BSD StrongSwan fixes (#1207)

roles/common/tasks/freebsd.yml

@@ -1,6 +1,8 @@
 ---
 - set_fact:
     config_prefix: "/usr/local/"
+    strongswan_shell: /usr/sbin/nologin
+    strongswan_home: /var/empty
     root_group: wheel
     ssh_service_name: sshd
     apparmor_enabled: false

roles/vpn/defaults/main.yml

@@ -1,4 +1,6 @@
 ---
+strongswan_shell: /usr/sbin/nologin
+strongswan_home: /var/lib/strongswan
 BetweenClients_DROP: true
 wireguard_config_path: "configs/{{ IP_subject_alt_name }}/wireguard/"
 wireguard_interface: wg0

roles/vpn/tasks/main.yml

@@ -9,6 +9,14 @@
     - include_tasks: ubuntu.yml
       when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
 
+    - name: Ensure that the strongswan user exist
+      user:
+        name: strongswan
+        group: nogroup
+        shell: "{{ strongswan_shell }}"
+        home: "{{ strongswan_home }}"
+        state: present
+
     - name: Install strongSwan
       package: name=strongswan state=present
 

roles/vpn/templates/strongswan.conf.j2

@@ -13,13 +13,14 @@ charon {
 	group = nogroup
 {% if ansible_distribution == 'FreeBSD' %}
 	filelog {
-	  /var/log/charon.log {
-	      time_format = %b %e %T
-	      ike_name = yes
-	      append = no
-	      default = 1
-	      flush_line = yes
-	  }
+		charon {
+			path = /var/log/charon.log
+			time_format = %b %e %T
+			ike_name = yes
+			append = no
+			default = 1
+			flush_line = yes
+		}
 	}
 {% endif %}
 }