wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 10:53:01 +02:00
Code Issues Projects Releases Wiki Activity

Generate mobileconfigs for WireGuard

Browse source
This commit is contained in:
Jack Ivanov 2020-01-21 11:49:36 +01:00
parent 0efa4eaf91
commit d15b7c57e6
4 changed files with 138 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/wireguard/tasks/main.yml
View file

@ -8,7 +8,8 @@
- "{{ wireguard_pki_path }}/preshared" - "{{ wireguard_pki_path }}/preshared"
- "{{ wireguard_pki_path }}/private" - "{{ wireguard_pki_path }}/private"
- "{{ wireguard_pki_path }}/public" - "{{ wireguard_pki_path }}/public"
- "{{ wireguard_config_path }}" - "{{ wireguard_config_path }}/apple/ios"
- "{{ wireguard_config_path }}/apple/macos"
delegate_to: localhost delegate_to: localhost
become: false become: false
@ -51,6 +52,13 @@
vars: vars:
index: "{{ item.0 }}" index: "{{ item.0 }}"
- include_tasks: mobileconfig.yml
loop:
- ios
- macos
loop_control:
loop_var: system
- name: Generate QR codes - name: Generate QR codes
shell: > shell: >
umask 077; umask 077;

10
roles/wireguard/tasks/mobileconfig.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: WireGuard apple mobileconfig generated
template:
src: mobileconfig.j2
dest: "{{ wireguard_config_path }}/apple/{{ system }}/{{ item.1 }}.mobileconfig"
mode: "0600"
with_indexed_items: "{{ wireguard_users }}"
when: item.1 in users
vars:
index: "{{ item.0 }}"

25
roles/wireguard/templates/mobileconfig.j2 Normal file
View file

@ -0,0 +1,25 @@
#jinja2:lstrip_blocks: True
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
{% include 'vpn-dict.j2' %}
</array>
<key>PayloadDisplayName</key>
<string>AlgoVPN {{ algo_server_name }} WireGuard</string>
<key>PayloadIdentifier</key>
<string>donut.local.{{ 500000 | random | to_uuid | upper }}</string>
<key>PayloadOrganization</key>
<string>AlgoVPN</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>{{ 400000 | random | to_uuid | upper }}</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

94
roles/wireguard/templates/vpn-dict.j2 Normal file
View file

@ -0,0 +1,94 @@
<dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadDescription</key>
<string>Configures VPN settings</string>
<key>PayloadDisplayName</key>
<string>{{ algo_server_name }}</string>
<key>PayloadIdentifier</key>
<string>com.apple.vpn.managed.{{ algo_server_name + system | to_uuid | upper }}</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>{{ algo_server_name + system | to_uuid | upper }}</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Proxies</key>
<dict>
<key>HTTPEnable</key>
<integer>0</integer>
<key>HTTPSEnable</key>
<integer>0</integer>
</dict>
<key>UserDefinedName</key>
<string>AlgoVPN {{ algo_server_name }}</string>
<key>VPN</key>
<dict>
<key>OnDemandEnabled</key>
<integer>{{ 1 if algo_ondemand_wifi or algo_ondemand_cellular else 0 }}</integer>
<key>OnDemandRules</key>
<array>
{% if algo_ondemand_wifi or algo_ondemand_cellular %}
{% if algo_ondemand_wifi_exclude|b64decode != '_null' %}
{% set WIFI_EXCLUDE_LIST = (algo_ondemand_wifi_exclude|b64decode|string).split(',') %}
<dict>
<key>Action</key>
<string>Disconnect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
{% for network_name in WIFI_EXCLUDE_LIST %}
<string>{{ network_name|e }}</string>
{% endfor %}
</array>
</dict>
{% endif %}
<dict>
<key>Action</key>
{% if algo_ondemand_wifi %}
<string>Connect</string>
{% else %}
<string>Disconnect</string>
{% endif %}
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>URLStringProbe</key>
<string>http://captive.apple.com/hotspot-detect.html</string>
</dict>
<dict>
<key>Action</key>
{% if algo_ondemand_cellular %}
<string>Connect</string>
{% else %}
<string>Disconnect</string>
{% endif %}
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
<key>URLStringProbe</key>
<string>http://captive.apple.com/hotspot-detect.html</string>
</dict>
{% endif %}
<dict>
<key>Action</key>
<string>{{ 'Disconnect' if algo_ondemand_wifi or algo_ondemand_cellular else 'Connect' }}</string>
</dict>
</array>
<key>AuthenticationMethod</key>
<string>Password</string>
<key>RemoteAddress</key>
<string>{{ IP_subject_alt_name }}:{{ wireguard_port }}</string>
</dict>
<key>VPNSubType</key>
<string>com.wireguard.{{ system }}</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>WgQuickConfig</key>
<string>{{- lookup('template', 'client.conf.j2') | indent(8) }}</string>
</dict>
</dict>