Add openvpn default vars to role

group_vars/sovereign

@@ -50,3 +50,15 @@
 # prosody_accounts:
 #   - name: "{{ main_user_name }}"
 #     password: TODO
+
+# openvpn
+# -------
+#openvpn_key_country:  "US"
+#openvpn_key_province: "California"
+#openvpn_key_city: "Beverly Hills"
+#openvpn_key_org: "ACME CORPORATION"
+#openvpn_key_ou: "Anvil Department"
+#openvpn_clients:
+#  - laptop
+#  - phone
+#  - tablet

roles/vpn/defaults/main.yml

@@ -0,0 +1,26 @@
+# Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
+# Check privacy: http://witch.valdikss.org.ru/
+
+openvpn_key_country:  "US"
+openvpn_key_province: "California"
+openvpn_key_city: "Beverly Hills"
+openvpn_key_org: "ACME CORPORATION"
+openvpn_key_ou: "Anvil Department"
+openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
+
+openvpn_days_valid: "1825"
+openvpn_key_size: "2048"
+openvpn_cipher: "AES-256-CBC"
+openvpn_auth_digest: "SHA512"
+openvpn_path: "/etc/openvpn"
+openvpn_ca: "{{ openvpn_path }}/ca"
+openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
+openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
+openvpn_server: "{{ domain }}"
+openvpn_port: "1194"
+openvpn_protocol: "udp"
+openvpn_mtu: "1300"
+openvpn_verb: "3" # "0" for anonymity
+openvpn_tls_version_min: "tls-version-min 1.2"
+openvpn_tls_cipher: "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+openvpn_clients: []