mirror of
https://github.com/trailofbits/algo
synced 2024-11-18 09:25:38 +00:00
25513cf925
* Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config
69 lines
1.9 KiB
YAML
69 lines
1.9 KiB
YAML
- name: Gather Facts
|
|
setup:
|
|
|
|
- name: Include system based facts and tasks
|
|
import_tasks: systems/main.yml
|
|
|
|
- name: Install prerequisites
|
|
package: name="{{ item }}" state=present
|
|
with_items:
|
|
- "{{ prerequisites }}"
|
|
register: result
|
|
until: result is succeeded
|
|
retries: 10
|
|
delay: 3
|
|
|
|
- name: Install strongSwan
|
|
package: name=strongswan state=present
|
|
register: result
|
|
until: result is succeeded
|
|
retries: 10
|
|
delay: 3
|
|
|
|
- name: Setup the ipsec config
|
|
template:
|
|
src: "roles/strongswan/templates/client_ipsec.conf.j2"
|
|
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
|
|
mode: '0644'
|
|
with_items:
|
|
- "{{ vpn_user }}"
|
|
notify:
|
|
- restart strongswan
|
|
|
|
- name: Setup the ipsec secrets
|
|
template:
|
|
src: "roles/strongswan/templates/client_ipsec.secrets.j2"
|
|
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
|
|
mode: '0600'
|
|
with_items:
|
|
- "{{ vpn_user }}"
|
|
notify:
|
|
- restart strongswan
|
|
|
|
- name: Include additional ipsec config
|
|
lineinfile:
|
|
dest: "{{ item.dest }}"
|
|
line: "{{ item.line }}"
|
|
create: yes
|
|
with_items:
|
|
- dest: "{{ configs_prefix }}/ipsec.conf"
|
|
line: "include ipsec.{{ IP_subject_alt_name }}.conf"
|
|
- dest: "{{ configs_prefix }}/ipsec.secrets"
|
|
line: "include ipsec.{{ IP_subject_alt_name }}.secrets"
|
|
notify:
|
|
- restart strongswan
|
|
|
|
- name: Setup the certificates and keys
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
with_items:
|
|
- src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt"
|
|
dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"
|
|
- src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem"
|
|
dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
|
|
- src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key"
|
|
dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"
|
|
notify:
|
|
- restart strongswan
|