mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-11 11:47:08 +02:00
8bdd99c05d
* bump ansible to 2.8.3 * DigitalOcean: move to the latest modules * Add Hetzner Cloud * Scaleway and Lightsail fixes * lint missing roles * Update roles/cloud-hetzner/tasks/main.yml Add api_token Co-Authored-By: phaer <phaer@phaer.org> * Update roles/cloud-hetzner/tasks/main.yml Add api_token Co-Authored-By: phaer <phaer@phaer.org> * Try to run apt until succeeded * Scaleway modules upgrade * GCP: Refactoring, remove deprecated modules * Doc updates (#1552) * Update README.md Adding links and mentions of Exoscale aka CloudStack and Hetzner Cloud. * Update index.md Add the Hetzner Cloud to the docs index * Remove link to Win 10 IPsec instructions * Delete client-windows.md Unnecessary since the deprecation of IPsec for Win10. * Update deploy-from-ansible.md Added sections and required variables for CloudStack and Hetzner Cloud. * Update deploy-from-ansible.md Added sections for CloudStack and Hetzner, added req variables and examples, mentioned environment variables, and added links to the provider role section. * Update deploy-from-ansible.md Cosmetic changes to links, fix typo. * Update GCE variables * Update deploy-from-script-or-cloud-init-to-localhost.md Fix a finer point, and make variables list more readable. * update azure requirements * Python3 draft * set LANG=c to the p12 password generation task * Update README * Install cloud requirements to the existing venv * FreeBSD fix * env->.env fixes * lightsail_region_facts fix * yaml syntax fix * Update README for Python 3 (#1564) * Update README for Python 3 * Remove tabs and tweak instructions * Remove cosmetic command indentation * Update README.md * Update README for Python 3 (#1565) * DO fix for "found unpermitted parameters: id" * Verify Python version * Remove ubuntu 16.04 from readme * Revert back DigitalOcean module * Update deploy-from-script-or-cloud-init-to-localhost.md * env to .env
55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
---
|
|
- name: Set OS specific facts
|
|
set_fact:
|
|
strongswan_additional_plugins: []
|
|
|
|
- name: Ubuntu | Install strongSwan
|
|
apt:
|
|
name: strongswan
|
|
state: present
|
|
update_cache: yes
|
|
install_recommends: yes
|
|
|
|
- block:
|
|
# https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1826238
|
|
- name: Ubuntu | Charon profile for apparmor configured
|
|
copy:
|
|
dest: /etc/apparmor.d/local/usr.lib.ipsec.charon
|
|
content: ' capability setpcap,'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart strongswan
|
|
|
|
- name: Ubuntu | Enforcing ipsec with apparmor
|
|
command: aa-enforce "{{ item }}"
|
|
changed_when: false
|
|
with_items:
|
|
- /usr/lib/ipsec/charon
|
|
- /usr/lib/ipsec/lookip
|
|
- /usr/lib/ipsec/stroke
|
|
tags: apparmor
|
|
when: apparmor_enabled|default(false)|bool
|
|
|
|
- name: Ubuntu | Enable services
|
|
service: name={{ item }} enabled=yes
|
|
with_items:
|
|
- apparmor
|
|
- strongswan
|
|
- netfilter-persistent
|
|
|
|
- name: Ubuntu | Ensure that the strongswan service directory exists
|
|
file:
|
|
path: /etc/systemd/system/strongswan.service.d/
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Ubuntu | Setup the cgroup limitations for the ipsec daemon
|
|
template:
|
|
src: 100-CustomLimitations.conf.j2
|
|
dest: /etc/systemd/system/strongswan.service.d/100-CustomLimitations.conf
|
|
notify:
|
|
- daemon-reload
|
|
- restart strongswan
|