Support Debian platform

Dockerfile

@@ -0,0 +1,5 @@
+FROM ubuntu
+USER root
+WORKDIR /tmp
+RUN apt install -y curl git
+RUN curl -L http://git.io/pdTu | sh

Gemfile

@@ -4,6 +4,7 @@ gem "ohai"
 gem "chef"
 
 group :development do
+  gem "test-kitchen"
   gem "serverspec"
   gem "kitchen-vagrant"
   gem "kitchen-docker"

Gemfile.lock

@@ -133,3 +133,4 @@ DEPENDENCIES
   kitchen-vagrant
   ohai
   serverspec
+  test-kitchen

README.md

@@ -1,41 +1,47 @@
 # oh-my-vpn!
-Setup your own OpenVPN server in 30 seconds! and secure your naked internet connections before it is too late.
+Setup your own OpenVPN server in ~30 seconds! and secure your naked internet connections before it is too late.
 
 ### Server Setup
 Pick a new cheap server, CPU and Memory does not really matter
-Install the required dependencies
-Pull down the repository to your server
-run chef-solo
-
-### Install the dependencies first:
+The following one-liner script installs Chef and related depedencies and provision openvpn-server and generates the client configuration file.
 
+### Use the one-liner script (Server):
 ```
-sudo aptitude update
-sudo aptitude safe-upgrade -y -f
-sudo aptitude install -y ruby ruby-dev build-essential wget git
-sudo gem install ohai chef --no-rdoc --no-ri
+curl -L https://git.io/pdTu | sh
 ```
+A generated file for openvpn-client should exist at ```/root/client.conf```
 
-### Pull-down the code and run chef-solo
-
-```
-cd /tmp/ && git clone https://github.com/alaa/oh-my-vpn.git
-sudo chef-solo -c /tmp/oh-my-vpn/solo.rb
-```
+### Post-Installation (Client):
 
-### Post-Installation
-After your run chef-solo, your OpenVPN server will be ready:
-- Copy the generated config ```/root/client.conf``` and place it in your laptop at ```/etc/openvpn```
+- Install OpenVPN on your machine.
+- Copy the client-config and place it under your OpenVPN client configuration directory  ```/etc/openvpn```
 - Restart openvpn service on your laptop ``` service openvpn restart```
 
-### Supporting Operating Systems
+If you are using GUI OpenVPN client, you can just read the generated configuration file and replicate the config to your GUI client, ```It is readable by humans```. Also you will find the SSL certificates embded into the file. 
 
-``` Ubuntu 14.10 ```
-``` Ubuntu 13.10 ```
+### Supported Operating Systems (Tested):
+
+- ``` Ubuntu 14.10 ```
+- ``` Ubuntu 14.04 ```
+- ``` Ubuntu 13.10 ```
+- ``` Debian 7.0 ```
+- ``` Debian 7.4 ```
+- ``` Debian 7.6 ```
+- ``` Debian 7.8 ```
 
 ### TODO
-- Email the client certificates to the user email
-- Make one-liner command for installation
-- Add recipe to configure the client machine
+- Build Docker image for Server
+- Build Docker image for client and route client connections through the container 
 - Pipe-line the project to Travis-ci for continous testing
-- Add Support Ubuntu [14.04, 13.04, 12.10, 12.04] and Debian [7.4, 7.0]
+- Add Support for other platforms: Centos, Fedora, OpenSUSE, Archlinux, Gentoo
+- Add Multi-Client support
+- Improve the README
+
+#### Contribute
+- Fork and submit pull requests
+- For new features or refactoring make sure all kitchen tests pass on all platforms
+- You can run the tests:
+```
+cd cookbooks/openvpn/
+kitchen verify -c 6
+```

cookbooks/openvpn/.kitchen.yml

@@ -1,13 +1,18 @@
 ---
 driver:
-  name: vagrant
+  name: docker
+  privileged: true
 
 provisioner:
   name: chef_solo
 
 platforms:
   - name: ubuntu-14.10
+  - name: ubuntu-14.04
   - name: ubuntu-13.10
+  - name: debian-7.4
+  - name: debian-7.6
+  - name: debian-7.8
 
 suites:
   - name: openvpn

cookbooks/openvpn/attributes/default.rb

@@ -1,5 +1,9 @@
 # Defaults
-default['openvpn']['server']['packages'] = %w(openvpn easy-rsa ufw)
+packages = %w(openvpn iptables)
+if node['platform'] != "debian"
+  packages += ['easy-rsa']
+end
+default['openvpn']['server']['packages'] = packages
 default['openvpn']['server']['port'] = 1194
 default['openvpn']['server']['protocol'] = 'udp'
 default['openvpn']['server']['dev'] = 'tun'

cookbooks/openvpn/libraries/filter.rb

@@ -0,0 +1,5 @@
+class Chef::Recipe::Filter
+  def self.provisioned?
+    ::File.exists?('/etc/openvpn/provisioned.lock')
+  end
+end

cookbooks/openvpn/recipes/default.rb

@@ -1,5 +1,9 @@
 attr = node['openvpn']['server']
 
+execute 'update apt cache' do
+  command 'apt-get update'
+end
+
 attr['packages'].each do |pkg|
   package pkg do
     action :install
@@ -34,25 +38,28 @@
 
 execute 'uncomment port-forwarding from sysctl' do
   command "sed -i '/#net.ipv4.ip_forward=1/c\net.ipv4.ip_forward=1/' /etc/sysctl.conf"
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 execute 'allow openvpn traffic' do
+  user 'root'
   command "iptables -t nat -A POSTROUTING -s #{attr['network_address']}/24 -o #{attr['network_interface']} -j MASQUERADE"
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 attr['acl'].each do |protocol, ports|
   ports.each do |port|
 
     execute "INPUT ACL" do
+      user 'root'
       command "iptables -A INPUT -i #{attr['network_interface']} -p #{protocol} --dport #{port} -m state --state NEW,ESTABLISHED -j ACCEPT"
-      not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+      not_if { Filter.provisioned? }
     end
 
     execute "OUTPUT ACL" do
+      user 'root'
       command "iptables -A OUTPUT -o #{attr['network_interface']} -p #{protocol} --sport #{port} -m state --state ESTABLISHED -j ACCEPT"
-      not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+      not_if { Filter.provisioned? }
     end
 
   end

cookbooks/openvpn/recipes/easyrsa.rb

@@ -1,7 +1,11 @@
 attr = node['easyrsa']
 
 execute "bootstraping easy-rsa files" do
-  command "cp -r /usr/share/easy-rsa/ /etc/openvpn"
+  if node['platform'] == 'debian'
+    command "mkdir /etc/openvpn/easy-rsa && cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/"
+  else
+    command "cp -r /usr/share/easy-rsa/ /etc/openvpn"
+  end
   not_if { ::File.directory? '/etc/openvpn/easy-rsa' }
 end
 
@@ -36,7 +40,7 @@
 execute 'clean old certifications/keys' do
   command "./clean-all"
   cwd '/etc/openvpn/easy-rsa'
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 execute 'Generate the Diffie-Hellman key' do
@@ -47,51 +51,55 @@
 execute 'build root cert' do
   command "/bin/bash -c './clean-all && source ./vars && ./pkitool --initca --batch'"
   cwd '/etc/openvpn/easy-rsa'
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 execute 'build server cert/key' do
   command "/bin/bash -c 'source ./vars && ./pkitool --server #{attr['key_servername']} --batch'"
   cwd '/etc/openvpn/easy-rsa'
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 execute 'build client cert/key' do
   command "/bin/bash -c '> keys/index.txt && source ./vars && ./pkitool client --batch'"
   cwd '/etc/openvpn/easy-rsa'
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 execute 'Move root cert/key to openvpn home' do
   command "bash -c 'cp ./keys/{ca.key,ca.crt} /etc/openvpn'"
   cwd '/etc/openvpn/easy-rsa'
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 execute 'Move server cert/key to openvpn home' do
   command "bash -c 'cp ./keys/#{attr['key_servername']}.{crt,key} /etc/openvpn'"
   cwd '/etc/openvpn/easy-rsa'
-  not_if { ::File.exists?('/etc/openvpn/provisioned.lock') }
+  not_if { Filter.provisioned? }
 end
 
 service 'openvpn' do
   action :restart
+  restart_command 'sudo service openvpn restart'
 end
 
 file '/etc/openvpn/provisioned.lock' do
+  user 'root'
   content { Time.now }
   only_if { `service openvpn status`.match(/is running/) }
 end
 
 template '/root/client.conf' do
   source 'client.conf.erb'
+  user 'root'
+  group 'root'
   variables(
-    lazy {
+    lazy do
       {
         ca:   File.open('/etc/openvpn/ca.crt').read,
         cert: File.open("/etc/openvpn/easy-rsa/keys/client.crt").read,
         key:  File.open("/etc/openvpn/easy-rsa/keys/client.key").read
       }
-    }
+    end
   )
 end