From 57bc377ad4b9572693a53198234bc699c3895e14 Mon Sep 17 00:00:00 2001
From: yohan <783b8c87@scimetis.net>
Date: Sun, 3 Nov 2024 21:47:16 +0100
Subject: [PATCH] Add OpenVPN interface to the trusted zone.

---
 roles/role_deploy_openvpn-server/tasks/main.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/roles/role_deploy_openvpn-server/tasks/main.yml b/roles/role_deploy_openvpn-server/tasks/main.yml
index 01b5eb4..f83d89b 100644
--- a/roles/role_deploy_openvpn-server/tasks/main.yml
+++ b/roles/role_deploy_openvpn-server/tasks/main.yml
@@ -8,7 +8,7 @@
   failed_when: "result_openvpn_server_systemd_stop is failed and 'Could not find the requested service' not in result_openvpn_server_systemd_stop.msg"
 
 - name: Check if openvpn-server container is running
-  command: 'podman ps -q --filter "name=openvpn-server"'
+  command: 'podman ps -q --filter "name=^openvpn-server$"'
   changed_when: false
   register: podman_ps
   become: true
@@ -181,3 +181,12 @@
     immediate: true
     state: enabled
   become: true
+
+- name: Add OpenVPN interface to the trusted zone
+  ansible.posix.firewalld:
+    zone: trusted
+    interface: tun0
+    permanent: true
+    immediate: true
+    state: enabled
+  become: true