algo/digitalocean.yml

- name: Configure the server and install required software
  hosts: localhost

  vars:
    regions:
      "1":  "ams2"
      "2":  "ams3"
      "3":  "fra1"
      "4":  "lon1"
      "5":  "nyc1"
      "6":  "nyc2"
      "7":  "nyc3"
      "8":  "sfo1"
      "9":  "sfo2"
      "10": "sgp1"
      "11": "tor1"
      "12": "blr1"

  vars_prompt:
  - name: "do_access_token"
    prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n"
    private: yes

  - name: "do_ssh_name"
    prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n"
    private: no

  - name: "do_region"
    prompt: >
      What region should the server be located in?
        1.  Amsterdam        (Datacenter 2)
        2.  Amsterdam        (Datacenter 3)
        3.  Frankfurt
        4.  London
        5.  New York         (Datacenter 1)
        6.  New York         (Datacenter 2)
        7.  New York         (Datacenter 3)
        8.  San Francisco    (Datacenter 1)
        9.  San Francisco    (Datacenter 2)
        10. Singapore
        11. Toronto
        12. Bangalore
      Enter the number of your desired region:
    default: "7"
    private: no

  - name: "do_server_name"
    prompt: "Name the vpn server:\n"
    default: "algo.local"
    private: no

  - name: "dns_enabled"
    prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
    default: "Y"
    private: no

  - name: "auditd_enabled"
    prompt: "Do you want to use auditd ? (Y or N):\n"
    default: "Y"
    private: no
    
  - name: "easyrsa_p12_export_password"
    prompt: "Enter the password for p12 certificates:\n"
    default: "vpn"
    private: yes    

  roles:
    - cloud-digitalocean

- name: Post-provisioning tasks
  hosts: vpn-host
  gather_facts: false
  become: true
  vars_files:
    - config.cfg

  pre_tasks:
    - name: Install prerequisites
      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
    - name: Configure defaults
      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

    - name: Enable IPv6 on the droplet
      uri:
        url: "https://api.digitalocean.com/v2/droplets/{{ do_droplet_id }}/actions"
        method: POST
        body:
          type: enable_ipv6
        body_format: json
        status_code: 201
        HEADER_Authorization: "Bearer {{ do_access_token }}"
        HEADER_Content-Type: "application/json"

    - name: Get Droplet networks
      uri:
        url: "https://api.digitalocean.com/v2/droplets/{{ do_droplet_id }}"
        method: GET
        status_code: 200
        HEADER_Authorization: "Bearer {{ do_access_token }}"
        HEADER_Content-Type: "application/json"
      register: droplet_info

    - name: IPv6 configured
      template: src=roles/cloud-digitalocean/templates/20-ipv6.cfg.j2 dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644
      with_items: "{{ droplet_info.json.droplet.networks.v6 }}"
      notify:
        - reload eth0

    - name: IPv6 included into the network config
      lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/20-ipv6.cfg' state=present
      notify:
        - reload eth0

    - meta: flush_handlers

    - name: Wait for SSH to become available
      local_action: "wait_for port=22 host={{ inventory_hostname }} timeout=320"
      become: false

  roles:
    - common
    - security
    - proxy
    - vpn
    - { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }
    - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }

  handlers:
    - name: reload eth0
      shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'
split up functions 2016-07-11 16:09:14 +00:00			`- name: Configure the server and install required software`
			`hosts: localhost`

			`vars:`
			`regions:`
			`"1": "ams2"`
			`"2": "ams3"`
			`"3": "fra1"`
			`"4": "lon1"`
			`"5": "nyc1"`
			`"6": "nyc2"`
			`"7": "nyc3"`
			`"8": "sfo1"`
miscelllaneous cleanups 2016-07-30 17:26:30 +00:00			`"9": "sfo2"`
			`"10": "sgp1"`
			`"11": "tor1"`
Digitalocean: Add new region blr1 Bangalore See https://www.digitalocean.com/company/blog/introducing-our-bangalore-region-blr1/ 2016-08-17 21:47:59 +00:00			`"12": "blr1"`
split up functions 2016-07-11 16:09:14 +00:00
			`vars_prompt:`
			`- name: "do_access_token"`
			`prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n"`
			`private: yes`

			`- name: "do_ssh_name"`
			`prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n"`
			`private: no`

			`- name: "do_region"`
			`prompt: >`
			`What region should the server be located in?`
			`1. Amsterdam (Datacenter 2)`
			`2. Amsterdam (Datacenter 3)`
			`3. Frankfurt`
			`4. London`
			`5. New York (Datacenter 1)`
			`6. New York (Datacenter 2)`
			`7. New York (Datacenter 3)`
miscelllaneous cleanups 2016-07-30 17:26:30 +00:00			`8. San Francisco (Datacenter 1)`
			`9. San Francisco (Datacenter 2)`
			`10. Singapore`
			`11. Toronto`
Digitalocean: Add new region blr1 Bangalore See https://www.digitalocean.com/company/blog/introducing-our-bangalore-region-blr1/ 2016-08-17 21:47:59 +00:00			`12. Bangalore`
Simplify prompts 2016-08-02 23:55:40 +00:00			`Enter the number of your desired region:`
split up functions 2016-07-11 16:09:14 +00:00			`default: "7"`
			`private: no`
linting 2016-08-16 03:32:44 +00:00
some fixes 2016-08-01 18:21:25 +00:00			`- name: "do_server_name"`
			`prompt: "Name the vpn server:\n"`
Simplify prompts 2016-08-02 23:55:40 +00:00			`default: "algo.local"`
split up functions 2016-07-11 16:09:14 +00:00			`private: no`
linting 2016-08-16 03:32:44 +00:00
Roles enabled 2016-08-11 08:54:34 +00:00			`- name: "dns_enabled"`
			`prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"`
			`default: "Y"`
			`private: no`
linting 2016-08-16 03:32:44 +00:00
Roles enabled 2016-08-11 08:54:34 +00:00			`- name: "auditd_enabled"`
			`prompt: "Do you want to use auditd ? (Y or N):\n"`
			`default: "Y"`
linting 2016-08-16 03:32:44 +00:00			`private: no`
p12 moved into playbooks 2016-08-18 08:16:22 +00:00
			`- name: "easyrsa_p12_export_password"`
			`prompt: "Enter the password for p12 certificates:\n"`
			`default: "vpn"`
			`private: yes`
linting 2016-08-16 03:32:44 +00:00
Roles enabled 2016-08-11 08:54:34 +00:00			`roles:`
rename the cloud roles 2016-08-16 04:00:26 +00:00			`- cloud-digitalocean`
Configure IPv6 on the VPN #8 2016-08-02 21:22:49 +00:00
			`- name: Post-provisioning tasks`
			`hosts: vpn-host`
			`gather_facts: false`
Roles enabled 2016-08-11 08:54:34 +00:00			`become: true`
Configure IPv6 on the VPN #8 2016-08-02 21:22:49 +00:00			`vars_files:`
			`- config.cfg`
linting 2016-08-16 03:32:44 +00:00
Configure IPv6 on the VPN #8 2016-08-02 21:22:49 +00:00			`pre_tasks:`
			`- name: Install prerequisites`
			`raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7`
			`- name: Configure defaults`
linting 2016-08-16 03:32:44 +00:00			`raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1`

Roles enabled 2016-08-11 08:54:34 +00:00			`- name: Enable IPv6 on the droplet`
			`uri:`
			`url: "https://api.digitalocean.com/v2/droplets/{{ do_droplet_id }}/actions"`
			`method: POST`
			`body:`
			`type: enable_ipv6`
			`body_format: json`
			`status_code: 201`
			`HEADER_Authorization: "Bearer {{ do_access_token }}"`
			`HEADER_Content-Type: "application/json"`
linting 2016-08-16 03:32:44 +00:00
Roles enabled 2016-08-11 08:54:34 +00:00			`- name: Get Droplet networks`
			`uri:`
			`url: "https://api.digitalocean.com/v2/droplets/{{ do_droplet_id }}"`
			`method: GET`
			`status_code: 200`
			`HEADER_Authorization: "Bearer {{ do_access_token }}"`
			`HEADER_Content-Type: "application/json"`
			`register: droplet_info`

Configure IPv6 on the VPN #8 2016-08-02 21:22:49 +00:00			`- name: IPv6 configured`
oops 2016-08-16 13:39:39 +00:00			`template: src=roles/cloud-digitalocean/templates/20-ipv6.cfg.j2 dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644`
Roles enabled 2016-08-11 08:54:34 +00:00			`with_items: "{{ droplet_info.json.droplet.networks.v6 }}"`
			`notify:`
linting 2016-08-16 03:32:44 +00:00			`- reload eth0`

Configure IPv6 on the VPN #8 2016-08-02 21:22:49 +00:00			`- name: IPv6 included into the network config`
			`lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/20-ipv6.cfg' state=present`
Roles enabled 2016-08-11 08:54:34 +00:00			`notify:`
			`- reload eth0`
linting 2016-08-16 03:32:44 +00:00
Roles enabled 2016-08-11 08:54:34 +00:00			`- meta: flush_handlers`
Configure IPv6 on the VPN #8 2016-08-02 21:22:49 +00:00
			`- name: Wait for SSH to become available`
			`local_action: "wait_for port=22 host={{ inventory_hostname }} timeout=320"`
Modify user-management function 2016-08-11 20:54:29 +00:00			`become: false`
linting 2016-08-16 03:32:44 +00:00
Roles enabled 2016-08-11 08:54:34 +00:00			`roles:`
			`- common`
			`- security`
Split the features role in two #49 2016-08-17 20:26:17 +00:00			`- proxy`
EC2 Role; Loggin Role 2016-08-11 19:36:36 +00:00			`- vpn`
Split the features role in two #49 2016-08-17 20:26:17 +00:00			`- { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }`
linting 2016-08-16 03:32:44 +00:00			`- { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }`

Roles enabled 2016-08-11 08:54:34 +00:00			`handlers:`
			`- name: reload eth0`
linting 2016-08-16 03:32:44 +00:00			`shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'`