README.textile
 
															
															+!https://travis-ci.org/al3x/sovereign.png?branch=master!:https://travis-ci.org/al3x/sovereign
														
 
															
															+
														
 
															
															 h1. Introduction
														
 
															
															 Sovereign is a set of "Ansible":http://ansibleworks.com playbooks that you can use to build and maintain your own "personal cloud":http://www.urbandictionary.com/define.php?term=clown%20computing (I know I know). It's based entirely on open source software, so you're in control.
														
--- a/roles/vpn/tasks/openvpn.yml
+++ b/roles/vpn/tasks/openvpn.yml
 
															
															         mode=600
														
 
															
															 - name: Generate CA certificate
														
 
															
															-  command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -subj "{{ openssl_request_subject }}/CN=ca-certificate"
														
 
															
															+  command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -days {{ openvpn_days_valid }} -subj "{{ openssl_request_subject }}/CN=ca-certificate"
														
 
															
															            creates={{ openvpn_ca }}.crt
														
 
															
															 - name: Generate the OpenSSL configuration that will be used for the Server certificate's req and ca commands
														
 
															
															   with_items: openvpn_clients
														
 
															
															 - name: Generate certificates for the clients
														
 
															
															-  command: openssl x509 -CA {{ openvpn_ca }}.crt -CAkey {{ openvpn_ca }}.key -CAcreateserial -req -in {{ item }}.csr -out {{ item }}.crt
														
 
															
															+  command: openssl x509 -CA {{ openvpn_ca }}.crt -CAkey {{ openvpn_ca }}.key -CAcreateserial -req -days {{ openvpn_days_valid }} -in {{ item }}.csr -out {{ item }}.crt
														
 
															
															            chdir={{ openvpn_path }}
														
 
															
															            creates={{ item }}.crt
														
 
															
															   with_items: openvpn_clients
														
--- a/roles/vpn/templates/openssl-server-certificate.cnf.j2
+++ b/roles/vpn/templates/openssl-server-certificate.cnf.j2
 
															
															 x509_extensions = server
														
 
															
															-default_days = 3650
														
 
															
															+default_days = {{ openvpn_days_valid }}
														
 
															
															 default_crl_days= 30
														
 
															
															 default_md = sha256
														
 
															
															 preserve = no
														
--- a/vars/defaults.yml
+++ b/vars/defaults.yml
 
															
															 # openvpn_key_city: (required)
														
 
															
															 # openvpn_key_org: (required)
														
 
															
															 # openvpn_key_ou: (required)
														
 
															
															+openvpn_days_valid: "1825"
														
 
															
															 openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
														
 
															
															 openvpn_key_size: "2048"
														
 
															
															 openvpn_cipher: "BF-CBC"