mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-11 11:47:08 +02:00
8bdd99c05d
* bump ansible to 2.8.3 * DigitalOcean: move to the latest modules * Add Hetzner Cloud * Scaleway and Lightsail fixes * lint missing roles * Update roles/cloud-hetzner/tasks/main.yml Add api_token Co-Authored-By: phaer <phaer@phaer.org> * Update roles/cloud-hetzner/tasks/main.yml Add api_token Co-Authored-By: phaer <phaer@phaer.org> * Try to run apt until succeeded * Scaleway modules upgrade * GCP: Refactoring, remove deprecated modules * Doc updates (#1552) * Update README.md Adding links and mentions of Exoscale aka CloudStack and Hetzner Cloud. * Update index.md Add the Hetzner Cloud to the docs index * Remove link to Win 10 IPsec instructions * Delete client-windows.md Unnecessary since the deprecation of IPsec for Win10. * Update deploy-from-ansible.md Added sections and required variables for CloudStack and Hetzner Cloud. * Update deploy-from-ansible.md Added sections for CloudStack and Hetzner, added req variables and examples, mentioned environment variables, and added links to the provider role section. * Update deploy-from-ansible.md Cosmetic changes to links, fix typo. * Update GCE variables * Update deploy-from-script-or-cloud-init-to-localhost.md Fix a finer point, and make variables list more readable. * update azure requirements * Python3 draft * set LANG=c to the p12 password generation task * Update README * Install cloud requirements to the existing venv * FreeBSD fix * env->.env fixes * lightsail_region_facts fix * yaml syntax fix * Update README for Python 3 (#1564) * Update README for Python 3 * Remove tabs and tweak instructions * Remove cosmetic command indentation * Update README.md * Update README for Python 3 (#1565) * DO fix for "found unpermitted parameters: id" * Verify Python version * Remove ubuntu 16.04 from readme * Revert back DigitalOcean module * Update deploy-from-script-or-cloud-init-to-localhost.md * env to .env
142 lines
5.9 KiB
YAML
142 lines
5.9 KiB
YAML
---
|
|
- name: Ask user for the input
|
|
hosts: localhost
|
|
tags: always
|
|
vars:
|
|
defaults:
|
|
server_name: algo
|
|
ondemand_cellular: false
|
|
ondemand_wifi: false
|
|
dns_adblocking: false
|
|
ssh_tunneling: false
|
|
store_pki: false
|
|
providers_map:
|
|
- { name: DigitalOcean, alias: digitalocean }
|
|
- { name: Amazon Lightsail, alias: lightsail }
|
|
- { name: Amazon EC2, alias: ec2 }
|
|
- { name: Microsoft Azure, alias: azure }
|
|
- { name: Google Compute Engine, alias: gce }
|
|
- { name: Hetzner Cloud, alias: hetzner }
|
|
- { name: Vultr, alias: vultr }
|
|
- { name: Scaleway, alias: scaleway}
|
|
- { name: OpenStack (DreamCompute optimised), alias: openstack }
|
|
- { name: CloudStack (Exoscale optimised), alias: cloudstack }
|
|
- { name: Install to existing Ubuntu 18.04 or 19.04 server (Advanced), alias: local }
|
|
vars_files:
|
|
- config.cfg
|
|
|
|
tasks:
|
|
- block:
|
|
- name: Cloud prompt
|
|
pause:
|
|
prompt: |
|
|
What provider would you like to use?
|
|
{% for p in providers_map %}
|
|
{{ loop.index }}. {{ p['name'] }}
|
|
{% endfor %}
|
|
|
|
Enter the number of your desired provider
|
|
register: _algo_provider
|
|
when: provider is undefined
|
|
|
|
- name: Set facts based on the input
|
|
set_fact:
|
|
algo_provider: "{{ provider | default(providers_map[_algo_provider.user_input|default(omit)|int - 1]['alias']) }}"
|
|
|
|
- name: VPN server name prompt
|
|
pause:
|
|
prompt: |
|
|
Name the vpn server
|
|
[algo]
|
|
register: _algo_server_name
|
|
when:
|
|
- server_name is undefined
|
|
- algo_provider != "local"
|
|
- block:
|
|
- name: Cellular On Demand prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
|
|
[y/N]
|
|
register: _ondemand_cellular
|
|
when: ondemand_cellular is undefined
|
|
|
|
- name: Wi-Fi On Demand prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
|
|
[y/N]
|
|
register: _ondemand_wifi
|
|
when: ondemand_wifi is undefined
|
|
|
|
- name: Trusted Wi-Fi networks prompt
|
|
pause:
|
|
prompt: |
|
|
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
|
|
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
|
|
register: _ondemand_wifi_exclude
|
|
when:
|
|
- ondemand_wifi_exclude is undefined
|
|
- (ondemand_wifi|default(false)|bool) or
|
|
(booleans_map[_ondemand_wifi.user_input|default(omit)]|default(false))
|
|
|
|
- name: Retain the PKI prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
|
|
[y/N]
|
|
register: _store_pki
|
|
when: store_pki is undefined
|
|
when: ipsec_enabled
|
|
|
|
- name: DNS adblocking prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want to enable DNS ad blocking on this VPN server?
|
|
[y/N]
|
|
register: _dns_adblocking
|
|
when: dns_adblocking is undefined
|
|
|
|
- name: SSH tunneling prompt
|
|
pause:
|
|
prompt: |
|
|
Do you want each user to have their own account for SSH tunneling?
|
|
[y/N]
|
|
register: _ssh_tunneling
|
|
when: ssh_tunneling is undefined
|
|
|
|
- name: Set facts based on the input
|
|
set_fact:
|
|
algo_server_name: >-
|
|
{% if server_name is defined %}{% set _server = server_name %}
|
|
{%- elif _algo_server_name.user_input is defined and _algo_server_name.user_input|length > 0 -%}
|
|
{%- set _server = _algo_server_name.user_input -%}
|
|
{%- else %}{% set _server = defaults['server_name'] %}{% endif -%}
|
|
{{ _server | regex_replace('(?!\.)(\W|_)', '-') }}
|
|
algo_ondemand_cellular: >-
|
|
{% if ondemand_cellular is defined %}{{ ondemand_cellular | bool }}
|
|
{%- elif _ondemand_cellular.user_input is defined %}{{ booleans_map[_ondemand_cellular.user_input] | default(defaults['ondemand_cellular']) }}
|
|
{%- else %}false{% endif %}
|
|
algo_ondemand_wifi: >-
|
|
{% if ondemand_wifi is defined %}{{ ondemand_wifi | bool }}
|
|
{%- elif _ondemand_wifi.user_input is defined %}{{ booleans_map[_ondemand_wifi.user_input] | default(defaults['ondemand_wifi']) }}
|
|
{%- else %}false{% endif %}
|
|
algo_ondemand_wifi_exclude: >-
|
|
{% if ondemand_wifi_exclude is defined %}{{ ondemand_wifi_exclude | b64encode }}
|
|
{%- elif _ondemand_wifi_exclude.user_input is defined and _ondemand_wifi_exclude.user_input|length > 0 -%}
|
|
{{ _ondemand_wifi_exclude.user_input | b64encode }}
|
|
{%- else %}{{ '_null' | b64encode }}{% endif %}
|
|
algo_dns_adblocking: >-
|
|
{% if dns_adblocking is defined %}{{ dns_adblocking | bool }}
|
|
{%- elif _dns_adblocking.user_input is defined %}{{ booleans_map[_dns_adblocking.user_input] | default(defaults['dns_adblocking']) }}
|
|
{%- else %}false{% endif %}
|
|
algo_ssh_tunneling: >-
|
|
{% if ssh_tunneling is defined %}{{ ssh_tunneling | bool }}
|
|
{%- elif _ssh_tunneling.user_input is defined %}{{ booleans_map[_ssh_tunneling.user_input] | default(defaults['ssh_tunneling']) }}
|
|
{%- else %}false{% endif %}
|
|
algo_store_pki: >-
|
|
{% if ipsec_enabled %}{%- if store_pki is defined %}{{ store_pki | bool }}
|
|
{%- elif _store_pki.user_input is defined %}{{ booleans_map[_store_pki.user_input] | default(defaults['store_pki']) }}
|
|
{%- else %}false{% endif %}{% endif %}
|
|
rescue:
|
|
- include_tasks: playbooks/rescue.yml
|