mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.0 KiB
YAML
46 lines
1.0 KiB
YAML
7 years ago
|
---
|
||
|
|
||
|
- set_fact:
|
||
|
strongswan_additional_plugins: []
|
||
|
|
||
7 years ago
|
- name: Ubuntu | Install strongSwan
|
||
7 years ago
|
apt:
|
||
|
name: strongswan
|
||
|
state: latest
|
||
|
update_cache: yes
|
||
|
install_recommends: yes
|
||
7 years ago
|
|
||
|
- name: Ubuntu | Enforcing ipsec with apparmor
|
||
|
shell: aa-enforce "{{ item }}"
|
||
6 years ago
|
when: apparmor_enabled|default(false)|bool == true
|
||
7 years ago
|
with_items:
|
||
|
- /usr/lib/ipsec/charon
|
||
|
- /usr/lib/ipsec/lookip
|
||
|
- /usr/lib/ipsec/stroke
|
||
|
notify:
|
||
|
- restart apparmor
|
||
|
tags: ['apparmor']
|
||
|
|
||
|
- name: Ubuntu | Enable services
|
||
|
service: name={{ item }} enabled=yes
|
||
|
with_items:
|
||
|
- apparmor
|
||
|
- strongswan
|
||
|
- netfilter-persistent
|
||
|
|
||
|
- name: Ubuntu | Ensure that the strongswan service directory exist
|
||
7 years ago
|
file:
|
||
|
path: /etc/systemd/system/strongswan.service.d/
|
||
|
state: directory
|
||
|
mode: 0755
|
||
|
owner: root
|
||
|
group: root
|
||
7 years ago
|
|
||
|
- name: Ubuntu | Setup the cgroup limitations for the ipsec daemon
|
||
7 years ago
|
template:
|
||
|
src: 100-CustomLimitations.conf.j2
|
||
|
dest: /etc/systemd/system/strongswan.service.d/100-CustomLimitations.conf
|
||
7 years ago
|
notify:
|
||
|
- daemon-reload
|
||
|
- restart strongswan
|