ocserv: notify users about certificates about to expire
This commit is contained in:
parent
577c8c8849
commit
937c75e097
3 changed files with 67 additions and 4 deletions
|
|
@ -1,6 +1,7 @@
|
|||
- name: Install packages
|
||||
package:
|
||||
name:
|
||||
- coreutils # for date
|
||||
- netmask # for ocserv-script
|
||||
- ocserv
|
||||
install_recommends: false # don’t install dnsmasq for whatever reason
|
||||
|
|
@ -34,13 +35,14 @@
|
|||
state: directory
|
||||
owner: ocserv
|
||||
group: ocserv
|
||||
mode: "0700"
|
||||
|
||||
# this script allows routing from the client to their networks on connection
|
||||
- name: Install ocserv firewall script
|
||||
copy:
|
||||
dest: /usr/local/bin/
|
||||
src: ocserv-script
|
||||
mode: 755
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure ocserv
|
||||
template:
|
||||
|
|
@ -64,7 +66,7 @@
|
|||
copy:
|
||||
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
||||
src: reload-ocserv.sh
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Create ocserv service override directory
|
||||
file:
|
||||
|
|
@ -72,7 +74,7 @@
|
|||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Set ocserv to start after network is online
|
||||
copy:
|
||||
|
|
@ -89,3 +91,17 @@
|
|||
value: 1
|
||||
sysctl_file: /etc/sysctl.d/99-local.conf
|
||||
sysctl_set: true
|
||||
|
||||
- name: Install user certificate expiry notification script
|
||||
copy:
|
||||
dest: /usr/local/bin/
|
||||
src: notify-expiring-certs
|
||||
mode: "0755"
|
||||
|
||||
- name: Schedule user certificate expiry notification script
|
||||
cron:
|
||||
name: "notify users with expiring certificates"
|
||||
job: "/usr/local/bin/notify-expiring-certs"
|
||||
user: ocserv
|
||||
hour: "6"
|
||||
minute: "26"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue