Some fixes and cron replaced with systemd (#195)

* Cron replaced with systemd timer * Added client routing options * Fixed statement * Fixed custom dns statement * Restored original client conf * Dont use systemd on CI build --------- Co-authored-by: azhinu <[email protected]> Co-authored-by: Kyle Lexmond <[email protected]>
kyl191 · Dec 24, 2024 · d2c8bbe · d2c8bbe
1 parent 21ebcb8
commit d2c8bbe
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 21 deletions.
diff --git a/tasks/server_keys.yml b/tasks/server_keys.yml
@@ -164,24 +164,36 @@
 
 # This should eventually be switched to use a systemd timer
 # eg /usr/local/lib/systemd/system/openvpn-crl.timer
-- name: Check for crontab
-  ansible.builtin.command: which crontab
-  register: crontab
-  check_mode: false
-  changed_when: false
-  failed_when: false
-
-- name: Install cronie
-  ansible.builtin.package:
-    name: cronie
-    state: present
-  when: ansible_os_family == "RedHat" and crontab.rc != 0
-
-- name: Add cron to check every Saturday if the CRL needs to be renewed
-  ansible.builtin.cron:
-    name: "check if CRL will expire soon"
-    special_time: weekly
-    job: "sh {{ openvpn_base_dir }}/crl-cron.sh"
-    cron_file: /etc/cron.d/openvpn-crl
-    user: root
+- name: Copy CRL systemd service
+  ansible.builtin.template:
+    src: openvpn-crl.service.j2
+    dest: /etc/systemd/system/openvpn-crl.service
+    owner: root
+    group: root
+    mode: 0644
+  when: not ci_build
+
+- name: Copy CRL systemd timer
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=OpenVPN CRL renewal
+
+      [Timer]
+      OnCalendar=weekly
+      Persistent=true
+
+      [Install]
+      WantedBy=timers.target
+    dest: /etc/systemd/system/openvpn-crl.timer
+    owner: root
+    group: root
+    mode: 0644
+  when: not ci_build
+
+- name: Enable CRL systemd timer
+  ansible.builtin.systemd:
+    name: openvpn-crl.timer
+    enabled: true
+    daemon_reload: true
   when: not ci_build
diff --git a/templates/openvpn-crl.service.j2 b/templates/openvpn-crl.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Check if OpenVPN CRL will expire soon
+
+[Service]
+Type=oneshot
+ExecStart=sh {{ openvpn_base_dir }}/crl-cron.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/server.conf.j2 b/templates/server.conf.j2
@@ -71,7 +71,7 @@ push "dhcp-option DNS 8.8.8.8"
 push "dhcp-option DNS 8.8.4.4"
 {% endif %}
 {% endif %}
-{% if openvpn_push is defined %}
+{% if openvpn_push is defined and openvpn_push | length > 0 %}
 {% for opt in openvpn_push %}
 push "{{ opt }}"
 {% endfor %}