mirror of
https://github.com/trailofbits/algo
synced 2024-11-04 06:00:21 +00:00
1e8a9c5cf1
* Generate mobileconfigs for WireGuard * add xmllint to wireguard profiles * Enable onDemand prompts for WireGuard * linting
105 lines
2.6 KiB
YAML
105 lines
2.6 KiB
YAML
---
|
|
- name: Ensure the required directories exist
|
|
file:
|
|
dest: "{{ item }}"
|
|
state: directory
|
|
recurse: true
|
|
with_items:
|
|
- "{{ wireguard_pki_path }}/preshared"
|
|
- "{{ wireguard_pki_path }}/private"
|
|
- "{{ wireguard_pki_path }}/public"
|
|
- "{{ wireguard_config_path }}/apple/ios"
|
|
- "{{ wireguard_config_path }}/apple/macos"
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Include tasks for Ubuntu
|
|
include_tasks: ubuntu.yml
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
tags: always
|
|
|
|
- name: Include tasks for FreeBSD
|
|
include_tasks: freebsd.yml
|
|
when: ansible_distribution == 'FreeBSD'
|
|
tags: always
|
|
|
|
- name: Generate keys
|
|
import_tasks: keys.yml
|
|
tags: update-users
|
|
|
|
- block:
|
|
- block:
|
|
- name: WireGuard user list updated
|
|
lineinfile:
|
|
dest: "{{ wireguard_pki_path }}/index.txt"
|
|
create: true
|
|
mode: "0600"
|
|
insertafter: EOF
|
|
line: "{{ item }}"
|
|
register: lineinfile
|
|
with_items: "{{ users }}"
|
|
|
|
- set_fact:
|
|
wireguard_users: "{{ (lookup('file', wireguard_pki_path + 'index.txt')).split('\n') }}"
|
|
|
|
- name: WireGuard users config generated
|
|
template:
|
|
src: client.conf.j2
|
|
dest: "{{ wireguard_config_path }}/{{ item.1 }}.conf"
|
|
mode: "0600"
|
|
with_indexed_items: "{{ wireguard_users }}"
|
|
when: item.1 in users
|
|
vars:
|
|
index: "{{ item.0 }}"
|
|
|
|
- include_tasks: mobileconfig.yml
|
|
loop:
|
|
- ios
|
|
- macos
|
|
loop_control:
|
|
loop_var: system
|
|
|
|
- name: Generate QR codes
|
|
shell: >
|
|
umask 077;
|
|
which segno &&
|
|
segno --scale=5 --output={{ item.1 }}.png \
|
|
"{{ lookup('template', 'client.conf.j2') }}" || true
|
|
changed_when: false
|
|
with_indexed_items: "{{ wireguard_users }}"
|
|
when: item.1 in users
|
|
vars:
|
|
index: "{{ item.0 }}"
|
|
ansible_python_interpreter: "{{ ansible_playbook_python }}"
|
|
args:
|
|
chdir: "{{ wireguard_config_path }}"
|
|
executable: bash
|
|
become: false
|
|
delegate_to: localhost
|
|
|
|
- name: WireGuard configured
|
|
template:
|
|
src: server.conf.j2
|
|
dest: "{{ config_prefix|default('/') }}etc/wireguard/{{ wireguard_interface }}.conf"
|
|
mode: "0600"
|
|
notify: restart wireguard
|
|
tags: update-users
|
|
|
|
- name: WireGuard enabled and started
|
|
service:
|
|
name: "{{ service_name }}"
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Delete the PKI directory
|
|
file:
|
|
path: "{{ wireguard_pki_path }}"
|
|
state: absent
|
|
become: false
|
|
delegate_to: localhost
|
|
when:
|
|
- not algo_store_pki
|
|
- not pki_in_tmpfs
|
|
|
|
- meta: flush_handlers
|