algo/digitalocean.yml

- name: Configure the server and install required software
  hosts: localhost

  vars:
    regions:
      "1":  "ams2"
      "2":  "ams3"
      "3":  "fra1"
      "4":  "lon1"
      "5":  "nyc1"
      "6":  "nyc2"
      "7":  "nyc3"
      "8":  "sfo1"
      "9":  "sfo2"
      "10": "sgp1"
      "11": "tor1"
      "12": "blr1"

  vars_prompt:
  - name: "do_access_token"
    prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n"
    private: yes

  - name: "do_ssh_name"
    prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n"
    private: no

  - name: "do_region"
    prompt: >
      What region should the server be located in?
        1.  Amsterdam        (Datacenter 2)
        2.  Amsterdam        (Datacenter 3)
        3.  Frankfurt
        4.  London
        5.  New York         (Datacenter 1)
        6.  New York         (Datacenter 2)
        7.  New York         (Datacenter 3)
        8.  San Francisco    (Datacenter 1)
        9.  San Francisco    (Datacenter 2)
        10. Singapore
        11. Toronto
        12. Bangalore
      Enter the number of your desired region:
    default: "7"
    private: no

  - name: "do_server_name"
    prompt: "Name the vpn server:\n"
    default: "algo.local"
    private: no

  - name: "dns_enabled"
    prompt: "Do you want to install a local DNS resolver to block ads while surfing? (Y or N):\n"
    default: "Y"
    private: no
    
  - name: "proxy_enabled"
    prompt: "Do you want to install a proxy to block ads and decrease traffic usage while surfing? (Y or N):\n"
    default: "Y"
    private: no    

  - name: "auditd_enabled"
    prompt: "Do you want to use auditd ? (Y or N):\n"
    default: "Y"
    private: no
    
  - name: "easyrsa_p12_export_password"
    prompt: "Enter the password for p12 certificates:\n"
    default: "vpn"
    private: yes    

  roles:
    - cloud-digitalocean

- name: Post-provisioning tasks
  hosts: vpn-host
  gather_facts: false
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - name: Install prerequisites
      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
    - name: Configure defaults
      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

    - name: Enable IPv6 on the droplet
      uri:
        url: "https://api.digitalocean.com/v2/droplets/{{ do_droplet_id }}/actions"
        method: POST
        body:
          type: enable_ipv6
        body_format: json
        status_code: 201
        HEADER_Authorization: "Bearer {{ do_access_token }}"
        HEADER_Content-Type: "application/json"

    - name: Get Droplet networks
      uri:
        url: "https://api.digitalocean.com/v2/droplets/{{ do_droplet_id }}"
        method: GET
        status_code: 200
        HEADER_Authorization: "Bearer {{ do_access_token }}"
        HEADER_Content-Type: "application/json"
      register: droplet_info

    - name: IPv6 configured
      template: src=roles/cloud-digitalocean/templates/20-ipv6.cfg.j2 dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644
      with_items: "{{ droplet_info.json.droplet.networks.v6 }}"
      notify:
        - reload eth0

    - name: IPv6 included into the network config
      lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/20-ipv6.cfg' state=present
      notify:
        - reload eth0

    - meta: flush_handlers

    - name: Wait for SSH to become available
      local_action: "wait_for port=22 host={{ inventory_hostname }} timeout=320"
      become: false

  roles:
    - common
    - security
    - vpn
    - { role: proxy, when: proxy_enabled is defined and proxy_enabled == "Y" } 
    - { role: dns_adblocking, when: dns_enabled is defined and dns_enabled == "Y" }
    - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }

  handlers:
    - name: reload eth0
      shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'