mirror of
https://github.com/trailofbits/algo.git
synced 2025-07-24 22:43:07 +02:00
6facb6cb4f
* FreeBSD draft ifconfig fix Pre-tasks fixes fix hardcoded IP some refactoring disable system-based tags disable freebsd tags FreeBSD vpn role add defaults ssh role freebsd default fix dns_adblocking freebsd ubuntu dict fix * HardenedBSD update-users BSD * Rebuild the kernel docs changing
47 lines
1.2 KiB
YAML
47 lines
1.2 KiB
YAML
- name: Gather Facts
|
|
setup:
|
|
|
|
- name: Enable IPv6
|
|
set_fact:
|
|
ipv6_support: true
|
|
when: ansible_default_ipv6.gateway is defined
|
|
|
|
- name: Generate password for the CA key
|
|
shell: >
|
|
openssl rand -hex 6
|
|
register: CA_password
|
|
|
|
- set_fact:
|
|
easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"
|
|
easyrsa_CA_password: "{{ CA_password.stdout }}"
|
|
IP_subject_alt_name: "{{ IP_subject_alt_name }}"
|
|
|
|
- name: Change the algorithm to RSA
|
|
set_fact:
|
|
algo_params: "rsa:2048"
|
|
when: Win10_Enabled is defined and Win10_Enabled == "Y"
|
|
|
|
- name: Ensure that the strongswan group exist
|
|
group: name=strongswan state=present
|
|
|
|
- name: Ensure that the strongswan user exist
|
|
user: name=strongswan group=strongswan state=present
|
|
|
|
- include: ubuntu.yml
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
|
|
- include: freebsd.yml
|
|
when: ansible_distribution == 'FreeBSD'
|
|
|
|
- name: Install StrongSwan
|
|
package: name=strongswan state=present
|
|
|
|
- include: ipec_configuration.yml
|
|
- include: openssl.yml
|
|
- include: distribute_keys.yml
|
|
- include: client_configs.yml
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: StrongSwan started
|
|
service: name=strongswan state=started
|