# vim:ft=ansible:
- name: Configure the server and install required software
  hosts: localhost
  gather_facts: false

  vars:
    zones:
      "1": "us-central1-a"
      "2": "us-central1-b"
      "3": "us-central1-c"
      "4": "us-central1-f"
      "5": "us-east1-b"
      "6": "us-east1-c"
      "7": "us-east1-d"
      "8": "europe-west1-b"
      "9": "europe-west1-c"
      "10": "europe-west1-d"
      "11": "asia-east1-a"
      "12": "asia-east1-b"
      "13": "asia-east1-c"

  vars_prompt:
  - name: "credentials_file"
    prompt: "Enter the local path to your credentials JSON file [ex: ~/gogle_cloud.json] (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):\n"
    private: no

  - name: "ssh_public_key"
    prompt: "Enter the local path to your SSH public key:\n"
    default: "~/.ssh/id_rsa.pub"
    private: no

  - name: "zone"
    prompt: >
      What zone should the server be located in?
        1. Central US       (Iowa A)
        2. Central US       (Iowa B)
        3. Central US       (Iowa C)
        4. Central US       (Iowa F)
        5. Eastern US       (South Carolina B)
        6. Eastern US       (South Carolina C)
        7. Eastern US       (South Carolina D)
        8. Western Europe   (Belgium B)
        9. Western Europe   (Belgium C)
        10. Western Europe  (Belgium D)
        11. East Asia       (Taiwan A)
        12. East Asia       (Taiwan B)
        13. East Asia       (Taiwan C)
      Please choose the number of your zone. Press enter for default (#8) zone.
    default: "8"
    private: no

  - name: "server_name"
    prompt: "Name the vpn server:\n"
    default: "algo"
    private: no

  - name: "dns_enabled"
    prompt: "Do you want to install a local DNS resolver to block ads while surfing? (y/n):\n"
    default: "y"
    private: no

  - name: "proxy_enabled"
    prompt: "Do you want to install an HTTP proxy to block ads and decrease traffic usage while surfing? (y/n):\n"
    default: "y"
    private: no

  - name: "auditd_enabled"
    prompt: "Do you want to use auditd for security monitoring (see config.cfg)? (y/n):\n"
    default: "y"
    private: no

  - name: "ssh_tunneling_enabled"
    prompt: "Do you want each user to have their own account for SSH tunneling? (y/n):\n"
    default: "y"
    private: no

  - name: "easyrsa_p12_export_password"
    prompt: "Enter a password for p12 certificates and SSH private keys: (minimum five characters)\n"
    default: "vpnpw"
    private: yes

  roles:
    - cloud-gce

- name: Post-provisioning tasks
  hosts: vpn-host
  gather_facts: false
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - name: Install prerequisites
      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
    - name: Configure defaults
      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

  roles:
    - common
    - security
    - { role: proxy, when: proxy_enabled is defined and proxy_enabled == "y" }
    - { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "y" }
    - { role: logging, when: auditd_enabled is defined and auditd_enabled == "y" }
    - { role: ssh_tunneling, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
    - vpn