summaryrefslogtreecommitdiff
path: root/puppet/modules/openvpn/templates/vars.erb
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-07-12 16:45:26 -0400
committerMicah <micah@leap.se>2016-07-12 16:45:26 -0400
commitda37dd95c39f3f100020164473eed53a317fb53f (patch)
treece78d01244f9e67bc068475c07d54493456b2201 /puppet/modules/openvpn/templates/vars.erb
parent7ce3190986cf8e5fe037a7ccd4c1076505b117f4 (diff)
git subrepo clone https://leap.se/git/puppet_openvpn puppet/modules/openvpn
subrepo: subdir: "puppet/modules/openvpn" merged: "26d4edc" upstream: origin: "https://leap.se/git/puppet_openvpn" branch: "master" commit: "26d4edc" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "1e79595" Change-Id: I596766ccfb806b3ca2d1c755c4e24c5ad3d997f9
Diffstat (limited to 'puppet/modules/openvpn/templates/vars.erb')
-rw-r--r--puppet/modules/openvpn/templates/vars.erb68
1 files changed, 68 insertions, 0 deletions
diff --git a/puppet/modules/openvpn/templates/vars.erb b/puppet/modules/openvpn/templates/vars.erb
new file mode 100644
index 00000000..20448b8b
--- /dev/null
+++ b/puppet/modules/openvpn/templates/vars.erb
@@ -0,0 +1,68 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="/etc/openvpn/<%= @name %>/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid. This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="<%= @country %>"
+export KEY_PROVINCE="<%= @province %>"
+export KEY_CITY="<%= @city %>"
+export KEY_ORG="<%= @organization %>"
+export KEY_EMAIL="<%= @email %>"