Some refactoring. Disable unneeded variables.

7 years ago · 5cbf125202
parent 237fcc7a7f
commit 5cbf125202
4 changed files with 30 additions and 31 deletions
--- a/3
+++ b/3
@ -303,7 +303,8 @@ What user should we use to login on the server? (note: passwordless login requir

  read -p "
 Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
-: " -r IP_subject
+[$server_ip]: " -r IP_subject
+  IP_subject=${IP_subject:-$server_ip}

  ROLES="local vpn"
  EXTRA_VARS="server_ip=$server_ip server_user=$server_user IP_subject_alt_name=$IP_subject"
--- a/config.cfg
+++ b/config.cfg
@ -11,16 +11,13 @@ auditd_action_mail_acct: email@example.com

 ### Advanced users only below this line ###

-easyrsa_dir: /opt/easy-rsa-ipsec
-easyrsa_ca_expire: 3650
-easyrsa_cert_expire: 3650
-
 # If True re-init all existing certificates. (True or False)
 easyrsa_reinit_existent: False

 vpn_network: 10.19.48.0/24
-vpn_network_ipv6: 'fd9d:bc11:4020::/48'
 # https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48
+vpn_network_ipv6: 'fd9d:bc11:4020::/48'
+
 server_name: "{{ ansible_ssh_host }}"
 IP_subject_alt_name: "{{ ansible_ssh_host }}"

@ -32,30 +29,6 @@ dns_servers:
    - 2001:4860:4860::8888
    - 2001:4860:4860::8844

-strongswan_enabled_plugins:
-  - aes
-  - gcm
-  - hmac
-  - kernel-netlink
-  - nonce
-  - openssl
-  - pem
-  - pgp
-  - pkcs12
-  - pkcs7
-  - pkcs8
-  - pubkey
-  - random
-  - revocation
-  - sha2
-  - socket-default
-  - stroke
-  - x509
-
-ec2_vpc_nets:
-  cidr_block: 172.251.0.0/23
-  subnet_cidr: 172.251.1.0/24
-
 # IP address for the proxy and the local dns resolver
 local_service_ip: 172.16.0.1

@ -64,7 +37,6 @@ VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
 CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"

 # Block traffic between connected clients
-
 BetweenClients_DROP: Y

 congrats:
--- a/roles/cloud-ec2/defaults/main.yml
+++ b/roles/cloud-ec2/defaults/main.yml
@ -0,0 +1,5 @@
+---
+
+ec2_vpc_nets:
+  cidr_block: 172.251.0.0/23
+  subnet_cidr: 172.251.1.0/24
--- a/roles/vpn/defaults/main.yml
+++ b/roles/vpn/defaults/main.yml
@ -0,0 +1,21 @@
+---
+
+strongswan_enabled_plugins:
+  - aes
+  - gcm
+  - hmac
+  - kernel-netlink
+  - nonce
+  - openssl
+  - pem
+  - pgp
+  - pkcs12
+  - pkcs7
+  - pkcs8
+  - pubkey
+  - random
+  - revocation
+  - sha2
+  - socket-default
+  - stroke
+  - x509