# vim:ft=ansible:
- name: Create a sandbox instance
  hosts: localhost
  gather_facts: False
  vars_files:
    - config.cfg
  vars:
    instance_type: t2.nano
    security_group: vpn-secgroup
    regions:
      "1":  "us-east-1"
      "2":  "us-west-1"
      "3":  "us-west-2"
      "4":  "ap-south-1"
      "5":  "ap-northeast-2"
      "6":  "ap-southeast-1"
      "7":  "ap-southeast-2"
      "8":  "ap-northeast-1"
      "9":  "eu-central-1"
      "10": "eu-west-1"
      "11": "sa-east-1"

  vars_prompt:
  - name: "aws_access_key"
    prompt: "Enter your aws_access_key (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html):\n"
    private: yes

  - name: "aws_secret_key"
    prompt: "Enter your aws_secret_key (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html):\n"
    private: yes

  - name: "region"
    prompt: >
      What region should the server be located in?
       1.   us-east-1           US East (N. Virginia)
       2.   us-west-1           US West (N. California)
       3.   us-west-2           US West (Oregon)
       4.   ap-south-1          Asia Pacific (Mumbai)
       5.   ap-northeast-2      Asia Pacific (Seoul)
       6.   ap-southeast-1      Asia Pacific (Singapore)
       7.   ap-southeast-2      Asia Pacific (Sydney)
       8.   ap-northeast-1      Asia Pacific (Tokyo)
       9.   eu-central-1        EU (Frankfurt)
       10.  eu-west-1           EU (Ireland)
       11.  sa-east-1           South America (São Paulo)
    default: "1"
    private: no

  - name: "aws_server_name"
    prompt: "Name the vpn server:\n"
    default: "algo.local"
    private: no

  - name: "ssh_public_key"
    prompt: "Enter the local path to your SSH public key:\n"
    default: "~/.ssh/id_rsa.pub"
    private: no

  - name: "dns_enabled"
    prompt: "Do you want to install a local DNS resolver to block ads while surfing? (y/n):\n"
    default: "y"
    private: no

  - name: "proxy_enabled"
    prompt: "Do you want to install an HTTP proxy to block ads and decrease traffic usage while surfing? (y/n):\n"
    default: "y"
    private: no

  - name: "auditd_enabled"
    prompt: "Do you want to use auditd for security monitoring (see config.cfg)? (y/n):\n"
    default: "y"
    private: no

  - name: "ssh_tunneling_enabled"
    prompt: "Do you want each user to have their own account for SSH tunneling? (y/n):\n"
    default: "y"
    private: no

  - name: "security_enabled"
    prompt: "Do you want to enable the security role? (y/n):\n"
    default: "y"
    private: no

  - name: "easyrsa_p12_export_password"
    prompt: "Enter a password for p12 certificates and SSH private keys: (minimum five characters)\n"
    default: "vpnpw"
    private: yes

  roles:
    - cloud-ec2

- name: Post-provisioning tasks
  hosts: vpn-host
  gather_facts: false
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - name: Install prerequisites
      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
    - name: Configure defaults
      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

  roles:
    - common
    - { role: security, when: security_enabled is defined and security_enabled == "y" }
    - { role: proxy, when: proxy_enabled is defined and proxy_enabled == "y" }
    - { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "y" }
    - { role: logging, when: auditd_enabled is defined and auditd_enabled == "y" }
    - { role: ssh_tunneling, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
    - vpn