mirror of
https://github.com/trailofbits/algo.git
synced 2025-06-07 15:43:54 +02:00
Generate p12 each deployment. Generate ps1 scripts if windows supported. Define become for all the section. (#580)
This commit is contained in:
Jack Ivanov
Dan Guido
parent
ba7859ba5f
commit
26c202ded5
4 changed files with 14 additions and 11 deletions
|
|
@ -53,7 +53,7 @@ congrats:
|
||||||
"# and ensure that all your traffic passes through the VPN. #"
|
"# and ensure that all your traffic passes through the VPN. #"
|
||||||
"# Local DNS resolver {{ local_service_ip }} #"
|
"# Local DNS resolver {{ local_service_ip }} #"
|
||||||
p12_pass: |
|
p12_pass: |
|
||||||
"# The p12 and SSH keys password is {{ easyrsa_p12_export_password }} #"
|
"# The p12 and SSH keys password for new users is {{ easyrsa_p12_export_password }} #"
|
||||||
ca_key_pass: |
|
ca_key_pass: |
|
||||||
"# The CA key password is {{ easyrsa_CA_password }} #"
|
"# The CA key password is {{ easyrsa_CA_password }} #"
|
||||||
ssh_access: |
|
ssh_access: |
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
- name: Register p12 PayloadContent
|
- name: Register p12 PayloadContent
|
||||||
shell: cat private/{{ item }}.p12 | base64
|
shell: cat private/{{ item }}.p12 | base64
|
||||||
register: PayloadContent
|
register: PayloadContent
|
||||||
become: no
|
|
||||||
args:
|
args:
|
||||||
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
|
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
|
||||||
with_items: "{{ users }}"
|
with_items: "{{ users }}"
|
||||||
|
|
@ -18,7 +17,6 @@
|
||||||
src: mobileconfig.j2
|
src: mobileconfig.j2
|
||||||
dest: configs/{{ IP_subject_alt_name }}/{{ item.0 }}.mobileconfig
|
dest: configs/{{ IP_subject_alt_name }}/{{ item.0 }}.mobileconfig
|
||||||
mode: 0600
|
mode: 0600
|
||||||
become: no
|
|
||||||
with_together:
|
with_together:
|
||||||
- "{{ users }}"
|
- "{{ users }}"
|
||||||
- "{{ PayloadContent.results }}"
|
- "{{ PayloadContent.results }}"
|
||||||
|
|
@ -29,7 +27,6 @@
|
||||||
src: sswan.j2
|
src: sswan.j2
|
||||||
dest: configs/{{ IP_subject_alt_name }}/android_{{ item.0 }}.sswan
|
dest: configs/{{ IP_subject_alt_name }}/android_{{ item.0 }}.sswan
|
||||||
mode: 0600
|
mode: 0600
|
||||||
become: no
|
|
||||||
with_together:
|
with_together:
|
||||||
- "{{ users }}"
|
- "{{ users }}"
|
||||||
- "{{ PayloadContent.results }}"
|
- "{{ PayloadContent.results }}"
|
||||||
|
|
@ -40,7 +37,6 @@
|
||||||
src: android_html_helper.j2
|
src: android_html_helper.j2
|
||||||
dest: configs/{{ IP_subject_alt_name }}/android_{{ item.0 }}_helper.html
|
dest: configs/{{ IP_subject_alt_name }}/android_{{ item.0 }}_helper.html
|
||||||
mode: 0600
|
mode: 0600
|
||||||
become: no
|
|
||||||
with_together:
|
with_together:
|
||||||
- "{{ users }}"
|
- "{{ users }}"
|
||||||
no_log: True
|
no_log: True
|
||||||
|
|
@ -50,7 +46,6 @@
|
||||||
src: client_ipsec.conf.j2
|
src: client_ipsec.conf.j2
|
||||||
dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.conf
|
dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.conf
|
||||||
mode: 0600
|
mode: 0600
|
||||||
become: no
|
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ users }}"
|
- "{{ users }}"
|
||||||
|
|
||||||
|
|
@ -59,17 +54,26 @@
|
||||||
src: client_ipsec.secrets.j2
|
src: client_ipsec.secrets.j2
|
||||||
dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.secrets
|
dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.secrets
|
||||||
mode: 0600
|
mode: 0600
|
||||||
become: no
|
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ users }}"
|
- "{{ users }}"
|
||||||
|
|
||||||
|
- name: Create the windows check file
|
||||||
|
file:
|
||||||
|
state: touch
|
||||||
|
path: configs/{{ IP_subject_alt_name }}/.supports_windows
|
||||||
|
when: Win10_Enabled is defined and Win10_Enabled == "Y"
|
||||||
|
|
||||||
|
- name: Check if the windows check file exists
|
||||||
|
stat:
|
||||||
|
path: configs/{{ IP_subject_alt_name }}/.supports_windows
|
||||||
|
register: supports_windows
|
||||||
|
|
||||||
- name: Build the windows client powershell script
|
- name: Build the windows client powershell script
|
||||||
template:
|
template:
|
||||||
src: client_windows.ps1.j2
|
src: client_windows.ps1.j2
|
||||||
dest: configs/{{ IP_subject_alt_name }}/windows_{{ item }}.ps1
|
dest: configs/{{ IP_subject_alt_name }}/windows_{{ item }}.ps1
|
||||||
mode: 0600
|
mode: 0600
|
||||||
become: no
|
when: Win10_Enabled is defined and Win10_Enabled == "Y" or supports_windows.stat.exists == true
|
||||||
when: Win10_Enabled is defined and Win10_Enabled == "Y"
|
|
||||||
with_items: "{{ users }}"
|
with_items: "{{ users }}"
|
||||||
|
|
||||||
- name: Restrict permissions for the local private directories
|
- name: Restrict permissions for the local private directories
|
||||||
|
|
@ -77,6 +81,5 @@
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0700
|
mode: 0700
|
||||||
become: no
|
|
||||||
with_items:
|
with_items:
|
||||||
- configs/{{ IP_subject_alt_name }}
|
- configs/{{ IP_subject_alt_name }}
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@
|
||||||
- include: distribute_keys.yml
|
- include: distribute_keys.yml
|
||||||
- include: client_configs.yml
|
- include: client_configs.yml
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
become: no
|
||||||
tags: update-users
|
tags: update-users
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
||||||
|
|
@ -122,7 +122,6 @@
|
||||||
-passout pass:"{{ easyrsa_p12_export_password }}"
|
-passout pass:"{{ easyrsa_p12_export_password }}"
|
||||||
args:
|
args:
|
||||||
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
|
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
|
||||||
creates: private/{{ item }}.p12
|
|
||||||
with_items: "{{ users }}"
|
with_items: "{{ users }}"
|
||||||
register: p12
|
register: p12
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue