diff --git a/.gitignore b/.gitignore index a8b42eb..21516bb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.retry +inventory diff --git a/README.md b/README.md index 317e800..0377e4b 100644 --- a/README.md +++ b/README.md @@ -1 +1,5 @@ -# vpn \ No newline at end of file +# vpn + +Requirements (on host that executes module) +python >= 2.6 +dopy diff --git a/ansible.cfg b/ansible.cfg index 7eba00e..4d407ab 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,3 +1,4 @@ [defaults] inventory = inventory -pipelining = True \ No newline at end of file +pipelining = True +retry_files_enabled = False diff --git a/cloud.yml b/cloud.yml new file mode 100644 index 0000000..df1d117 --- /dev/null +++ b/cloud.yml @@ -0,0 +1,78 @@ +- name: Configure the server and install required software + hosts: localhost + + vars: + regions: + "1": "ams2" + "2": "ams3" + "3": "fra1" + "4": "lon1" + "5": "nyc1" + "6": "nyc2" + "7": "nyc3" + "8": "sfo1" + "9": "sgp1" + "10": "tor1" + + vars_prompt: + - name: "do_access_token" + prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n" + private: yes + + - name: "do_ssh_name" + prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n" + private: no + + - name: "do_region" + prompt: > + What region should the server be located in? + 1. Amsterdam (Datacenter 2) + 2. Amsterdam (Datacenter 3) + 3. Frankfurt + 4. London + 5. New York (Datacenter 1) + 6. New York (Datacenter 2) + 7. New York (Datacenter 3) + 8. San Francisco + 9. Singapore + 10. Toronto + Please choose the number of your region. Press enter for default (#7) region. + default: "7" + private: no + + - name: "do_server_name" + prompt: "Name the vpn server:\n" + default: "strongswan" + private: no + + tasks: + - name: "Getting your SSH key ID on Digital Ocean..." + digital_ocean: + state: present + command: ssh + name: "{{ do_ssh_name }}" + api_token: "{{ do_access_token }}" + register: do_ssh_key + + - name: "Creating a droplet..." + digital_ocean: + state: present + command: droplet + name: "{{ do_server_name }}" + region_id: "{{ regions[do_region] }}" + size_id: "512mb" + image_id: "ubuntu-16-04-x64" + ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}" + unique_name: yes + api_token: "{{ do_access_token }}" + register: do + + - name: Add the droplet to an inventory group + add_host: + name: "{{ do.droplet.ip_address }}" + groups: vpn-host + ansible_python_interpreter: "/usr/bin/python2.7" + + - name: Pause to let DigitalOcean boot up the VM + pause: seconds=180 + diff --git a/deploy.yml b/deploy.yml new file mode 100644 index 0000000..e190fbb --- /dev/null +++ b/deploy.yml @@ -0,0 +1,4 @@ +--- + +#- include: cloud.yml +- include: vpn.yml \ No newline at end of file diff --git a/inventory b/inventory index 499ee1e..5b1a53f 100644 --- a/inventory +++ b/inventory @@ -1,2 +1,5 @@ [localhost] -127.0.0.1 ansible_connection=local \ No newline at end of file +127.0.0.1 ansible_connection=local + +[vpn-host] +45.55.244.205 ansible_python_interpreter=/usr/bin/python2.7 diff --git a/templates/ipsec.conf.j2 b/templates/ipsec.conf.j2 index 3eef6ce..2c35266 100644 --- a/templates/ipsec.conf.j2 +++ b/templates/ipsec.conf.j2 @@ -15,4 +15,5 @@ conn psk right=%any rightdns=8.8.8.8,8.8.4.4 rightsourceip=10.0.0.0/24 - auto=add \ No newline at end of file + auto=add + \ No newline at end of file diff --git a/vpn.yml b/vpn.yml index 5c6fa68..5e92094 100644 --- a/vpn.yml +++ b/vpn.yml @@ -1,80 +1,4 @@ -- name: Configure the server and install required software - hosts: localhost - - vars: - regions: - "1": "ams2" - "2": "ams3" - "3": "fra1" - "4": "lon1" - "5": "nyc1" - "6": "nyc2" - "7": "nyc3" - "8": "sfo1" - "9": "sgp1" - "10": "tor1" - - vars_prompt: - - name: "do_access_token" - prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n" - private: yes - - - name: "do_ssh_name" - prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n" - private: no - - - name: "do_region" - prompt: > - What region should the server be located in? - 1. Amsterdam (Datacenter 2) - 2. Amsterdam (Datacenter 3) - 3. Frankfurt - 4. London - 5. New York (Datacenter 1) - 6. New York (Datacenter 2) - 7. New York (Datacenter 3) - 8. San Francisco - 9. Singapore - 10. Toronto - Please choose the number of your region. Press enter for default (#7) region. - default: "7" - private: no - - - name: "do_server_name" - prompt: "Name the vpn server:\n" - default: "strongswan" - private: no - - tasks: - - name: "Getting your SSH key ID on Digital Ocean..." - digital_ocean: - state: present - command: ssh - name: "{{ do_ssh_name }}" - api_token: "{{ do_access_token }}" - register: do_ssh_key - - - name: "Creating a droplet..." - digital_ocean: - state: present - command: droplet - name: "{{ do_server_name }}" - region_id: "{{ regions[do_region] }}" - size_id: "512mb" - image_id: "ubuntu-16-04-x64" - ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}" - unique_name: yes - api_token: "{{ do_access_token }}" - register: do - - - name: Add the droplet to an inventory group - add_host: - name: "{{ do.droplet.ip_address }}" - groups: vpn-host - ansible_python_interpreter: "/usr/bin/python2.7" - - - name: Pause to let DigitalOcean boot up the VM - pause: seconds=180 +--- - name: Install StrongSwan hosts: vpn-host @@ -104,7 +28,7 @@ sysctl: name=net.ipv4.conf.all.send_redirects value=0 - name: Configure iptables so IPSec traffic can traverse the tunnel - iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE + iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 jump=MASQUERADE - name: Setup the ipsec.conf file from our template template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644