mirror of
https://github.com/trailofbits/algo
synced 2024-11-13 19:12:06 +00:00
88 lines
2.5 KiB
YAML
88 lines
2.5 KiB
YAML
- name: Configure the server and install required software
|
|
hosts: localhost
|
|
gather_facts: false
|
|
|
|
vars:
|
|
zones:
|
|
"1": "us-central1-a"
|
|
"2": "us-central1-b"
|
|
"3": "us-central1-c"
|
|
"4": "us-central1-f"
|
|
"5": "us-east1-b"
|
|
"6": "us-east1-c"
|
|
"7": "us-east1-d"
|
|
"8": "europe-west1-b"
|
|
"9": "europe-west1-c"
|
|
"10": "europe-west1-d"
|
|
"11": "asia-east1-a"
|
|
"12": "asia-east1-b"
|
|
"13": "asia-east1-c"
|
|
|
|
vars_prompt:
|
|
- name: "credentials_file"
|
|
prompt: "Enter the local path to your credentials JSON file [ex: ~/gogle_cloud.json] (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):\n"
|
|
private: no
|
|
|
|
- name: "ssh_public_key"
|
|
prompt: "Enter the local path to your SSH public key [ex: ~/.ssh/id_rsa.pub] :\n"
|
|
private: no
|
|
|
|
- name: "zone"
|
|
prompt: >
|
|
What zone should the server be located in?
|
|
1. Central US (Iowa A)
|
|
2. Central US (Iowa B)
|
|
3. Central US (Iowa C)
|
|
4. Central US (Iowa F)
|
|
5. Eastern US (South Carolina B)
|
|
6. Eastern US (South Carolina C)
|
|
7. Eastern US (South Carolina D)
|
|
8. Western Europe (Belgium B)
|
|
9. Western Europe (Belgium C)
|
|
10. Western Europe (Belgium D)
|
|
11. East Asia (Taiwan A)
|
|
12. East Asia (Taiwan B)
|
|
13. East Asia (Taiwan C)
|
|
Please choose the number of your zone. Press enter for default (#8) zone.
|
|
default: "8"
|
|
private: no
|
|
|
|
- name: "server_name"
|
|
prompt: "Name the vpn server:\n"
|
|
default: "algo"
|
|
private: no
|
|
|
|
- name: "dns_enabled"
|
|
prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
|
|
default: "Y"
|
|
private: no
|
|
|
|
- name: "auditd_enabled"
|
|
prompt: "Do you want to use auditd ? (Y or N):\n"
|
|
default: "Y"
|
|
private: no
|
|
|
|
roles:
|
|
- cloud-gce
|
|
|
|
- name: Post-provisioning tasks
|
|
hosts: vpn-host
|
|
gather_facts: false
|
|
become: true
|
|
vars_files:
|
|
- config.cfg
|
|
|
|
pre_tasks:
|
|
- name: Install prerequisites
|
|
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
|
|
- name: Configure defaults
|
|
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
|
|
|
roles:
|
|
- common
|
|
- security
|
|
- proxy
|
|
- vpn
|
|
- { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }
|
|
- { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }
|