From 0053274e5f1a2cb342d431cea9dd41819c334533 Mon Sep 17 00:00:00 2001
From: Leonidas Tsampros <ltsampros@gmail.com>
Date: Sat, 28 Oct 2017 21:00:47 +0100
Subject: [PATCH] Minor improvements

---
 defaults/main.yml     |  2 ++
 handlers/main.yml     |  7 +++++++
 tasks/client_conf.yml |  8 ++++++++
 tasks/configure.yml   | 14 ++++++++++----
 4 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 tasks/client_conf.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 041520d..1636612 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -69,3 +69,5 @@ openvpn_simple_auth_password: ""
 
 # Whether to embed CA, cert, and key info inside client OVPN config file.
 openvpn_unified_client_profiles: no
+openvpn_endpoints: []
+openvpn_download_dir: "creds/"
diff --git a/handlers/main.yml b/handlers/main.yml
index 2ff173b..9dae8ce 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -9,3 +9,10 @@
   with_items: "{{openvpn_clients_changed.results}}"
   args:
     chdir: "{{ openvpn_keydir }}"
+
+- name: openvpn download all keys
+  fetch:
+    src: "/etc/openvpn/keys.tar.gz"
+    dest: "{{ openvpn_download_dir }}/keys.tar.gz"
+    flat: yes
+    validate_checksum: yes
diff --git a/tasks/client_conf.yml b/tasks/client_conf.yml
new file mode 100644
index 0000000..d8b10cb
--- /dev/null
+++ b/tasks/client_conf.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Generate Clients configurations for each user per endpoint
+  template: src=client.conf.j2 dest="{{openvpn_keydir}}/{{user}}.{{item}}.ovpn"
+  with_items: "{{ openvpn_endpoints }}"
+  notify: openvpn pack clients
+  register: openvpn_clients_changed
+
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 4ee8c56..4818197 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -57,11 +57,10 @@
   stat: path={{openvpn_keydir}}/crl.pem
   register: crl_pem_file
 
-- name: Generate Clients configurations
-  template: src=client.conf.j2 dest={{openvpn_keydir}}/{{item}}.ovpn
+- include_tasks: client_conf.yml
   with_items: "{{ openvpn_clients }}"
-  notify: openvpn pack clients
-  register: openvpn_clients_changed
+  loop_control:
+    loop_var: user
 
 - name: Setup PAM
   template: src=openvpn.pam.j2 dest=/etc/pam.d/openvpn
@@ -92,3 +91,10 @@
 
 - name: Set ip forwarding in the sysctl file and reload if necessary
   sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
+
+- name: openvpn keydir packing
+  archive:
+    path: "{{ openvpn_keydir }}"
+    dest: /etc/openvpn/keys.tar.gz
+    format: gz
+  notify: [openvpn download all keys]