forked from trailofbits/algo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnon-cloud.yml
69 lines (59 loc) · 2.06 KB
/
non-cloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
- hosts: localhost
gather_facts: False
vars_files:
- config.cfg
vars_prompt:
- name: "server_ip"
prompt: "Enter IP address of your server: (use localhost for local installation)\n"
default: localhost
private: no
- name: "server_user"
prompt: "What user should we use to login on the server? (ignore if you're deploying to localhost):\n"
default: "root"
private: no
- name: "dns_enabled"
prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
default: "Y"
private: no
- name: "auditd_enabled"
prompt: "Do you want to use auditd ? (Y or N):\n"
default: "Y"
private: no
- name: "easyrsa_p12_export_password"
prompt: "Enter the password for p12 certificates:\n"
default: "vpn"
private: yes
- name: "IP_subject"
prompt: "Enter public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)\n"
private: no
tasks:
- name: Add the server to the vpn-host group
add_host:
hostname: "{{ server_ip }}"
groupname: vpn-host
ansible_ssh_user: "{{ server_user }}"
ansible_python_interpreter: "/usr/bin/python2.7"
dns_enabled: "{{ dns_enabled }}"
auditd_enabled: " {{ auditd_enabled }}"
easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}"
IP_subject: "{{ IP_subject }}"
- name: Post-provisioning tasks
hosts: vpn-host
gather_facts: false
become: true
vars_files:
- config.cfg
pre_tasks:
- name: Install prerequisites
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
- name: Configure defaults
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
- set_fact:
IP_subject_alt_name: "{{ IP_subject }}"
roles:
- common
- security
- proxy
- vpn
- { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }
- { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }