--- - name: Configure the server and install required software hosts: vpn-host gather_facts: false tags: algo become: true vars_files: - config.cfg roles: - role: common tags: common - role: dns_encryption when: dns_encryption tags: dns_encryption - role: dns_adblocking when: algo_local_dns tags: dns_adblocking - role: wireguard when: wireguard_enabled tags: wireguard - role: vpn tags: vpn - role: ssh_tunneling when: algo_ssh_tunneling tags: ssh_tunneling post_tasks: - block: - name: Delete the CA key local_action: module: file path: "configs/{{ IP_subject_alt_name }}/pki/private/cakey.pem" state: absent become: false when: not algo_store_cakey - name: Dump the configuration local_action: module: copy dest: "configs/{{ IP_subject_alt_name }}/config.yml" content: | server: {{ 'localhost' if inventory_hostname == 'localhost' else inventory_hostname }} server_user: {{ ansible_ssh_user }} {% if algo_provider != "local" %} ansible_ssh_private_key_file: {{ ansible_ssh_private_key_file|default(SSH_keys.private) }} {% endif %} algo_provider: {{ algo_provider }} algo_server_name: {{ algo_server_name }} algo_ondemand_cellular: {{ algo_ondemand_cellular }} algo_ondemand_wifi: {{ algo_ondemand_wifi }} algo_ondemand_wifi_exclude: {{ algo_ondemand_wifi_exclude }} algo_local_dns: {{ algo_local_dns }} algo_ssh_tunneling: {{ algo_ssh_tunneling }} algo_windows: {{ algo_windows }} algo_store_cakey: {{ algo_store_cakey }} IP_subject_alt_name: {{ IP_subject_alt_name }} {% if tests|default(false)|bool %}ca_password: {{ CA_password }}{% endif %} become: false - name: Create a symlink if deploying to localhost file: src: "{{ IP_subject_alt_name }}" dest: configs/localhost state: link force: true when: inventory_hostname == 'localhost' - debug: msg: - "{{ congrats.common.split('\n') }}" - " {{ congrats.p12_pass }}" - " {% if algo_store_cakey %}{{ congrats.ca_key_pass }}{% endif %}" - " {% if algo_provider != 'local' %}{{ congrats.ssh_access }}{% endif %}" tags: always rescue: - debug: var=fail_hint tags: always - fail: tags: always