mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-25 02:32:43 +02:00
e8947f318b
* Refactoring, booleans declaration and update users fix * Make server_name more FQDN compatible * Rename variables * Define the default value for store_cakey * Skip a prompt about the SSH user if deploying to localhost * Disable reboot for non-cloud deployments * Enable EC2 volume encryption by default * Add default server value (localhost) for the local installation Delete empty files * Add default region to aws_region_facts * Update docs * EC2 credentials fix * Warnings fix * Update deploy-from-ansible.md * Fix a typo * Remove lightsail from the docs * Disable EC2 encryption by default * rename droplet to server * Disable dependencies * Disable tls_cipher_suite * Convert wifi-exclude to a string. Update-users fix * SSH access congrats fix * 16.04 > 18.04 * Dont ask for the credentials if specified in the environment vars * GCE server name fix
65 lines
2.2 KiB
YAML
65 lines
2.2 KiB
YAML
---
|
|
- name: Configure the server and install required software
|
|
hosts: vpn-host
|
|
gather_facts: false
|
|
tags: algo
|
|
become: true
|
|
vars_files:
|
|
- config.cfg
|
|
|
|
roles:
|
|
- role: common
|
|
- role: dns_adblocking
|
|
when: algo_local_dns
|
|
tags: dns_adblocking
|
|
- role: ssh_tunneling
|
|
when: algo_ssh_tunneling
|
|
tags: ssh_tunneling
|
|
- role: vpn
|
|
tags: vpn
|
|
|
|
post_tasks:
|
|
- block:
|
|
- name: Delete the CA key
|
|
local_action:
|
|
module: file
|
|
path: "configs/{{ IP_subject_alt_name }}/pki/private/cakey.pem"
|
|
state: absent
|
|
become: false
|
|
when: not algo_store_cakey
|
|
|
|
- name: Dump the configuration
|
|
local_action:
|
|
module: copy
|
|
dest: "configs/{{ IP_subject_alt_name }}/config.yml"
|
|
content: |
|
|
server: {{ 'localhost' if inventory_hostname == 'localhost' else inventory_hostname }}
|
|
server_user: {{ ansible_ssh_user }}
|
|
{% if algo_provider != "local" %}
|
|
ansible_ssh_private_key_file: {{ ansible_ssh_private_key_file|default(SSH_keys.private) }}
|
|
{% endif %}
|
|
algo_provider: {{ algo_provider }}
|
|
algo_server_name: {{ algo_server_name }}
|
|
algo_ondemand_cellular: {{ algo_ondemand_cellular }}
|
|
algo_ondemand_wifi: {{ algo_ondemand_wifi }}
|
|
algo_ondemand_wifi_exclude: {{ algo_ondemand_wifi_exclude }}
|
|
algo_local_dns: {{ algo_local_dns }}
|
|
algo_ssh_tunneling: {{ algo_ssh_tunneling }}
|
|
algo_windows: {{ algo_windows }}
|
|
algo_store_cakey: {{ algo_store_cakey }}
|
|
IP_subject_alt_name: {{ IP_subject_alt_name }}
|
|
{% if tests|default(false)|bool %}ca_password: {{ CA_password }}{% endif %}
|
|
become: false
|
|
|
|
- debug:
|
|
msg:
|
|
- "{{ congrats.common.split('\n') }}"
|
|
- " {{ congrats.p12_pass }}"
|
|
- " {% if algo_store_cakey %}{{ congrats.ca_key_pass }}{% endif %}"
|
|
- " {% if algo_provider != 'local' %}{{ congrats.ssh_access }}{% endif %}"
|
|
tags: always
|
|
rescue:
|
|
- debug: var=fail_hint
|
|
tags: always
|
|
- fail:
|
|
tags: always
|