mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-22 17:17:14 +02:00
655 lines
20 KiB
Bash
Executable file
655 lines
20 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
if [ -z ${VIRTUAL_ENV+x} ]
|
|
then
|
|
ACTIVATE_SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/env/bin/activate"
|
|
if [ -f "$ACTIVATE_SCRIPT" ]
|
|
then
|
|
source $ACTIVATE_SCRIPT
|
|
else
|
|
echo "$ACTIVATE_SCRIPT not found. Did you follow documentation to install dependencies?"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
SKIP_TAGS="_null encrypted"
|
|
ADDITIONAL_PROMPT="[pasted values will not be displayed]"
|
|
|
|
additional_roles () {
|
|
|
|
read -p "
|
|
Do you want macOS/iOS clients to enable \"VPN On Demand\" when connected to cellular networks?
|
|
[y/N]: " -r OnDemandEnabled_Cellular
|
|
OnDemandEnabled_Cellular=${OnDemandEnabled_Cellular:-n}
|
|
if [[ "$OnDemandEnabled_Cellular" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" OnDemandEnabled_Cellular=Y"; fi
|
|
|
|
read -p "
|
|
Do you want macOS/iOS clients to enable \"VPN On Demand\" when connected to Wi-Fi?
|
|
[y/N]: " -r OnDemandEnabled_WIFI
|
|
OnDemandEnabled_WIFI=${OnDemandEnabled_WIFI:-n}
|
|
if [[ "$OnDemandEnabled_WIFI" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" OnDemandEnabled_WIFI=Y"; fi
|
|
|
|
if [[ "$OnDemandEnabled_WIFI" =~ ^(y|Y)$ ]]; then
|
|
read -p "
|
|
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
|
|
: " -r OnDemandEnabled_WIFI_EXCLUDE
|
|
OnDemandEnabled_WIFI_EXCLUDE=${OnDemandEnabled_WIFI_EXCLUDE:-_null}
|
|
EXTRA_VARS+=" OnDemandEnabled_WIFI_EXCLUDE=\"$OnDemandEnabled_WIFI_EXCLUDE\""
|
|
fi
|
|
|
|
read -p "
|
|
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
|
|
[y/N]: " -r dns_enabled
|
|
dns_enabled=${dns_enabled:-n}
|
|
if [[ "$dns_enabled" =~ ^(y|Y)$ ]]; then ROLES+=" dns"; EXTRA_VARS+=" local_dns=true"; fi
|
|
|
|
read -p "
|
|
Do you want each user to have their own account for SSH tunneling?
|
|
[y/N]: " -r ssh_tunneling_enabled
|
|
ssh_tunneling_enabled=${ssh_tunneling_enabled:-n}
|
|
if [[ "$ssh_tunneling_enabled" =~ ^(y|Y)$ ]]; then ROLES+=" ssh_tunneling"; fi
|
|
|
|
read -p "
|
|
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
|
|
[y/N]: " -r Win10_Enabled
|
|
Win10_Enabled=${Win10_Enabled:-n}
|
|
if [[ "$Win10_Enabled" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" Win10_Enabled=Y"; fi
|
|
|
|
read -p "
|
|
Do you want to retain the CA key? (required to add users in the future, but less secure)
|
|
[y/N]: " -r Store_CAKEY
|
|
Store_CAKEY=${Store_CAKEY:-N}
|
|
if [[ "$Store_CAKEY" =~ ^(n|N)$ ]]; then EXTRA_VARS+=" Store_CAKEY=N"; fi
|
|
|
|
}
|
|
|
|
deploy () {
|
|
|
|
ansible-playbook deploy.yml -t "${ROLES// /,}" -e "${EXTRA_VARS}" --skip-tags "${SKIP_TAGS// /,}"
|
|
|
|
}
|
|
|
|
azure () {
|
|
read -p "
|
|
Enter your azure secret id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
|
|
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
|
|
$ADDITIONAL_PROMPT
|
|
[...]: " -rs azure_secret
|
|
|
|
read -p "
|
|
|
|
Enter your azure tenant id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
|
|
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
|
|
$ADDITIONAL_PROMPT
|
|
[...]: " -rs azure_tenant
|
|
|
|
read -p "
|
|
|
|
Enter your azure client id (application id) (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
|
|
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
|
|
$ADDITIONAL_PROMPT
|
|
[...]: " -rs azure_client_id
|
|
|
|
read -p "
|
|
|
|
Enter your azure subscription id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
|
|
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
|
|
$ADDITIONAL_PROMPT
|
|
[...]: " -rs azure_subscription_id
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo]: " -r azure_server_name
|
|
azure_server_name=${azure_server_name:-algo}
|
|
|
|
read -p "
|
|
|
|
What region should the server be located in? (https://azure.microsoft.com/en-us/regions/)
|
|
1. East US (Virginia)
|
|
2. East US 2 (Virginia)
|
|
3. Central US (Iowa)
|
|
4. North Central US (Illinois)
|
|
5. South Central US (Texas)
|
|
6. West Central US (Wyoming)
|
|
7. West US (California)
|
|
8. West US 2 (Washington)
|
|
9. Canada East (Quebec City)
|
|
10. Canada Central (Toronto)
|
|
11. Brazil South (Sao Paulo State)
|
|
12. North Europe (Ireland)
|
|
13. West Europe (Netherlands)
|
|
14. France Central (Paris)
|
|
15. France South (Marseille)
|
|
16. UK West (Cardiff)
|
|
17. UK South (London)
|
|
18. Germany Central (Frankfurt)
|
|
19. Germany Northeast (Magdeburg)
|
|
20. Southeast Asia (Singapore)
|
|
21. East Asia (Hong Kong)
|
|
22. Australia East (New South Wales)
|
|
23. Australia Southeast (Victoria)
|
|
24. Australia Central (Canberra)
|
|
25. Australia Central 2 (Canberra)
|
|
26. Central India (Pune)
|
|
27. West India (Mumbai)
|
|
28. South India (Chennai)
|
|
29. Japan East (Tokyo, Saitama)
|
|
30. Japan West (Osaka)
|
|
31. Korea Central (Seoul)
|
|
32. Korea South (Busan)
|
|
|
|
Enter the number of your desired region:
|
|
[1]: " -r azure_region
|
|
azure_region=${azure_region:-1}
|
|
|
|
case "$azure_region" in
|
|
1) region="eastus" ;;
|
|
2) region="eastus2" ;;
|
|
3) region="centralus" ;;
|
|
4) region="northcentralus" ;;
|
|
5) region="southcentralus" ;;
|
|
6) region="westcentralus" ;;
|
|
7) region="westus" ;;
|
|
8) region="westus2" ;;
|
|
9) region="canadaeast" ;;
|
|
10) region="canadacentral" ;;
|
|
11) region="brazilsouth" ;;
|
|
12) region="northeurope" ;;
|
|
13) region="westeurope" ;;
|
|
14) region="francecentral" ;;
|
|
15) region="francesouth" ;;
|
|
16) region="ukwest" ;;
|
|
17) region="uksouth" ;;
|
|
18) region="germanycentral" ;;
|
|
19) region="germanynortheast" ;;
|
|
20) region="southeastasia" ;;
|
|
21) region="eastasia" ;;
|
|
22) region="australiaeast" ;;
|
|
23) region="australiasoutheast" ;;
|
|
24) region="australiacentral" ;;
|
|
25) region="australiacentral2" ;;
|
|
26) region="centralindia" ;;
|
|
27) region="westindia" ;;
|
|
28) region="southindia" ;;
|
|
29) region="japaneast" ;;
|
|
30) region="japanwest" ;;
|
|
31) region="koreacentral" ;;
|
|
32) region="koreasouth" ;;
|
|
esac
|
|
|
|
ROLES="azure vpn cloud"
|
|
EXTRA_VARS="azure_secret=$azure_secret azure_tenant=$azure_tenant azure_client_id=$azure_client_id azure_subscription_id=$azure_subscription_id azure_server_name=$azure_server_name ssh_public_key=$ssh_public_key region=$region"
|
|
}
|
|
|
|
digitalocean () {
|
|
read -p "
|
|
Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens):
|
|
$ADDITIONAL_PROMPT
|
|
: " -rs do_access_token
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo.local]: " -r do_server_name
|
|
do_server_name=${do_server_name:-algo.local}
|
|
|
|
read -p "
|
|
|
|
What region should the server be located in?
|
|
1. Amsterdam (Datacenter 2)
|
|
2. Amsterdam (Datacenter 3)
|
|
3. Frankfurt
|
|
4. London
|
|
5. New York (Datacenter 1)
|
|
6. New York (Datacenter 2)
|
|
7. New York (Datacenter 3)
|
|
8. San Francisco (Datacenter 1)
|
|
9. San Francisco (Datacenter 2)
|
|
10. Singapore
|
|
11. Toronto
|
|
12. Bangalore
|
|
|
|
Enter the number of your desired region:
|
|
[7]: " -r region
|
|
region=${region:-7}
|
|
|
|
case "$region" in
|
|
1) do_region="ams2" ;;
|
|
2) do_region="ams3" ;;
|
|
3) do_region="fra1" ;;
|
|
4) do_region="lon1" ;;
|
|
5) do_region="nyc1" ;;
|
|
6) do_region="nyc2" ;;
|
|
7) do_region="nyc3" ;;
|
|
8) do_region="sfo1" ;;
|
|
9) do_region="sfo2" ;;
|
|
10) do_region="sgp1" ;;
|
|
11) do_region="tor1" ;;
|
|
12) do_region="blr1" ;;
|
|
esac
|
|
|
|
ROLES="digitalocean vpn cloud"
|
|
EXTRA_VARS="do_access_token=$do_access_token do_server_name=$do_server_name do_region=$do_region"
|
|
}
|
|
|
|
ec2 () {
|
|
read -p "
|
|
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
|
|
Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md).
|
|
$ADDITIONAL_PROMPT
|
|
[AKIA...]: " -rs aws_access_key
|
|
|
|
read -p "
|
|
|
|
Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
|
|
$ADDITIONAL_PROMPT
|
|
[ABCD...]: " -rs aws_secret_key
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo]: " -r aws_server_name
|
|
aws_server_name=${aws_server_name:-algo}
|
|
|
|
read -p "
|
|
|
|
What region should the server be located in?
|
|
1. us-east-1 US East (N. Virginia)
|
|
2. us-east-2 US East (Ohio)
|
|
3. us-west-1 US West (N. California)
|
|
4. us-west-2 US West (Oregon)
|
|
5. ca-central-1 Canada (Central)
|
|
6. eu-central-1 EU (Frankfurt)
|
|
7. eu-west-1 EU (Ireland)
|
|
8. eu-west-2 EU (London)
|
|
9. eu-west-3 EU (Paris)
|
|
10. ap-northeast-1 Asia Pacific (Tokyo)
|
|
11. ap-northeast-2 Asia Pacific (Seoul)
|
|
12. ap-northeast-3 Asia Pacific (Osaka-Local)
|
|
13. ap-southeast-1 Asia Pacific (Singapore)
|
|
14. ap-southeast-2 Asia Pacific (Sydney)
|
|
15. ap-south-1 Asia Pacific (Mumbai)
|
|
16. sa-east-1 South America (São Paulo)
|
|
|
|
Enter the number of your desired region:
|
|
[1]: " -r aws_region
|
|
aws_region=${aws_region:-1}
|
|
|
|
case "$aws_region" in
|
|
1) region="us-east-1" ;;
|
|
2) region="us-east-2" ;;
|
|
3) region="us-west-1" ;;
|
|
4) region="us-west-2" ;;
|
|
5) region="ca-central-1" ;;
|
|
6) region="eu-central-1" ;;
|
|
7) region="eu-west-1" ;;
|
|
8) region="eu-west-2" ;;
|
|
9) region="eu-west-3" ;;
|
|
10) region="ap-northeast-1" ;;
|
|
11) region="ap-northeast-2" ;;
|
|
12) region="ap-northeast-3";;
|
|
13) region="ap-southeast-1" ;;
|
|
14) region="ap-southeast-2" ;;
|
|
15) region="ap-south-1" ;;
|
|
16) region="sa-east-1" ;;
|
|
esac
|
|
|
|
ROLES="ec2 vpn cloud"
|
|
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_server_name=$aws_server_name region=$region"
|
|
}
|
|
|
|
lightsail () {
|
|
read -p "
|
|
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
|
|
Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md).
|
|
$ADDITIONAL_PROMPT
|
|
[AKIA...]: " -rs aws_access_key
|
|
|
|
read -p "
|
|
|
|
Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
|
|
$ADDITIONAL_PROMPT
|
|
[ABCD...]: " -rs aws_secret_key
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo.local]: " -r algo_server_name
|
|
algo_server_name=${algo_server_name:-algo.local}
|
|
|
|
read -p "
|
|
|
|
What region should the server be located in?
|
|
1. us-east-1 US East (N. Virginia)
|
|
2. us-east-2 US East (Ohio)
|
|
3. us-west-1 US West (N. California)
|
|
4. us-west-2 US West (Oregon)
|
|
5. ap-south-1 Asia Pacific (Mumbai)
|
|
6. ap-northeast-2 Asia Pacific (Seoul)
|
|
7. ap-southeast-1 Asia Pacific (Singapore)
|
|
8. ap-southeast-2 Asia Pacific (Sydney)
|
|
9. ap-northeast-1 Asia Pacific (Tokyo)
|
|
10. eu-central-1 EU (Frankfurt)
|
|
11. eu-west-1 EU (Ireland)
|
|
12. eu-west-2 EU (London)
|
|
|
|
Enter the number of your desired region:
|
|
[1]: " -r algo_region
|
|
algo_region=${algo_region:-1}
|
|
|
|
case "$algo_region" in
|
|
1) region="us-east-1" ;;
|
|
2) region="us-east-2" ;;
|
|
3) region="us-west-1" ;;
|
|
4) region="us-west-2" ;;
|
|
5) region="ap-south-1" ;;
|
|
6) region="ap-northeast-2" ;;
|
|
7) region="ap-southeast-1" ;;
|
|
8) region="ap-southeast-2" ;;
|
|
9) region="ap-northeast-1" ;;
|
|
10) region="eu-central-1" ;;
|
|
11) region="eu-west-1" ;;
|
|
12) region="eu-west-2";;
|
|
esac
|
|
|
|
ROLES="lightsail vpn cloud"
|
|
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key algo_server_name=$algo_server_name region=$region"
|
|
}
|
|
|
|
scaleway () {
|
|
read -p "
|
|
Enter your auth token (https://www.scaleway.com/docs/generate-an-api-token/)
|
|
$ADDITIONAL_PROMPT
|
|
[...]: " -rs scaleway_auth_token
|
|
|
|
read -p "
|
|
|
|
Enter your organization name (https://cloud.scaleway.com/#/billing)
|
|
$ADDITIONAL_PROMPT
|
|
[...]: " -rs scaleway_organization
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo.local]: " -r algo_server_name
|
|
algo_server_name=${algo_server_name:-algo.local}
|
|
|
|
read -p "
|
|
|
|
What region should the server be located in?
|
|
1. par1 Paris
|
|
2. ams1 Amsterdam
|
|
Enter the number of your desired region:
|
|
[1]: " -r algo_region
|
|
algo_region=${algo_region:-1}
|
|
|
|
case "$algo_region" in
|
|
1) region="par1" ;;
|
|
2) region="ams1" ;;
|
|
esac
|
|
|
|
ROLES="scaleway vpn cloud"
|
|
EXTRA_VARS="scaleway_auth_token=$scaleway_auth_token scaleway_organization=\"$scaleway_organization\" algo_server_name=$algo_server_name algo_region=$region"
|
|
}
|
|
|
|
openstack () {
|
|
read -p "
|
|
Enter the local path to your credentials OpenStack RC file (Can be downloaded from the OpenStack dashboard->Compute->API Access)
|
|
[...]: " -r os_rc
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo.local]: " -r algo_server_name
|
|
algo_server_name=${algo_server_name:-algo.local}
|
|
|
|
ROLES="openstack vpn cloud"
|
|
EXTRA_VARS="algo_server_name=$algo_server_name"
|
|
source $os_rc
|
|
}
|
|
|
|
gce () {
|
|
read -p "
|
|
Enter the local path to your credentials JSON file (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):
|
|
: " -r credentials_file
|
|
|
|
read -p "
|
|
|
|
Name the vpn server:
|
|
[algo]: " -r server_name
|
|
server_name=${server_name:-algo}
|
|
|
|
read -p "
|
|
|
|
What zone should the server be located in?
|
|
1. Eastern Canada (Montreal A)
|
|
2. Eastern Canada (Montreal B)
|
|
3. Eastern Canada (Montreal C)
|
|
4. Central US (Iowa A)
|
|
5. Central US (Iowa B)
|
|
6. Central US (Iowa C)
|
|
7. Central US (Iowa F)
|
|
8. Western US (Oregon A)
|
|
9. Western US (Oregon B)
|
|
10. Western US (Oregon C)
|
|
11. Eastern US (Northern Virginia A)
|
|
12. Eastern US (Northern Virginia B)
|
|
13. Eastern US (Northern Virginia C)
|
|
14. Eastern US (South Carolina B)
|
|
15. Eastern US (South Carolina C)
|
|
16. Eastern US (South Carolina D)
|
|
17. South America East (São Paulo A)
|
|
18. South America East (São Paulo B)
|
|
19. South America East (São Paulo C)
|
|
20. Northern Europe (Hamina A)
|
|
21. Northern Europe (Hamina B)
|
|
22. Northern Europe (Hamina C)
|
|
23. Western Europe (Belgium B)
|
|
24. Western Europe (Belgium C)
|
|
25. Western Europe (Belgium D)
|
|
26. Western Europe (London A)
|
|
27. Western Europe (London B)
|
|
28. Western Europe (London C)
|
|
29. Western Europe (Frankfurt A)
|
|
30. Western Europe (Frankfurt B)
|
|
31. Western Europe (Frankfurt C)
|
|
32. Western Europe (Netherlands A)
|
|
33. Western Europe (Netherlands B)
|
|
34. Western Europe (Netherlands C)
|
|
35. South Asia (Mumbai A)
|
|
36. South Asia (Mumbai B)
|
|
37. South Asia (Mumbai C)
|
|
38. Southeast Asia (Singapore A)
|
|
39. Southeast Asia (Singapore B)
|
|
40. Southeast Asia (Singapore C)
|
|
41. East Asia (Taiwan A)
|
|
42. East Asia (Taiwan B)
|
|
43. East Asia (Taiwan C)
|
|
44. Northeast Asia (Tokyo A)
|
|
45. Northeast Asia (Tokyo B)
|
|
46. Northeast Asia (Tokyo C)
|
|
47. Australia (Sydney A)
|
|
48. Australia (Sydney B)
|
|
49. Australia (Sydney C)
|
|
|
|
Please choose the number of your zone. Press enter for default (#20) zone.
|
|
[20]: " -r region
|
|
region=${region:-20}
|
|
|
|
case "$region" in
|
|
1) zone="northamerica-northeast1-a" ;;
|
|
2) zone="northamerica-northeast1-b" ;;
|
|
3) zone="northamerica-northeast1-c" ;;
|
|
4) zone="us-central1-a" ;;
|
|
5) zone="us-central1-b" ;;
|
|
6) zone="us-central1-c" ;;
|
|
7) zone="us-central1-f" ;;
|
|
8) zone="us-west1-a" ;;
|
|
9) zone="us-west1-b" ;;
|
|
10) zone="us-west1-c" ;;
|
|
11) zone="us-east4-a" ;;
|
|
12) zone="us-east4-b" ;;
|
|
13) zone="us-east4-c" ;;
|
|
14) zone="us-east1-b" ;;
|
|
15) zone="us-east1-c" ;;
|
|
16) zone="us-east1-d" ;;
|
|
17) zone="southamerica-east1-a" ;;
|
|
18) zone="southamerica-east1-b" ;;
|
|
19) zone="southamerica-east1-c" ;;
|
|
20) zone="europe-north1-a" ;;
|
|
21) zone="europe-north1-b" ;;
|
|
22) zone="europe-north1-c" ;;
|
|
23) zone="europe-west1-b" ;;
|
|
24) zone="europe-west1-c" ;;
|
|
25) zone="europe-west1-d" ;;
|
|
26) zone="europe-west2-a" ;;
|
|
27) zone="europe-west2-b" ;;
|
|
28) zone="europe-west2-c" ;;
|
|
29) zone="europe-west3-a" ;;
|
|
30) zone="europe-west3-b" ;;
|
|
31) zone="europe-west3-c" ;;
|
|
32) zone="europe-west4-a" ;;
|
|
33) zone="europe-west4-b" ;;
|
|
34) zone="europe-west4-c" ;;
|
|
35) zone="asia-south1-a" ;;
|
|
36) zone="asia-south1-b" ;;
|
|
37) zone="asia-south1-c" ;;
|
|
38) zone="asia-southeast1-a" ;;
|
|
39) zone="asia-southeast1-b" ;;
|
|
40) zone="asia-southeast1-c" ;;
|
|
41) zone="asia-east1-a" ;;
|
|
42) zone="asia-east1-b" ;;
|
|
43) zone="asia-east1-c" ;;
|
|
44) zone="asia-northeast1-a" ;;
|
|
45) zone="asia-northeast1-b" ;;
|
|
46) zone="asia-northeast1-c" ;;
|
|
47) zone="australia-southeast1-a" ;;
|
|
48) zone="australia-southeast1-b" ;;
|
|
49) zone="australia-southeast1-c" ;;
|
|
esac
|
|
|
|
ROLES="gce vpn cloud"
|
|
EXTRA_VARS="credentials_file=$credentials_file gce_server_name=$server_name ssh_public_key=$ssh_public_key zone=$zone max_mss=1316"
|
|
}
|
|
|
|
non_cloud () {
|
|
read -p "
|
|
Enter the IP address of your server: (or use localhost for local installation)
|
|
[localhost]: " -r server_ip
|
|
server_ip=${server_ip:-localhost}
|
|
|
|
read -p "
|
|
|
|
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
|
|
[root]: " -r server_user
|
|
server_user=${server_user:-root}
|
|
|
|
if [ "x${server_ip}" = "xlocalhost" ]; then
|
|
myip=""
|
|
else
|
|
myip=${server_ip}
|
|
fi
|
|
|
|
read -p "
|
|
|
|
Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
|
|
[$myip]: " -r IP_subject
|
|
IP_subject=${IP_subject:-$myip}
|
|
|
|
if [ "x${IP_subject}" = "x" ]; then
|
|
echo "no server IP given. exiting."
|
|
exit 1
|
|
fi
|
|
|
|
ROLES="local vpn"
|
|
EXTRA_VARS="server_ip=$server_ip server_user=$server_user IP_subject_alt_name=$IP_subject"
|
|
SKIP_TAGS+=" cloud update-alternatives"
|
|
|
|
read -p "
|
|
|
|
Was this server deployed by Algo previously?
|
|
[y/N]: " -r Deployed_By_Algo
|
|
Deployed_By_Algo=${Deployed_By_Algo:-n}
|
|
if [[ "$Deployed_By_Algo" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" Deployed_By_Algo=Y"; fi
|
|
|
|
}
|
|
|
|
algo_provisioning () {
|
|
echo -n "
|
|
What provider would you like to use?
|
|
1. DigitalOcean
|
|
2. Amazon EC2
|
|
3. Microsoft Azure
|
|
4. Google Compute Engine
|
|
5. Scaleway
|
|
6. OpenStack (DreamCompute optimised)
|
|
7. Install to existing Ubuntu 16.04 server (Advanced)
|
|
|
|
Enter the number of your desired provider
|
|
: "
|
|
|
|
read -r N
|
|
|
|
case "$N" in
|
|
1) digitalocean; ;;
|
|
2) ec2; ;;
|
|
3) azure; ;;
|
|
4) gce; ;;
|
|
5) scaleway; ;;
|
|
6) openstack; ;;
|
|
7) non_cloud; ;;
|
|
*) exit 1 ;;
|
|
esac
|
|
|
|
additional_roles
|
|
deploy
|
|
}
|
|
|
|
user_management () {
|
|
|
|
read -p "
|
|
Enter the IP address of your server: (or use localhost for local installation)
|
|
: " -r server_ip
|
|
|
|
read -p "
|
|
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
|
|
[root]: " -r server_user
|
|
server_user=${server_user:-root}
|
|
|
|
read -p "
|
|
Do you want each user to have their own account for SSH tunneling?
|
|
[y/N]: " -r ssh_tunneling_enabled
|
|
ssh_tunneling_enabled=${ssh_tunneling_enabled:-n}
|
|
|
|
if [ "x${server_ip}" = "xlocalhost" ]; then
|
|
myip=""
|
|
else
|
|
myip=${server_ip}
|
|
fi
|
|
|
|
read -p "
|
|
|
|
Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
|
|
[$myip]: " -r IP_subject
|
|
IP_subject=${IP_subject:-$myip}
|
|
|
|
if [ "x${IP_subject}" = "x" ]; then
|
|
echo "no server IP given. exiting."
|
|
exit 1
|
|
fi
|
|
|
|
read -p "
|
|
Enter the password for the private CA key:
|
|
$ADDITIONAL_PROMPT
|
|
: " -rs easyrsa_CA_password
|
|
|
|
ansible-playbook users.yml -e "server_ip=$server_ip server_user=$server_user ssh_tunneling_enabled=$ssh_tunneling_enabled IP_subject_alt_name=$IP_subject easyrsa_CA_password=$easyrsa_CA_password" -t update-users --skip-tags common
|
|
}
|
|
|
|
case "$1" in
|
|
update-users) user_management ;;
|
|
*) algo_provisioning ;;
|
|
esac
|