algo/ec2.yml

# vim:ft=ansible:
- name: Create a sandbox instance
  hosts: localhost
  gather_facts: False
  vars_files:
    - config.cfg
  vars:
    instance_type: t2.nano
    security_group: vpn-secgroup
    regions:
      "1":  "us-east-1"
      "2":  "us-west-1"
      "3":  "us-west-2"
      "4":  "ap-south-1"
      "5":  "ap-northeast-2"
      "6":  "ap-southeast-1"
      "7":  "ap-southeast-2"
      "8":  "ap-northeast-1"
      "9":  "eu-central-1"
      "10": "eu-west-1"
      "11": "sa-east-1"

  vars_prompt:

    - name: "aws_access_key"
      prompt: "Enter your aws_access_key (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html):\n"
      private: yes

    - name: "aws_secret_key"
      prompt: "Enter your aws_secret_key (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html):\n"
      private: yes

    - name: "region"
      prompt: >
        What region should the server be located in?
         1.   us-east-1           US East (N. Virginia)
         2.   us-west-1           US West (N. California)
         3.   us-west-2           US West (Oregon)
         4.   ap-south-1          Asia Pacific (Mumbai)
         5.   ap-northeast-2      Asia Pacific (Seoul)
         6.   ap-southeast-1      Asia Pacific (Singapore)
         7.   ap-southeast-2      Asia Pacific (Sydney)
         8.   ap-northeast-1      Asia Pacific (Tokyo)
         9.   eu-central-1        EU (Frankfurt)
         10.  eu-west-1           EU (Ireland)
         11.  sa-east-1           South America (São Paulo)
      default: "1"
      private: no

    - name: "aws_server_name"
      prompt: "Name the vpn server:\n"
      default: "algo.local"
      private: no

    - name: "ssh_public_key"
      prompt: "Enter the local path to your SSH public key:\n"
      default: "~/.ssh/id_rsa.pub"
      private: no

    - name: "dns_enabled"
      prompt: "Do you want to install a local DNS resolver to block ads while surfing? (Y or N):\n"
      default: "Y"
      private: no
      
    - name: "proxy_enabled"
      prompt: "Do you want to install a proxy to block ads and decrease traffic usage while surfing? (Y or N):\n"
      default: "Y"
      private: no

    - name: "auditd_enabled"
      prompt: "Do you want to use auditd ? (Y or N):\n"
      default: "Y"
      private: no
    
    - name: "ssh_tunneling_enabled"
      prompt: "Do you want to use SSH tunneling ? (Y or N):\n"
      default: "Y"
      private: no
         
    - name: "easyrsa_p12_export_password"
      prompt: "Enter the password for p12 certificates:\n"
      default: "vpn"
      private: yes      

  roles:
    - cloud-ec2

- name: Post-provisioning tasks
  hosts: vpn-host
  gather_facts: false
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - name: Install prerequisites
      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
    - name: Configure defaults
      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

  roles:
    - common
    - security
    - vpn
    - { role: proxy, when: proxy_enabled is defined and proxy_enabled == "Y" }
    - { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }
    - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }
    - { role: ssh_tunneling, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "Y" }