algo/users.yml

---

- hosts: localhost
  gather_facts: False
  vars_files:
    - config.cfg

  tasks:
    - name: Add the server to the vpn-host group
      add_host:
        hostname: "{{ server_ip }}"
        groupname: vpn-host
        ansible_ssh_user: "{{ server_user }}"
        ansible_python_interpreter: "/usr/bin/python2.7"
        ssh_tunneling_enabled: "{{ ssh_tunneling_enabled }}"
        easyrsa_CA_password: "{{ easyrsa_CA_password }}"
        IP_subject: "{{ IP_subject }}"
        ansible_ssh_private_key_file: "{{ SSH_keys.private }}"

    - name: Wait until SSH becomes ready...
      local_action:
        module: wait_for
        port: 22
        host: "{{ server_ip }}"
        search_regex: "OpenSSH"
        delay: 10
        timeout: 320
        state: present
      become: false

- name: User management
  hosts: vpn-host
  gather_facts: true
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - set_fact:
        IP_subject_alt_name: "{{ IP_subject }}"
        easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"

  roles:
    - { role: ssh_tunneling, tags: [ 'ssh_tunneling' ], when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }

  tasks:

    - name: Gather Facts
      setup:

    - name: Cheking the signature algorithm
      local_action: >
          shell openssl x509 -text -in certs/{{ IP_subject_alt_name }}.crt  | grep 'Signature Algorithm' | head -n1
      become: no
      register: sig_algo
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"

    - name: Change the algorithm to RSA
      set_fact:
        algo_params: "rsa:2048"
      when: '"ecdsa" not in sig_algo.stdout'

    - name: Build the client's pair
      local_action: >
        shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
          openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
          touch certs/{{ item }}_crt_generated
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
        creates: certs/{{ item }}_crt_generated
      environment:
        subjectAltName: "DNS:{{ item }}"
      with_items: "{{ users }}"

    - name: Build the client's p12
      local_action: >
        shell openssl pkcs12 -in certs/{{ item }}.crt -inkey private/{{ item }}.key -export -name {{ item }} -out private/{{ item }}.p12 -certfile cacert.pem -passout pass:"{{ easyrsa_p12_export_password }}"
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
      with_items: "{{ users }}"

    - name: Copy the p12 certificates
      local_action:
        module: copy
        src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ item }}.p12"
        dest: "configs/{{ IP_subject_alt_name }}/{{ item }}.p12"
        mode: 0600
      become: no
      with_items:
        - "{{ users }}"

    - name: Get active users
      local_action: >
        shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN=//g'
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
      register: valid_certs

    - name: Revoke non-existing users
      local_action: >
        shell openssl ca -config openssl.cnf -passin pass:"{{ easyrsa_CA_password }}" -revoke certs/{{ item }}.crt &&
          openssl ca -gencrl -config openssl.cnf -passin pass:"{{ easyrsa_CA_password }}" -revoke certs/{{ item }}.crt -out crl/{{ item }}.crt
          touch crl/{{ item }}_revoked
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
        creates: crl/{{ item }}_revoked
      environment:
        subjectAltName: "DNS:{{ item }}"
      when: item not in users
      with_items: "{{ valid_certs.stdout_lines }}"

    - name: Copy the revoked certificates to the vpn server
      copy:
        src: configs/{{ IP_subject_alt_name }}/pki/crl/{{ item }}.crt
        dest: /etc/ipsec.d/crls/{{ item }}.crt
      when: item not in users
      with_items: "{{ valid_certs.stdout_lines }}"
      notify:
        - rereadcrls

    - name: Register p12 PayloadContent
      local_action: >
        shell cat private/{{ item }}.p12 | base64
      register:  PayloadContent
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
      with_items: "{{ users }}"

    - name: Set facts for mobileconfigs
      set_fact:
        proxy_enabled: false
        PayloadContentCA: "{{ lookup('file' , 'configs/{{ IP_subject_alt_name }}/pki/cacert.pem')|b64encode }}"

    - name: Build the mobileconfigs
      local_action:
        module: template
        src: roles/vpn/templates/mobileconfig.j2
        dest: configs/{{ IP_subject_alt_name }}/{{ item.0 }}.mobileconfig
        mode: 0600
      become: no
      with_together:
        - "{{ users }}"
        - "{{ PayloadContent.results }}"
      no_log: True

    - name: Build the client ipsec config file
      local_action:
        module: template
        src: roles/vpn/templates/client_ipsec.conf.j2
        dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.conf
        mode: 0600
      become: no
      with_items:
        - "{{ users }}"

    - name: Build the client ipsec secret file
      local_action:
        module: template
        src: roles/vpn/templates/client_ipsec.secrets.j2
        dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.secrets
        mode: 0600
      become: no
      with_items:
        - "{{ users }}"

    - name: Build the windows client powershell script
      local_action:
        module: template
        src: roles/vpn/templates/client_windows.ps1.j2
        dest: configs/{{ IP_subject_alt_name }}/windows_{{ item }}.ps1
        mode: 0600
      become: no
      when: Win10_Enabled is defined and Win10_Enabled == "Y"
      with_items: "{{ users }}"

    # SSH

    - name: SSH | Get active system users
      shell: >
        getent group algo | cut -f4 -d: | sed "s/,/\n/g"
      register: valid_users
      when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"

    - name: SSH | Delete non-existing users
      user:
        name: "{{ item }}"
        state: absent
        remove: yes
        force: yes
      when: item not in users and ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"
      with_items: "{{ valid_users.stdout_lines | default('null') }}"

  post_tasks:
    - debug:
        msg:
          - "{{ congrats.common.split('\n') }}"
          - "    {{ congrats.p12_pass }}"
      tags: always

  handlers:
    - name: rereadcrls
      shell: ipsec rereadcrls
User management 8 years ago			`---`

Modify user-management function 8 years ago			`- hosts: localhost`
			`gather_facts: False`
			`vars_files:`
linting 8 years ago			`- config.cfg`
the password for the CA private key #75 8 years ago
Modify user-management function 8 years ago			`tasks:`
			`- name: Add the server to the vpn-host group`
linting 8 years ago			`add_host:`
Modify user-management function 8 years ago			`hostname: "{{ server_ip }}"`
			`groupname: vpn-host`
			`ansible_ssh_user: "{{ server_user }}"`
			`ansible_python_interpreter: "/usr/bin/python2.7"`
SSH user-management #77 8 years ago			`ssh_tunneling_enabled: "{{ ssh_tunneling_enabled }}"`
the password for the CA private key #75 8 years ago			`easyrsa_CA_password: "{{ easyrsa_CA_password }}"`
Update-users fixed #52 8 years ago			`IP_subject: "{{ IP_subject }}"`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`ansible_ssh_private_key_file: "{{ SSH_keys.private }}"`
Modify user-management function 8 years ago
reorganize the wait_for functions #159 8 years ago			`- name: Wait until SSH becomes ready...`
			`local_action:`
			`module: wait_for`
			`port: 22`
			`host: "{{ server_ip }}"`
			`search_regex: "OpenSSH"`
			`delay: 10`
			`timeout: 320`
			`state: present`
linting 8 years ago			`become: false`
Modify user-management function 8 years ago
miscelllaneous cleanups 8 years ago			`- name: User management`
Modify user-management function 8 years ago			`hosts: vpn-host`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`gather_facts: true`
EC2 Support 8 years ago			`become: true`
User management 8 years ago			`vars_files:`
linting 8 years ago			`- config.cfg`
linting 8 years ago
Update-users fixed #52 8 years ago			`pre_tasks:`
			`- set_fact:`
			`IP_subject_alt_name: "{{ IP_subject }}"`
additional variables 7 years ago			`easyrsa_p12_export_password: "{{ p12_export_password\|default((ansible_date_time.iso8601_basic\|sha1\|to_uuid).split('-')[0]) }}"`
linting 8 years ago
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`roles:`
			`- { role: ssh_tunneling, tags: [ 'ssh_tunneling' ], when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }`

User management 8 years ago			`tasks:`
random password for the p12 certificates #135 8 years ago
			`- name: Gather Facts`
			`setup:`

Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Cheking the signature algorithm`
			`local_action: >`
			`shell openssl x509 -text -in certs/{{ IP_subject_alt_name }}.crt \| grep 'Signature Algorithm' \| head -n1`
			`become: no`
			`register: sig_algo`
			`args:`
			`chdir: "configs/{{ IP_subject_alt_name }}/pki/"`

			`- name: Change the algorithm to RSA`
			`set_fact:`
			`algo_params: "rsa:2048"`
			`when: '"ecdsa" not in sig_algo.stdout'`
random password for the p12 certificates #135 8 years ago
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`- name: Build the client's pair`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`local_action: >`
			`shell openssl req -utf8 -new -newkey {{ algo_params \| default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&`
			`openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&`
			`touch certs/{{ item }}_crt_generated`
			`become: no`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`args:`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`chdir: "configs/{{ IP_subject_alt_name }}/pki/"`
			`creates: certs/{{ item }}_crt_generated`
			`environment:`
			`subjectAltName: "DNS:{{ item }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`with_items: "{{ users }}"`

			`- name: Build the client's p12`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`local_action: >`
			`shell openssl pkcs12 -in certs/{{ item }}.crt -inkey private/{{ item }}.key -export -name {{ item }} -out private/{{ item }}.p12 -certfile cacert.pem -passout pass:"{{ easyrsa_p12_export_password }}"`
			`become: no`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`args:`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`chdir: "configs/{{ IP_subject_alt_name }}/pki/"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`with_items: "{{ users }}"`

Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Copy the p12 certificates`
			`local_action:`
			`module: copy`
			`src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ item }}.p12"`
			`dest: "configs/{{ IP_subject_alt_name }}/{{ item }}.p12"`
			`mode: 0600`
			`become: no`
			`with_items:`
			`- "{{ users }}"`

Add the SSH role to the users-update playbook #92 fixed 8 years ago			`- name: Get active users`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`local_action: >`
			`shell grep ^V index.txt \| grep -v "{{ IP_subject_alt_name }}" \| awk '{print $5}' \| sed 's/\/CN=//g'`
			`become: no`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`args:`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`chdir: "configs/{{ IP_subject_alt_name }}/pki/"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`register: valid_certs`

			`- name: Revoke non-existing users`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`local_action: >`
			`shell openssl ca -config openssl.cnf -passin pass:"{{ easyrsa_CA_password }}" -revoke certs/{{ item }}.crt &&`
			`openssl ca -gencrl -config openssl.cnf -passin pass:"{{ easyrsa_CA_password }}" -revoke certs/{{ item }}.crt -out crl/{{ item }}.crt`
			`touch crl/{{ item }}_revoked`
			`become: no`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`args:`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`chdir: "configs/{{ IP_subject_alt_name }}/pki/"`
			`creates: crl/{{ item }}_revoked`
			`environment:`
			`subjectAltName: "DNS:{{ item }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`when: item not in users`
			`with_items: "{{ valid_certs.stdout_lines }}"`

Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Copy the revoked certificates to the vpn server`
			`copy:`
			`src: configs/{{ IP_subject_alt_name }}/pki/crl/{{ item }}.crt`
			`dest: /etc/ipsec.d/crls/{{ item }}.crt`
			`when: item not in users`
			`with_items: "{{ valid_certs.stdout_lines }}"`
			`notify:`
			`- rereadcrls`

Add the SSH role to the users-update playbook #92 fixed 8 years ago			`- name: Register p12 PayloadContent`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`local_action: >`
			`shell cat private/{{ item }}.p12 \| base64`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`register: PayloadContent`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`become: no`
			`args:`
			`chdir: "configs/{{ IP_subject_alt_name }}/pki/"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`with_items: "{{ users }}"`

Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Set facts for mobileconfigs`
			`set_fact:`
			`proxy_enabled: false`
			`PayloadContentCA: "{{ lookup('file' , 'configs/{{ IP_subject_alt_name }}/pki/cacert.pem')\|b64encode }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago
			`- name: Build the mobileconfigs`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`local_action:`
			`module: template`
			`src: roles/vpn/templates/mobileconfig.j2`
			`dest: configs/{{ IP_subject_alt_name }}/{{ item.0 }}.mobileconfig`
			`mode: 0600`
			`become: no`
Add the SSH role to the users-update playbook #92 fixed 8 years ago			`with_together:`
			`- "{{ users }}"`
			`- "{{ PayloadContent.results }}"`
			`no_log: True`

Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Build the client ipsec config file`
			`local_action:`
			`module: template`
			`src: roles/vpn/templates/client_ipsec.conf.j2`
			`dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.conf`
			`mode: 0600`
			`become: no`
			`with_items:`
			`- "{{ users }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Build the client ipsec secret file`
			`local_action:`
			`module: template`
			`src: roles/vpn/templates/client_ipsec.secrets.j2`
			`dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.secrets`
			`mode: 0600`
			`become: no`
			`with_items:`
			`- "{{ users }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago			`- name: Build the windows client powershell script`
			`local_action:`
			`module: template`
			`src: roles/vpn/templates/client_windows.ps1.j2`
			`dest: configs/{{ IP_subject_alt_name }}/windows_{{ item }}.ps1`
			`mode: 0600`
			`become: no`
			`when: Win10_Enabled is defined and Win10_Enabled == "Y"`
			`with_items: "{{ users }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago
			`# SSH`

			`- name: SSH \| Get active system users`
			`shell: >`
			`getent group algo \| cut -f4 -d: \| sed "s/,/\n/g"`
			`register: valid_users`
			`when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"`

			`- name: SSH \| Delete non-existing users`
			`user:`
			`name: "{{ item }}"`
			`state: absent`
			`remove: yes`
			`force: yes`
			`when: item not in users and ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"`
Fixed. #137 8 years ago			`with_items: "{{ valid_users.stdout_lines \| default('null') }}"`
Add the SSH role to the users-update playbook #92 fixed 8 years ago
random password for the p12 certificates #135 8 years ago			`post_tasks:`
contgrats fix in update-users #243 7 years ago			`- debug:`
			`msg:`
			`- "{{ congrats.common.split('\n') }}"`
			`- " {{ congrats.p12_pass }}"`
random password for the p12 certificates #135 8 years ago			`tags: always`
Local openssl tasks (#169) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes 7 years ago
			`handlers:`
			`- name: rereadcrls`
			`shell: ipsec rereadcrls`