diff --git a/defaults/main.yml b/defaults/main.yml index 9e516ce..1533765 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,3 +18,12 @@ opn_openvpn_instances_defaults: verb: 3 topology: subnet role: server + +# defaults for opn_openvpn_instances +opn_openvpn_overwrites_defaults: + enabled: 1 + block: 0 + push_reset: 0 + register_dns: 0 + +... diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml index 8bc1bd9..679acb9 100644 --- a/tasks/openvpn.yml +++ b/tasks/openvpn.yml @@ -69,6 +69,16 @@ # push "dhcp-option DOMAIN abc.example.net" # push "dhcp-option DOMAIN xyz.example.net" +- name: OpenVPN Overwrites configuration + ansible.builtin.include_tasks: openvpnoverwrite.yml + vars: + uuid: "{{ overwrite.key }}" + overwritecfg: "{{ overwrite.value | combine(opn_openvpn_overwrites_defaults) }}" + with_dict: + - "{{ opn_openvpn_overwrites | default({}) }}" + loop_control: + loop_var: overwrite + - name: OpenVPN Instances configuration ansible.builtin.include_tasks: openvpninstance.yml vars: diff --git a/tasks/openvpnoverwrite.yml b/tasks/openvpnoverwrite.yml new file mode 100644 index 0000000..ff2e819 --- /dev/null +++ b/tasks/openvpnoverwrite.yml @@ -0,0 +1,27 @@ +--- + +- name: OpenVPN Overwrite settings + delegate_to: localhost + community.general.xml: + path: "{{ local_config_path }}" + xpath: "/opnsense/OPNsense/OpenVPN/Overwrites/Overwrite[@uuid='{{ uuid }}']/{{ item.key }}" + value: "{{ item.value }}" + pretty_print: true + when: + - item.key not in ['dns_domain_search', 'dns_servers', 'ntp_servers', 'wins_servers'] or item.value is string + with_dict: + - "{{ overwritecfg | default({}) }}" + +- name: OpenVPN Overwrite settings with list elements + delegate_to: localhost + community.general.xml: + path: "{{ local_config_path }}" + xpath: "/opnsense/OPNsense/OpenVPN/Overwrites/Overwrite[@uuid='{{ uuid }}']/{{ item.key }}" + value: "{{ item.value | join(',') }}" + pretty_print: true + when: + - item.key in ['dns_domain_search', 'dns_servers', 'ntp_servers', 'wins_servers'] and not item.value is string + with_dict: + - "{{ overwritecfg | default({}) }}" + +...