mirror of
https://github.com/trailofbits/algo
synced 2024-11-12 01:10:35 +00:00
61 lines
1.7 KiB
YAML
61 lines
1.7 KiB
YAML
- name: Gather Facts
|
|
setup:
|
|
|
|
- name: Include system based facts and tasks
|
|
include: systems/main.yml
|
|
|
|
- name: Install prerequisites
|
|
package: name="{{ item }}" state=present
|
|
with_items:
|
|
- "{{ prerequisites }}"
|
|
|
|
- name: Install strongSwan
|
|
package: name=strongswan state=present
|
|
|
|
- name: Setup the ipsec config
|
|
template:
|
|
src: "roles/vpn/templates/client_ipsec.conf.j2"
|
|
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
|
|
mode: '0644'
|
|
with_items:
|
|
- "{{ vpn_user }}"
|
|
notify:
|
|
- restart strongswan
|
|
|
|
- name: Setup the ipsec secrets
|
|
template:
|
|
src: "roles/vpn/templates/client_ipsec.secrets.j2"
|
|
dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
|
|
mode: '0600'
|
|
with_items:
|
|
- "{{ vpn_user }}"
|
|
notify:
|
|
- restart strongswan
|
|
|
|
- name: Include additional ipsec config
|
|
lineinfile:
|
|
dest: "{{ item.dest }}"
|
|
line: "{{ item.line }}"
|
|
create: yes
|
|
with_items:
|
|
- dest: "{{ configs_prefix }}/ipsec.conf"
|
|
line: "include ipsec.{{ IP_subject_alt_name }}.conf"
|
|
- dest: "{{ configs_prefix }}/ipsec.secrets"
|
|
line: "include ipsec.{{ IP_subject_alt_name }}.secrets"
|
|
notify:
|
|
- restart strongswan
|
|
|
|
- name: Setup the certificates and keys
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
with_items:
|
|
- src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ vpn_user }}.crt"
|
|
dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"
|
|
- src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
|
|
dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
|
|
- src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ vpn_user }}.key"
|
|
dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"
|
|
notify:
|
|
- restart strongswan
|