* add the install script to support cloud-init and local one-shot deployments
* update travis-ci tests
* update docs
* enable no_log again
* update docs
<!--- Provide a general summary of your changes in the Title above -->
## Description
Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes#1330 and closes#1162
Configures Ansible to use python3 on the server side. Closes#1024
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the `config` folder. Closes#1330
<details><summary>Here is how the config directory looks like now</summary>
<p>
```
configs/X.X.X.X/
|-- ipsec
| |-- apple
| | |-- desktop.mobileconfig
| | |-- laptop.mobileconfig
| | `-- phone.mobileconfig
| |-- manual
| | |-- cacert.pem
| | |-- desktop.p12
| | |-- desktop.ssh.pem
| | |-- ipsec_desktop.conf
| | |-- ipsec_desktop.secrets
| | |-- ipsec_laptop.conf
| | |-- ipsec_laptop.secrets
| | |-- ipsec_phone.conf
| | |-- ipsec_phone.secrets
| | |-- laptop.p12
| | |-- laptop.ssh.pem
| | |-- phone.p12
| | `-- phone.ssh.pem
| `-- windows
| |-- desktop.ps1
| |-- laptop.ps1
| `-- phone.ps1
|-- ssh-tunnel
| |-- desktop.pem
| |-- desktop.pub
| |-- laptop.pem
| |-- laptop.pub
| |-- phone.pem
| |-- phone.pub
| `-- ssh_config
`-- wireguard
|-- desktop.conf
|-- desktop.png
|-- laptop.conf
|-- laptop.png
|-- phone.conf
`-- phone.png
```
</p>
</details>
## Motivation and Context
This refactoring is focused to aim to the 1.0 release
## How Has This Been Tested?
Deployed to several cloud providers with various options enabled and disabled
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Refactoring
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] All new and existing tests passed.
If a user is not connected to a trusted Wi-Fi network or if the
URLStringProbe fails none of the existing dictionaries match.
According to the Apple Configuration Profile Reference[1] section "VPN
Payload > On Demand Rules Dictionary Keys" a default behavior for
unknown networks with no matching criteria should always be set as the
last dictionary in the array. The current default behavior is to allow a
connection to occur, but this behavior is not guaranteed.
Tear down the VPN connection and do not reconnect on demand as long as
the catch-all dictionary matches to guarantee the default behavior and
more specifically allow users to access captive portals.
[1]: https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
* Document using WireGuard app on macOS
* Update README.md
* Make WireGuard the default for Apple devices
* clarify user list
* fix tests
* connect on demand
I change a line to Include the Algo generated password so the users do not need to manually enter the password when installing on Windows 10 computers.
