forked from sous-chefs/openvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
metadata.rb
191 lines (163 loc) · 8.41 KB
/
metadata.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
name 'openvpn'
maintainer 'Xhost Australia'
maintainer_email '[email protected]'
license 'Apache 2.0'
description 'Installs and configures openvpn and includes rake tasks for managing certs.'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '2.1.1'
recipe 'openvpn::default', 'Installs OpenVPN only (no configuration).'
recipe 'openvpn::install', 'Installs OpenVPN only (no configuration).'
recipe 'openvpn::server', 'Installs and configures OpenVPN as a server.'
recipe 'openvpn::client', 'Installs and configures OpenVPN as a client.'
recipe 'openvpn::service', 'Manages the OpenVPN system service.'
recipe 'openvpn::users', 'Sets up openvpn cert/configs for users data bag items.'
recipe 'openvpn::enable_ip_forwarding', 'Enables IP forwarding on the system.'
recipe 'openvpn::install_bridge_utils', 'Installs bridge uitilies for Linux.'
depends 'apt'
depends 'sysctl'
depends 'yum', '~> 3.0'
depends 'yum-epel'
supports 'arch'
supports 'centos'
supports 'debian'
supports 'fedora'
supports 'redhat'
supports 'ubuntu'
attribute 'openvpn/client_cn',
display_name: 'OpenVPN Client CN',
description: "The client's Common Name used with the "\
'openvpn::client recipe (essentially a standalone recipe) '\
'for the client certificate and key.',
default: 'client',
recipes: ['openvpn::client']
attribute 'openvpn/config/local',
display_name: 'OpenVPN Local',
description: 'Local interface (ip) to listen on',
default: nil,
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/config/proto',
display_name: 'OpenVPN Protocol',
description: 'The transport protocol to use for OpenVPN (UDP or TCP)',
default: 'udp',
choice: %w(udp tcp),
recipes: ['openvpn::default', 'openvpn::server', 'openvpn::client']
attribute 'openvpn/type',
display_name: 'OpenVPN Type',
description: 'Server or server-bridge',
default: 'server',
choice: ['server', 'server-bridge'],
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/subnet',
display_name: 'OpenVPN Subnet',
description: 'Subnet to hand out to clients',
default: '10.8.0.0',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/netmask',
display_name: 'OpenVPN Netmask',
description: 'Netmask for clients',
default: '255.255.0.0',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/config/port',
display_name: 'OpenVPN Listen Port',
description: 'Port to listen on, defaults to 1194',
default: '1194',
choice: %w(1194 443 80 1024),
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/gateway',
display_name: 'OpenVPN Gateway FQDN',
description: 'FQDN for the VPN gateway server. Default is vpn.domain',
recipes: ['openvpn::default', 'openvpn::client']
attribute 'openvpn/config/log',
display_name: 'OpenVPN Log File',
description: 'OpenVPN Server log file. Default /var/log/openvpn.log',
default: '/var/log/openvpn.log',
recipes: ['openvpn::default', 'openvpn::server', 'openvpn::client']
attribute 'openvpn/key_dir',
display_name: 'OpenVPN Key Directory',
description: 'Location to store keys, certificates and related files. '\
'Default: /etc/openvpn/keys',
default: '/etc/openvpn/keys',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/signing_ca_cert',
display_name: 'OpenVPN CA Certificate',
description: 'CA certificate for signing, default /etc/openvpn/keys/ca.crt',
default: '/etc/openvpn/keys/ca.crt',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/signing_ca_key',
display_name: 'OpenVPN CA key',
description: 'CA key for signing, default /etc/openvpn/keys/ca.key',
default: '/etc/openvpn/keys/ca.key',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/push_options',
display_name: 'OpenVPN Push DHCP Options',
description: 'An array of DHCP options to push to clients from the server.conf. '\
'Default is empty.',
type: 'array',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/push_routes',
display_name: 'OpenVPN Push Routes',
description: 'An array of routes to push to clients from the server.conf. '\
'Default is empty.',
type: 'array',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/script_security',
display_name: 'OpenVPN Script Security',
description: 'Script Security setting to use in server config. '\
'Default is 1. The "up" script will not be included if this is 0 or 1. '\
'Set it to 2 to use the "up" script',
default: '1',
recipes: ['openvpn::default', 'openvpn::server']
attribute 'openvpn/configure_default_server',
display_name: 'Configure Default Server',
description: 'Boolean to determine whether the default recipe will create a "conf" '\
'file for the default server. Set to false if you want to use only the '\
'LWRP to create the conf files.',
default: 'true',
recipes: ['openvpn::default', 'openvpn::server', 'openvpn::client']
attribute 'openvpn/key/ca_expire',
display_name: 'OpenVPN Root CA Expiry',
description: 'In how many days should the root CA key expire',
default: '3650',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/expire',
display_name: 'OpenVPN Certificate Expiry',
description: 'In how many days should certificates expire',
default: '3650',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/size',
display_name: 'OpenVPN Key Size',
description: 'Default key size, set to 2048 if paranoid but will slow down '\
'TLS negotiation performance',
default: '1024',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/country',
display_name: 'OpenVPN Certificate Country',
description: 'The country for the TLS certificate',
default: 'US',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/province',
display_name: 'OpenVPN Certificate Province',
description: 'The province for the TLS certificate',
default: 'CA',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/city',
display_name: 'OpenVPN Certificate City',
description: 'The city for the TLS certificate',
default: 'San Francisco',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/org',
display_name: 'OpenVPN Certificate Organization',
description: 'The organization name for the TLS certificate',
default: 'Fort-Funston',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/email',
display_name: 'OpenVPN Certificate Email',
description: 'The email address for the TLS certificate',
default: '[email protected]',
recipes: ['openvpn::default', 'openvpn::users', 'openvpn::server']
attribute 'openvpn/key/message_digest',
display_name: 'OpenVPN Message Digest',
description: 'The message digest used for generating certificates by OpenVPN',
default: 'sha256',
choice: %w(sha256 sha1),
recipes: ['openvpn::default', 'openvpn::server']