New `arch` config.cfg parameter is used along with the image name
parameter to find the most recent OS image to be used in hosted ec2
instance. This allows the user to choose arm based instance types
which was causing algo failure during cloud formation.
If new instance_market_type config.cfg variable specifies 'spot' instead of 'on-demand' then
the stack.yml creates a LaunchTemplate resource using spot option. The create EC2 Instance command
uses that LaunchTemplate.
* add linode as one of cloud providers
* add Linode into cloud provider list
* fix code style
* install requirements of ansible linode module
* Update prompts.yml
- Make the regions list more readable
- Assign us-east as the default region
* remove prompt of asking root password
* roles/common: Add sshd tasks
* cloud-linode/tasks: Fix LINODE_API_TOKEN env lookup
* docs: Add Linode to Ansible deploy docs
* docs: Add cloud-linode
* config: Use Ubuntu 20.04 on Linode
* README: syntax
* Linode stackscript support
* Linode stackscript fix
* linting
Co-authored-by: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Co-authored-by: William Woodruff <william@yossarian.net>
Co-authored-by: William Woodruff <william.woodruff@trailofbits.com>
Co-authored-by: Jack Ivanov <e601809@gmail.com>
* X.509 Name Constraints
* nameConstraints to a random generated uuid
* Second level domain
* nameConstraints fixes
* critical in nameConstraints lost after last refactoring
* update variable name to store_pki
* Document BetweenClients_DROP
* Update README.md
* Update faq.md
* VPN On Demand is for Apple IPSEC clients only
* How to update users from cloud-init
* How to monitor user activity
* Fix typo
* Update FAQ about WireGuard, fix typos
* Correct locations of install log and user configs
* Update-users from cloud-init
* Update features list
* More "IPsec" and "WireGuard" changes
* fixed broken link/absent link in FAQ
* Python version README fix for #1622
* road warrior instructions
* Update index.md
* Reorganize config.cfg
As per @davidemyers suggestions
* Further config changes
As per feedback, also better explanation of keys_clean_all
* Add road warrior instructions to FAQ
* Remove specific ports from RW instructions
* Support for associating to existing AWS Elastic IP
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
* Backport ec2_eip_facts module for EIP support
This means that EIP support no longer requires Ansible 2.6
The local fact module has been named ec2_elasticip_facts
to avoid conflict with the ec2_eip_facts module whenever
the Ansible 2.6 upgrade takes place.
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
* Update from review feedback.
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
* Move to the native module. Add additional condition for existing Elastic IP
* generate service IPs dynamically
* update cloud-init tests
* exclude ipsec and wireguard ranges from the random service ip
* Update docs
* @davidemyers: update wireguard docs for linux
* Move to netaddr filter
* AllowedIPs fix
* WireGuard IPs fix
Uses the Unified hosts file from @StevenBlack available [here](https://github.com/StevenBlack/hosts). This encompasses the Ad Away, MVPS, and Malware Domain lists, deleting duplicates for us, and also adds a bunch more.
<!--- Provide a general summary of your changes in the Title above -->
## Description
Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes#1330 and closes#1162
Configures Ansible to use python3 on the server side. Closes#1024
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the `config` folder. Closes#1330
<details><summary>Here is how the config directory looks like now</summary>
<p>
```
configs/X.X.X.X/
|-- ipsec
| |-- apple
| | |-- desktop.mobileconfig
| | |-- laptop.mobileconfig
| | `-- phone.mobileconfig
| |-- manual
| | |-- cacert.pem
| | |-- desktop.p12
| | |-- desktop.ssh.pem
| | |-- ipsec_desktop.conf
| | |-- ipsec_desktop.secrets
| | |-- ipsec_laptop.conf
| | |-- ipsec_laptop.secrets
| | |-- ipsec_phone.conf
| | |-- ipsec_phone.secrets
| | |-- laptop.p12
| | |-- laptop.ssh.pem
| | |-- phone.p12
| | `-- phone.ssh.pem
| `-- windows
| |-- desktop.ps1
| |-- laptop.ps1
| `-- phone.ps1
|-- ssh-tunnel
| |-- desktop.pem
| |-- desktop.pub
| |-- laptop.pem
| |-- laptop.pub
| |-- phone.pem
| |-- phone.pub
| `-- ssh_config
`-- wireguard
|-- desktop.conf
|-- desktop.png
|-- laptop.conf
|-- laptop.png
|-- phone.conf
`-- phone.png
```
</p>
</details>
## Motivation and Context
This refactoring is focused to aim to the 1.0 release
## How Has This Been Tested?
Deployed to several cloud providers with various options enabled and disabled
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Refactoring
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] All new and existing tests passed.
* Document using WireGuard app on macOS
* Update README.md
* Make WireGuard the default for Apple devices
* clarify user list
* fix tests
* connect on demand
