wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-05 06:33:56 +02:00
Code Issues Projects Releases Wiki Activity

Modify naming in the cloud resources and client config files (#1353)

Browse source 
* Modify naming in the cloud resources and client config files

* Azure template: Eliminate unneeded variables
This commit is contained in:
Jack Ivanov 2019-03-15 18:16:26 +01:00 committed by GitHub
parent 4ae5972f94
commit 30beadb949
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 43 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
roles/cloud-azure/files/deployment.json
View file

@ -2,15 +2,9 @@
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json", "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
"contentVersion": "1.0.0.0", "contentVersion": "1.0.0.0",
"parameters": { "parameters": {
"AlgoServerName": {
"type": "string"
},
"sshKeyData": { "sshKeyData": {
"type": "string" "type": "string"
}, },
"location": {
"type": "string"
},
"WireGuardPort": { "WireGuardPort": {
"type": "int" "type": "int"
}, },
@ -22,15 +16,15 @@
} }
}, },
"variables": { "variables": {
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('AlgoServerName'))]", "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', resourceGroup().name)]",
"subnet1Ref": "[concat(variables('vnetID'),'/subnets/', parameters('AlgoServerName'))]" "subnet1Ref": "[concat(variables('vnetID'),'/subnets/', resourceGroup().name)]"
}, },
"resources": [ "resources": [
{ {
"apiVersion": "2015-06-15", "apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkSecurityGroups", "type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('AlgoServerName')]", "name": "[resourceGroup().name]",
"location": "[parameters('location')]", "location": "[resourceGroup().location]",
"properties": { "properties": {
"securityRules": [ "securityRules": [
{ {
@ -95,8 +89,8 @@
{ {
"apiVersion": "2015-06-15", "apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses", "type": "Microsoft.Network/publicIPAddresses",
"name": "[parameters('AlgoServerName')]", "name": "[resourceGroup().name]",
"location": "[parameters('location')]", "location": "[resourceGroup().location]",
"properties": { "properties": {
"publicIPAllocationMethod": "Static" "publicIPAllocationMethod": "Static"
} }
@ -104,8 +98,8 @@
{ {
"apiVersion": "2015-06-15", "apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks", "type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('AlgoServerName')]", "name": "[resourceGroup().name]",
"location": "[parameters('location')]", "location": "[resourceGroup().location]",
"properties": { "properties": {
"addressSpace": { "addressSpace": {
"addressPrefixes": [ "addressPrefixes": [
@ -114,7 +108,7 @@
}, },
"subnets": [ "subnets": [
{ {
"name": "[parameters('AlgoServerName')]", "name": "[resourceGroup().name]",
"properties": { "properties": {
"addressPrefix": "10.10.0.0/24" "addressPrefix": "10.10.0.0/24"
} }
@ -125,16 +119,16 @@
{ {
"apiVersion": "2015-06-15", "apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkInterfaces", "type": "Microsoft.Network/networkInterfaces",
"name": "[parameters('AlgoServerName')]", "name": "[resourceGroup().name]",
"location": "[parameters('location')]", "location": "[resourceGroup().location]",
"dependsOn": [ "dependsOn": [
"[concat('Microsoft.Network/networkSecurityGroups/', parameters('AlgoServerName'))]", "[concat('Microsoft.Network/networkSecurityGroups/', resourceGroup().name)]",
"[concat('Microsoft.Network/publicIPAddresses/', parameters('AlgoServerName'))]", "[concat('Microsoft.Network/publicIPAddresses/', resourceGroup().name)]",
"[concat('Microsoft.Network/virtualNetworks/', parameters('AlgoServerName'))]" "[concat('Microsoft.Network/virtualNetworks/', resourceGroup().name)]"
], ],
"properties": { "properties": {
"networkSecurityGroup": { "networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('AlgoServerName'))]" "id": "[resourceId('Microsoft.Network/networkSecurityGroups', resourceGroup().name)]"
}, },
"ipConfigurations": [ "ipConfigurations": [
{ {
@ -142,7 +136,7 @@
"properties": { "properties": {
"privateIPAllocationMethod": "Dynamic", "privateIPAllocationMethod": "Dynamic",
"publicIPAddress": { "publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('AlgoServerName'))]" "id": "[resourceId('Microsoft.Network/publicIPAddresses', resourceGroup().name)]"
}, },
"subnet": { "subnet": {
"id": "[variables('subnet1Ref')]" "id": "[variables('subnet1Ref')]"
@ -155,17 +149,17 @@
{ {
"apiVersion": "2016-04-30-preview", "apiVersion": "2016-04-30-preview",
"type": "Microsoft.Compute/virtualMachines", "type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('AlgoServerName')]", "name": "[resourceGroup().name]",
"location": "[parameters('location')]", "location": "[resourceGroup().location]",
"dependsOn": [ "dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', parameters('AlgoServerName'))]" "[concat('Microsoft.Network/networkInterfaces/', resourceGroup().name)]"
], ],
"properties": { "properties": {
"hardwareProfile": { "hardwareProfile": {
"vmSize": "[parameters('vmSize')]" "vmSize": "[parameters('vmSize')]"
}, },
"osProfile": { "osProfile": {
"computerName": "[parameters('AlgoServerName')]", "computerName": "[resourceGroup().name]",
"adminUsername": "ubuntu", "adminUsername": "ubuntu",
"linuxConfiguration": { "linuxConfiguration": {
"disablePasswordAuthentication": true, "disablePasswordAuthentication": true,
@ -193,7 +187,7 @@
"networkProfile": { "networkProfile": {
"networkInterfaces": [ "networkInterfaces": [
{ {
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('AlgoServerName'))]" "id": "[resourceId('Microsoft.Network/networkInterfaces', resourceGroup().name)]"
} }
] ]
} }
@ -203,7 +197,7 @@
"outputs": { "outputs": {
"publicIPAddresses": { "publicIPAddresses": {
"type": "string", "type": "string",
"value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',parameters('AlgoServerName')),providers('Microsoft.Network', 'publicIPAddresses').apiVersions[0]).ipAddress]", "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',resourceGroup().name),providers('Microsoft.Network', 'publicIPAddresses').apiVersions[0]).ipAddress]",
} }
} }
} }

9
roles/cloud-azure/tasks/main.yml
View file

@ -16,20 +16,17 @@
- name: Create AlgoVPN Server - name: Create AlgoVPN Server
azure_rm_deployment: azure_rm_deployment:
state: present state: present
deployment_name: "AlgoVPN-{{ algo_server_name }}" deployment_name: "{{ algo_server_name }}"
template: "{{ lookup('file', 'deployment.json') }}" template: "{{ lookup('file', 'deployment.json') }}"
secret: "{{ secret }}" secret: "{{ secret }}"
tenant: "{{ tenant }}" tenant: "{{ tenant }}"
client_id: "{{ client_id }}" client_id: "{{ client_id }}"
subscription_id: "{{ subscription_id }}" subscription_id: "{{ subscription_id }}"
resource_group_name: "AlgoVPN-{{ algo_server_name }}" resource_group_name: "{{ algo_server_name }}"
location: "{{ algo_region }}"
parameters: parameters:
AlgoServerName:
value: "{{ algo_server_name }}"
sshKeyData: sshKeyData:
value: "{{ lookup('file', '{{ SSH_keys.public }}') }}" value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
location:
value: "{{ algo_region }}"
WireGuardPort: WireGuardPort:
value: "{{ wireguard_port }}" value: "{{ wireguard_port }}"
vmSize: vmSize:

28
roles/cloud-ec2/files/stack.yml
View file

@ -21,9 +21,7 @@ Resources:
InstanceTenancy: default InstanceTenancy: default
Tags: Tags:
- Key: Name - Key: Name
Value: Algo Value: !Ref AWS::StackName
- Key: Environment
Value: Algo
VPCIPv6: VPCIPv6:
Type: AWS::EC2::VPCCidrBlock Type: AWS::EC2::VPCCidrBlock
@ -35,22 +33,18 @@ Resources:
Type: AWS::EC2::InternetGateway Type: AWS::EC2::InternetGateway
Properties: Properties:
Tags: Tags:
- Key: Environment
Value: Algo
- Key: Name - Key: Name
Value: Algo Value: !Ref AWS::StackName
Subnet: Subnet:
Type: AWS::EC2::Subnet Type: AWS::EC2::Subnet
Properties: Properties:
CidrBlock: 172.16.254.0/23 CidrBlock: 172.16.254.0/23
MapPublicIpOnLaunch: false MapPublicIpOnLaunch: false
Tags:
- Key: Environment
Value: Algo
- Key: Name
Value: Algo
VpcId: !Ref VPC VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Ref AWS::StackName
VPCGatewayAttachment: VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment Type: AWS::EC2::VPCGatewayAttachment
@ -63,10 +57,8 @@ Resources:
Properties: Properties:
VpcId: !Ref VPC VpcId: !Ref VPC
Tags: Tags:
- Key: Environment
Value: Algo
- Key: Name - Key: Name
Value: Algo Value: !Ref AWS::StackName
Route: Route:
Type: AWS::EC2::Route Type: AWS::EC2::Route
@ -140,9 +132,7 @@ Resources:
CidrIp: 0.0.0.0/0 CidrIp: 0.0.0.0/0
Tags: Tags:
- Key: Name - Key: Name
Value: Algo Value: !Ref AWS::StackName
- Key: Environment
Value: Algo
EC2Instance: EC2Instance:
Type: AWS::EC2::Instance Type: AWS::EC2::Instance
@ -181,9 +171,7 @@ Resources:
cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region} cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
Tags: Tags:
- Key: Name - Key: Name
Value: Algo Value: !Ref AWS::StackName
- Key: Environment
Value: Algo
ElasticIP: ElasticIP:
Type: AWS::EC2::EIP Type: AWS::EC2::EIP

6
roles/cloud-gce/tasks/main.yml
View file

@ -8,8 +8,8 @@
- name: Network configured - name: Network configured
gce_net: gce_net:
name: "algo-net-{{ algo_server_name }}" name: "{{ algo_server_name }}"
fwname: "algo-net-{{ algo_server_name }}-fw" fwname: "{{ algo_server_name }}-fw"
allowed: "udp:500,4500,{{ wireguard_port }};tcp:22" allowed: "udp:500,4500,{{ wireguard_port }};tcp:22"
state: "present" state: "present"
mode: auto mode: auto
@ -45,7 +45,7 @@
credentials_file: "{{ credentials_file_path }}" credentials_file: "{{ credentials_file_path }}"
project_id: "{{ project_id }}" project_id: "{{ project_id }}"
metadata: '{"ssh-keys":"ubuntu:{{ ssh_public_key_lookup }}"}' metadata: '{"ssh-keys":"ubuntu:{{ ssh_public_key_lookup }}"}'
network: "algo-net-{{ algo_server_name }}" network: "{{ algo_server_name }}"
tags: tags:
- "environment-algo" - "environment-algo"
register: google_vm register: google_vm

2
roles/strongswan/templates/client_windows.ps1.j2
View file

@ -85,7 +85,7 @@ Save the embedded CA cert and encrypted user PKCS12 file.
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
$VpnServerAddress = "{{ IP_subject_alt_name }}" $VpnServerAddress = "{{ IP_subject_alt_name }}"
$VpnName = "Algo VPN {{ IP_subject_alt_name }} IKEv2" $VpnName = "AlgoVPN {{ algo_server_name }} IKEv2"
$VpnUser = "{{ item.0 }}" $VpnUser = "{{ item.0 }}"
$CaCertificateBase64 = "{{ PayloadContentCA }}" $CaCertificateBase64 = "{{ PayloadContentCA }}"
$UserPkcs12Base64 = "{{ item.1.stdout }}" $UserPkcs12Base64 = "{{ item.1.stdout }}"

12
roles/strongswan/templates/mobileconfig.j2
View file

@ -116,7 +116,7 @@
<key>PayloadDescription</key> <key>PayloadDescription</key>
<string>Configures VPN settings</string> <string>Configures VPN settings</string>
<key>PayloadDisplayName</key> <key>PayloadDisplayName</key>
<string>VPN</string> <string>{{ algo_server_name }}</string>
<key>PayloadIdentifier</key> <key>PayloadIdentifier</key>
<string>com.apple.vpn.managed.{{ VPN_PayloadIdentifier }}</string> <string>com.apple.vpn.managed.{{ VPN_PayloadIdentifier }}</string>
<key>PayloadType</key> <key>PayloadType</key>
@ -133,7 +133,7 @@
<integer>0</integer> <integer>0</integer>
</dict> </dict>
<key>UserDefinedName</key> <key>UserDefinedName</key>
<string>Algo VPN {{ IP_subject_alt_name }} IKEv2</string> <string>AlgoVPN {{ algo_server_name }} IKEv2</string>
<key>VPNType</key> <key>VPNType</key>
<string>IKEv2</string> <string>IKEv2</string>
</dict> </dict>
@ -149,7 +149,7 @@
<key>PayloadDescription</key> <key>PayloadDescription</key>
<string>Adds a PKCS#12-formatted certificate</string> <string>Adds a PKCS#12-formatted certificate</string>
<key>PayloadDisplayName</key> <key>PayloadDisplayName</key>
<string>{{ item.0 }}.p12</string> <string>{{ algo_server_name }}</string>
<key>PayloadIdentifier</key> <key>PayloadIdentifier</key>
<string>com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }}</string> <string>com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }}</string>
<key>PayloadType</key> <key>PayloadType</key>
@ -169,7 +169,7 @@
<key>PayloadDescription</key> <key>PayloadDescription</key>
<string>Adds a CA root certificate</string> <string>Adds a CA root certificate</string>
<key>PayloadDisplayName</key> <key>PayloadDisplayName</key>
<string>{{ IP_subject_alt_name }}</string> <string>{{ algo_server_name }}</string>
<key>PayloadIdentifier</key> <key>PayloadIdentifier</key>
<string>com.apple.security.root.{{ CA_PayloadIdentifier }}</string> <string>com.apple.security.root.{{ CA_PayloadIdentifier }}</string>
<key>PayloadType</key> <key>PayloadType</key>
@ -181,11 +181,11 @@
</dict> </dict>
</array> </array>
<key>PayloadDisplayName</key> <key>PayloadDisplayName</key>
<string>{{ IP_subject_alt_name }} IKEv2</string> <string>AlgoVPN {{ algo_server_name }} IKEv2</string>
<key>PayloadIdentifier</key> <key>PayloadIdentifier</key>
<string>donut.local.{{ 500000 | random | to_uuid | upper }}</string> <string>donut.local.{{ 500000 | random | to_uuid | upper }}</string>
<key>PayloadOrganization</key> <key>PayloadOrganization</key>
<string>Algo VPN</string> <string>AlgoVPN</string>
<key>PayloadRemovalDisallowed</key> <key>PayloadRemovalDisallowed</key>
<false/> <false/>
<key>PayloadType</key> <key>PayloadType</key>