mirror of
https://github.com/trailofbits/algo
synced 2024-11-13 19:12:06 +00:00
273c7665d3
<!--- Provide a general summary of your changes in the Title above --> ## Description Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162 Configures Ansible to use python3 on the server side. Closes #1024 Removes unneeded playbooks, reorganises a lot of variables Reorganises the `config` folder. Closes #1330 <details><summary>Here is how the config directory looks like now</summary> <p> ``` configs/X.X.X.X/ |-- ipsec | |-- apple | | |-- desktop.mobileconfig | | |-- laptop.mobileconfig | | `-- phone.mobileconfig | |-- manual | | |-- cacert.pem | | |-- desktop.p12 | | |-- desktop.ssh.pem | | |-- ipsec_desktop.conf | | |-- ipsec_desktop.secrets | | |-- ipsec_laptop.conf | | |-- ipsec_laptop.secrets | | |-- ipsec_phone.conf | | |-- ipsec_phone.secrets | | |-- laptop.p12 | | |-- laptop.ssh.pem | | |-- phone.p12 | | `-- phone.ssh.pem | `-- windows | |-- desktop.ps1 | |-- laptop.ps1 | `-- phone.ps1 |-- ssh-tunnel | |-- desktop.pem | |-- desktop.pub | |-- laptop.pem | |-- laptop.pub | |-- phone.pem | |-- phone.pub | `-- ssh_config `-- wireguard |-- desktop.conf |-- desktop.png |-- laptop.conf |-- laptop.png |-- phone.conf `-- phone.png ```  </p> </details> ## Motivation and Context This refactoring is focused to aim to the 1.0 release ## How Has This Been Tested? Deployed to several cloud providers with various options enabled and disabled ## Types of changes <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [x] Refactoring ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I have read the **CONTRIBUTING** document. - [x] My code follows the code style of this project. - [x] My change requires a change to the documentation. - [x] I have updated the documentation accordingly. - [x] All new and existing tests passed.
57 lines
1.3 KiB
Bash
Executable File
57 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -ex
|
|
|
|
USER_ARGS="{ 'server': '$LXC_IP', 'users': ['user1', 'user2'] }"
|
|
|
|
if [ "${LXC_NAME}" == "docker" ]
|
|
then
|
|
docker run -it -v $(pwd)/config.cfg:/algo/config.cfg -v ~/.ssh:/root/.ssh -v $(pwd)/configs:/algo/configs -e "USER_ARGS=${USER_ARGS}" travis/algo /bin/sh -c "chown -R 0:0 /root/.ssh && source env/bin/activate && ansible-playbook users.yml -e \"${USER_ARGS}\" -t update-users"
|
|
else
|
|
ansible-playbook users.yml -e "${USER_ARGS}" -t update-users
|
|
fi
|
|
|
|
#
|
|
# IPsec
|
|
#
|
|
|
|
if sudo openssl crl -inform pem -noout -text -in configs/$LXC_IP/ipsec/.pki/crl/phone.crt | grep CRL
|
|
then
|
|
echo "The CRL check passed"
|
|
else
|
|
echo "The CRL check failed"
|
|
exit 1
|
|
fi
|
|
|
|
if sudo openssl x509 -inform pem -noout -text -in configs/$LXC_IP/ipsec/.pki/certs/user1.crt | grep CN=user1
|
|
then
|
|
echo "The new user exists"
|
|
else
|
|
echo "The new user does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
#
|
|
# WireGuard
|
|
#
|
|
|
|
if sudo test -f configs/$LXC_IP/wireguard/user1.conf
|
|
then
|
|
echo "WireGuard: The new user exists"
|
|
else
|
|
echo "WireGuard: The new user does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
#
|
|
# SSH tunneling
|
|
#
|
|
|
|
if sudo test -f configs/$LXC_IP/ssh-tunnel/user1.ssh_config
|
|
then
|
|
echo "SSH Tunneling: The new user exists"
|
|
else
|
|
echo "SSH Tunneling: The new user does not exist"
|
|
exit 1
|
|
fi
|