mirror of https://github.com/trailofbits/algo
Linux clients installation vpn #44
parent
95c42002f2
commit
0bf3e809a4
@ -0,0 +1,31 @@
|
||||
- name: Configure the client
|
||||
hosts: localhost
|
||||
tasks:
|
||||
- name: Add the droplet to an inventory group
|
||||
add_host:
|
||||
name: "{{ client_ip }}"
|
||||
groups: client-host
|
||||
ansible_ssh_user: "{{ server_user }}"
|
||||
|
||||
- name: Configure the client and install required software
|
||||
hosts: client-host
|
||||
gather_facts: false
|
||||
become: true
|
||||
vars_files:
|
||||
- config.cfg
|
||||
|
||||
pre_tasks:
|
||||
- name: Get the OS
|
||||
raw: uname -a
|
||||
register: distribution
|
||||
|
||||
- name: Ubuntu Xenial | Install prerequisites
|
||||
raw: >
|
||||
test -x /usr/bin/python2.7 ||
|
||||
sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 &&
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
changed_when: false
|
||||
when: "'ubuntu' in distribution.stdout"
|
||||
|
||||
roles:
|
||||
- { role: client, tags: ['client'] }
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
- name: restart strongswan
|
||||
service: name=strongswan state=restarted
|
@ -0,0 +1,73 @@
|
||||
- name: Gather Facts
|
||||
setup:
|
||||
|
||||
- name: Include system based facts and tasks
|
||||
include: systems/main.yml
|
||||
|
||||
- name: Cheking the signature algorithm
|
||||
local_action: >
|
||||
shell openssl x509 -text -in certs/{{ IP_subject_alt_name }}.crt | grep 'Signature Algorithm' | head -n1
|
||||
become: no
|
||||
register: sig_algo
|
||||
args:
|
||||
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
|
||||
|
||||
- name: Change the algorithm to RSA
|
||||
set_fact:
|
||||
Win10_Enabled: "Y"
|
||||
when: '"ecdsa" not in sig_algo.stdout'
|
||||
|
||||
- name: Install prerequisites
|
||||
package: name="{{ item }}" state=present
|
||||
with_items:
|
||||
- "{{ prerequisites }}"
|
||||
|
||||
- name: Install StrongSwan
|
||||
package: name=strongswan state=present
|
||||
|
||||
- name: Setup the ipsec config
|
||||
template:
|
||||
src: "roles/vpn/templates/client_ipsec.conf.j2"
|
||||
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
|
||||
mode: '0644'
|
||||
with_items:
|
||||
- "{{ user }}"
|
||||
notify:
|
||||
- restart strongswan
|
||||
|
||||
- name: Setup the ipsec secrets
|
||||
template:
|
||||
src: "roles/vpn/templates/client_ipsec.secrets.j2"
|
||||
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
|
||||
mode: '0600'
|
||||
with_items:
|
||||
- "{{ user }}"
|
||||
notify:
|
||||
- restart strongswan
|
||||
|
||||
- name: Include additional ipsec config
|
||||
lineinfile:
|
||||
dest: "{{ item.dest }}"
|
||||
line: "{{ item.line }}"
|
||||
create: yes
|
||||
with_items:
|
||||
- dest: "{{ configs_prefix }}/ipsec.conf"
|
||||
line: "include ipsec.*.conf"
|
||||
- dest: "{{ configs_prefix }}/ipsec.secrets"
|
||||
line: "include ipsec.*.secrets"
|
||||
notify:
|
||||
- restart strongswan
|
||||
|
||||
- name: Setup the certificates and keys
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
with_items:
|
||||
- src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ user }}.crt"
|
||||
dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ user }}.crt"
|
||||
- src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
|
||||
dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
|
||||
- src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ user }}.key"
|
||||
dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ user }}.key"
|
||||
notify:
|
||||
- restart strongswan
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
prerequisites:
|
||||
- epel-release
|
||||
configs_prefix: /etc/strongswan/
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
prerequisites: []
|
||||
configs_prefix: /etc/
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
prerequisites: []
|
||||
configs_prefix: /etc/
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
|
||||
- include: Debian.yml
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- include: Ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- include: CentOS.yml
|
||||
when: ansible_distribution == 'CentOS'
|
Loading…
Reference in New Issue