mirror of
https://github.com/trailofbits/algo.git
synced 2025-10-04 09:35:11 +02:00
72900d3cc7
* Fix Ansible 12.0.0 boolean type checking issue
Ansible 12.0.0 enforces strict type checking for conditionals and no longer
automatically converts string values "true"/"false" to booleans. This was
causing deployment failures after the recent Ansible version bump.
Changes:
- Fix ipv6_support to use 'is defined' which returns boolean instead of string
- Fix algo_* variables in input.yml to use {{ false }} instead of string "false"
- Add comprehensive tests to prevent regression
- Add mutation testing to verify tests catch the issue
The fix uses native boolean expressions instead of string literals, ensuring
compatibility with Ansible 12's strict type checking while maintaining backward
compatibility.
Fixes #14833
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix Python linting issues in test files
- Fix import sorting and remove unused imports
- Remove trailing whitespace and blank lines with whitespace
- Use underscore prefix for unused loop variables
- Remove unnecessary file open mode arguments
- Add newlines at end of files
- Remove unused variable assignments
All ruff checks now pass.
---------
Co-authored-by: Claude <noreply@anthropic.com>
143 lines
6.1 KiB
YAML
143 lines
6.1 KiB
YAML
---
|
|
- name: Ask user for the input
|
|
hosts: localhost
|
|
tags: always
|
|
vars:
|
|
defaults:
|
|
server_name: algo
|
|
ondemand_cellular: false
|
|
ondemand_wifi: false
|
|
dns_adblocking: false
|
|
ssh_tunneling: false
|
|
store_pki: false
|
|
providers_map:
|
|
- { name: DigitalOcean, alias: digitalocean }
|
|
- { name: Amazon Lightsail, alias: lightsail }
|
|
- { name: Amazon EC2, alias: ec2 }
|
|
- { name: Microsoft Azure, alias: azure }
|
|
- { name: Google Compute Engine, alias: gce }
|
|
- { name: Hetzner Cloud, alias: hetzner }
|
|
- { name: Vultr, alias: vultr }
|
|
- { name: Scaleway, alias: scaleway }
|
|
- { name: OpenStack (DreamCompute optimised), alias: openstack }
|
|
- { name: CloudStack (Exoscale optimised), alias: cloudstack }
|
|
- { name: Linode, alias: linode }
|
|
- { name: Install to existing Ubuntu latest LTS server (for more advanced users), alias: local }
|
|
vars_files:
|
|
- config.cfg
|
|
|
|
tasks:
|
|
- block:
|
|
- name: Cloud prompt
|
|
pause:
|
|
prompt: |
|
|
What provider would you like to use?
|
|
{% for p in providers_map %}
|
|
{{ loop.index }}. {{ p['name'] }}
|
|
{% endfor %}
|
|
|
|
Enter the number of your desired provider
|
|
register: _algo_provider
|
|
when: provider is undefined
|
|
|
|
- name: Set facts based on the input
|
|
set_fact:
|
|
algo_provider: "{{ provider | default(providers_map[_algo_provider.user_input | default(omit) | int - 1]['alias']) }}"
|
|
|
|
- name: VPN server name prompt
|
|
pause:
|
|
prompt: |
|
|
Name the vpn server
|
|
[algo]
|
|
register: _algo_server_name
|
|
when:
|
|
- server_name is undefined
|
|
- algo_provider != "local"
|
|
|
|
- name: Cellular On Demand prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
|
|
[y/N]
|
|
register: _ondemand_cellular
|
|
when: ondemand_cellular is undefined
|
|
|
|
- name: Wi-Fi On Demand prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
|
|
[y/N]
|
|
register: _ondemand_wifi
|
|
when: ondemand_wifi is undefined
|
|
|
|
- name: Trusted Wi-Fi networks prompt
|
|
pause:
|
|
prompt: |
|
|
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
|
|
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
|
|
register: _ondemand_wifi_exclude
|
|
when:
|
|
- ondemand_wifi_exclude is undefined
|
|
- (ondemand_wifi|default(false)|bool) or (booleans_map[_ondemand_wifi.user_input|default(omit)]|default(false))
|
|
|
|
- name: Retain the PKI prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
|
|
[y/N]
|
|
register: _store_pki
|
|
when:
|
|
- store_pki is undefined
|
|
- ipsec_enabled
|
|
|
|
- name: DNS adblocking prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want to enable DNS ad blocking on this VPN server?
|
|
[y/N]
|
|
register: _dns_adblocking
|
|
when: dns_adblocking is undefined
|
|
|
|
- name: SSH tunneling prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want each user to have their own account for SSH tunneling?
|
|
[y/N]
|
|
register: _ssh_tunneling
|
|
when: ssh_tunneling is undefined
|
|
|
|
- name: Set facts based on the input
|
|
set_fact:
|
|
algo_server_name: >-
|
|
{% if server_name is defined %}{% set _server = server_name %}
|
|
{%- elif _algo_server_name.user_input is defined and _algo_server_name.user_input | length > 0 -%}
|
|
{%- set _server = _algo_server_name.user_input -%}
|
|
{%- else %}{% set _server = defaults['server_name'] %}{% endif -%}
|
|
{{ _server | regex_replace('(?!\.)(\W | _)', '-') }}
|
|
algo_ondemand_cellular: >-
|
|
{% if ondemand_cellular is defined %}{{ ondemand_cellular | bool }}
|
|
{%- elif _ondemand_cellular.user_input is defined %}{{ booleans_map[_ondemand_cellular.user_input] | default(defaults['ondemand_cellular']) }}
|
|
{%- else %}{{ false }}{% endif %}
|
|
algo_ondemand_wifi: >-
|
|
{% if ondemand_wifi is defined %}{{ ondemand_wifi | bool }}
|
|
{%- elif _ondemand_wifi.user_input is defined %}{{ booleans_map[_ondemand_wifi.user_input] | default(defaults['ondemand_wifi']) }}
|
|
{%- else %}{{ false }}{% endif %}
|
|
algo_ondemand_wifi_exclude: >-
|
|
{% if ondemand_wifi_exclude is defined %}{{ ondemand_wifi_exclude | b64encode }}
|
|
{%- elif _ondemand_wifi_exclude.user_input is defined and _ondemand_wifi_exclude.user_input | length > 0 -%}
|
|
{{ _ondemand_wifi_exclude.user_input | b64encode }}
|
|
{%- else %}{{ '_null' | b64encode }}{% endif %}
|
|
algo_dns_adblocking: >-
|
|
{% if dns_adblocking is defined %}{{ dns_adblocking | bool }}
|
|
{%- elif _dns_adblocking.user_input is defined %}{{ booleans_map[_dns_adblocking.user_input] | default(defaults['dns_adblocking']) }}
|
|
{%- else %}{{ false }}{% endif %}
|
|
algo_ssh_tunneling: >-
|
|
{% if ssh_tunneling is defined %}{{ ssh_tunneling | bool }}
|
|
{%- elif _ssh_tunneling.user_input is defined %}{{ booleans_map[_ssh_tunneling.user_input] | default(defaults['ssh_tunneling']) }}
|
|
{%- else %}{{ false }}{% endif %}
|
|
algo_store_pki: >-
|
|
{% if ipsec_enabled %}{%- if store_pki is defined %}{{ store_pki | bool }}
|
|
{%- elif _store_pki.user_input is defined %}{{ booleans_map[_store_pki.user_input] | default(defaults['store_pki']) }}
|
|
{%- else %}{{ false }}{% endif %}{% endif %}
|
|
rescue:
|
|
- include_tasks: playbooks/rescue.yml
|