wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-07-25 06:53:00 +02:00
Code Issues Projects Releases Wiki Activity
algo/roles/client/tasks/main.yml
juju4 d9fe5e8561 chore: more fix ansible-lint 6.17.2
2023-08-26 15:35:39 +00:00

84 lines
2.4 KiB
YAML
Raw Blame History

---
- name: Gather Facts
ansible.builtin.setup:
- name: Include system based facts and tasks
ansible.builtin.import_tasks: systems/main.yml
- name: Install prerequisites
ansible.builtin.package:
name: "{{ item }}"
state: present
with_items:
- "{{ prerequisites }}"
register: result
until: result is succeeded
retries: 10
delay: 3
- name: Install strongSwan
ansible.builtin.package:
name: strongswan
state: present
register: result
until: result is succeeded
retries: 10
delay: 3
- name: Setup the ipsec config
ansible.builtin.template:
src: roles/strongswan/templates/client_ipsec.conf.j2
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
mode: "0644"
with_items:
- "{{ vpn_user }}"
notify:
- Restart strongswan
- name: Setup the ipsec secrets
ansible.builtin.template:
src: roles/strongswan/templates/client_ipsec.secrets.j2
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
mode: "0600"
with_items:
- "{{ vpn_user }}"
notify:
- Restart strongswan
- name: Include additional ipsec config
ansible.builtin.lineinfile:
dest: "{{ item.dest }}"
line: "{{ item.line }}"
create: true
with_items:
- dest: "{{ configs_prefix }}/ipsec.conf"
line: include ipsec.{{ IP_subject_alt_name }}.conf
- dest: "{{ configs_prefix }}/ipsec.secrets"
line: include ipsec.{{ IP_subject_alt_name }}.secrets
notify:
- Restart strongswan
- name: Configure libstrongswan to relax CA constraints
ansible.builtin.copy:
src: libstrongswan-relax-constraints.conf
dest: "{{ configs_prefix }}/strongswan.d/relax-ca-constraints.conf"
owner: root
group: root
mode: "0644"
- name: Setup the certificates and keys
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt
dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"
mode: "0644"
- src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem
dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
mode: "0644"
- src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key
dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"
mode: "0600"
notify:
- Restart strongswan
Reference in a new issue View git blame Copy permalink