network/salt/vpn/openvpn.sls

openvpn:
  pkg.installed: []

{%- for name, conf in pillar['openvpn'].items() %}

hostroutes-{{ name }}:
  network.routes:
    - name: core
    - routes:
{%- for a in salt.dnsutil.A(conf['server']) %}
      - ipaddr: {{ a }}
        netmask: 255.255.255.255
        gateway: {{ pillar['hosts-inet']['core']['upstream1'] }}
{%- endfor %}
  
/etc/openvpn/{{ name }}.conf:
  file.managed:
    - source: salt://vpn/openvpn.conf
    - template: 'jinja'
    - context:
        name: {{ name }}

/etc/openvpn/{{ name }}.auth:
  file.managed:
    - source: salt://vpn/auth
    - template: 'jinja'
    - context:
        name: {{ name }}
    - mode: 600

/etc/openvpn/{{ name }}.up:
  file.managed:
    - source: salt://vpn/up
    - template: 'jinja'
    - context:
        name: {{ name }}
    - mode: 755

/etc/systemd/system/openvpn@{{ name }}.service.d:
  file.directory:
    - user: root

/etc/systemd/system/openvpn@{{ name }}.service.d/restart.conf:
  file.managed:
    - source: salt://vpn/systemd-restart.conf
    - mode: 644
    - require:
      - file: /etc/systemd/system/openvpn@{{ name }}.service.d

autostart-{{ name }}:
  service.enabled:
      - name: openvpn@{{ name }}
        require_in:
          - file: /etc/openvpn/{{ name }}.conf
          - file: /etc/openvpn/{{ name }}.auth

start-{{ name }}:
  service.running:
      - name: openvpn@{{ name }}
        require_in:
          - file: /etc/openvpn/{{ name }}.conf
          - file: /etc/openvpn/{{ name }}.auth
        watch:
          - file: /etc/openvpn/{{ name }}.conf
          - file: /etc/openvpn/{{ name }}.auth
      
{%- endfor %}
this is the shit 2016-11-15 01:33:17 +01:00			`openvpn:`
			`pkg.installed: []`

			`{%- for name, conf in pillar['openvpn'].items() %}`

			`hostroutes-{{ name }}:`
			`network.routes:`
			`- name: core`
			`- routes:`
			`{%- for a in salt.dnsutil.A(conf['server']) %}`
			`- ipaddr: {{ a }}`
openvpn: fix auth + routes 2021-02-08 16:23:16 +01:00			`netmask: 255.255.255.255`
route anon1 over upstream1 2018-06-18 23:21:15 +02:00			`gateway: {{ pillar['hosts-inet']['core']['upstream1'] }}`
this is the shit 2016-11-15 01:33:17 +01:00			`{%- endfor %}`

			`/etc/openvpn/{{ name }}.conf:`
			`file.managed:`
			`- source: salt://vpn/openvpn.conf`
			`- template: 'jinja'`
			`- context:`
			`name: {{ name }}`

			`/etc/openvpn/{{ name }}.auth:`
			`file.managed:`
			`- source: salt://vpn/auth`
			`- template: 'jinja'`
			`- context:`
			`name: {{ name }}`
			`- mode: 600`

more of the good stuff 2016-11-16 01:17:28 +01:00			`/etc/openvpn/{{ name }}.up:`
			`file.managed:`
			`- source: salt://vpn/up`
			`- template: 'jinja'`
			`- context:`
			`name: {{ name }}`
			`- mode: 755`

openvpn: systemd restart 2016-12-01 19:45:09 +01:00			`/etc/systemd/system/openvpn@{{ name }}.service.d:`
			`file.directory:`
			`- user: root`

			`/etc/systemd/system/openvpn@{{ name }}.service.d/restart.conf:`
			`file.managed:`
			`- source: salt://vpn/systemd-restart.conf`
			`- mode: 644`
			`- require:`
			`- file: /etc/systemd/system/openvpn@{{ name }}.service.d`
this is the shit 2016-11-15 01:33:17 +01:00
			`autostart-{{ name }}:`
			`service.enabled:`
			`- name: openvpn@{{ name }}`
			`require_in:`
			`- file: /etc/openvpn/{{ name }}.conf`
			`- file: /etc/openvpn/{{ name }}.auth`

			`start-{{ name }}:`
			`service.running:`
			`- name: openvpn@{{ name }}`
			`require_in:`
			`- file: /etc/openvpn/{{ name }}.conf`
			`- file: /etc/openvpn/{{ name }}.auth`
automatic service restarting 2016-11-17 15:35:39 +01:00			`watch:`
			`- file: /etc/openvpn/{{ name }}.conf`
			`- file: /etc/openvpn/{{ name }}.auth`
this is the shit 2016-11-15 01:33:17 +01:00
			`{%- endfor %}`