mirror of
https://github.com/trailofbits/algo
synced 2024-11-18 09:25:38 +00:00
139 lines
4.0 KiB
YAML
139 lines
4.0 KiB
YAML
- name: Configure the server and install required software
|
|
hosts: localhost
|
|
|
|
vars:
|
|
regions:
|
|
"1": "ams2"
|
|
"2": "ams3"
|
|
"3": "fra1"
|
|
"4": "lon1"
|
|
"5": "nyc1"
|
|
"6": "nyc2"
|
|
"7": "nyc3"
|
|
"8": "sfo1"
|
|
"9": "sfo2"
|
|
"10": "sgp1"
|
|
"11": "tor1"
|
|
|
|
vars_prompt:
|
|
- name: "do_access_token"
|
|
prompt: "Enter your API Token (https://cloud.digitalocean.com/settings/api/tokens):\n"
|
|
private: yes
|
|
|
|
- name: "do_ssh_name"
|
|
prompt: "Enter a valid SSH key name (https://cloud.digitalocean.com/settings/security):\n"
|
|
private: no
|
|
|
|
- name: "do_region"
|
|
prompt: >
|
|
What region should the server be located in?
|
|
1. Amsterdam (Datacenter 2)
|
|
2. Amsterdam (Datacenter 3)
|
|
3. Frankfurt
|
|
4. London
|
|
5. New York (Datacenter 1)
|
|
6. New York (Datacenter 2)
|
|
7. New York (Datacenter 3)
|
|
8. San Francisco (Datacenter 1)
|
|
9. San Francisco (Datacenter 2)
|
|
10. Singapore
|
|
11. Toronto
|
|
Enter the number of your desired region:
|
|
default: "7"
|
|
private: no
|
|
|
|
- name: "do_server_name"
|
|
prompt: "Name the vpn server:\n"
|
|
default: "algo.local"
|
|
private: no
|
|
|
|
- name: "service_dns"
|
|
prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N)"
|
|
default: "Y"
|
|
private: no
|
|
|
|
tasks:
|
|
- name: "Getting your SSH key ID on Digital Ocean..."
|
|
digital_ocean:
|
|
state: present
|
|
command: ssh
|
|
name: "{{ do_ssh_name }}"
|
|
api_token: "{{ do_access_token }}"
|
|
register: do_ssh_key
|
|
|
|
- name: "Creating a droplet..."
|
|
digital_ocean:
|
|
state: present
|
|
command: droplet
|
|
name: "{{ do_server_name }}"
|
|
region_id: "{{ regions[do_region] }}"
|
|
size_id: "512mb"
|
|
image_id: "ubuntu-16-04-x64"
|
|
ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
|
|
unique_name: yes
|
|
api_token: "{{ do_access_token }}"
|
|
register: do
|
|
|
|
- name: Add the droplet to an inventory group
|
|
add_host:
|
|
name: "{{ do.droplet.ip_address }}"
|
|
groups: vpn-host
|
|
ansible_ssh_user: root
|
|
ansible_python_interpreter: "/usr/bin/python2.7"
|
|
|
|
- name: Wait for SSH to become available
|
|
local_action: "wait_for port=22 host={{ do.droplet.ip_address }} timeout=320"
|
|
|
|
- name: Enable IPv6 on the droplet
|
|
uri:
|
|
url: "https://api.digitalocean.com/v2/droplets/{{ do.droplet.id }}/actions"
|
|
method: POST
|
|
body:
|
|
type: enable_ipv6
|
|
body_format: json
|
|
status_code: 201
|
|
HEADER_Authorization: "Bearer {{ do_access_token }}"
|
|
HEADER_Content-Type: "application/json"
|
|
|
|
- name: Get Droplet networks
|
|
uri:
|
|
url: "https://api.digitalocean.com/v2/droplets/{{ do.droplet.id }}"
|
|
method: GET
|
|
status_code: 200
|
|
HEADER_Authorization: "Bearer {{ do_access_token }}"
|
|
HEADER_Content-Type: "application/json"
|
|
register: droplet_info
|
|
|
|
- name: IPv6 template created
|
|
template: src=20-ipv6.cfg.j2 dest=configs/20-ipv6.tmp
|
|
with_items: "{{ droplet_info.json.droplet.networks.v6 }}"
|
|
|
|
- name: Post-provisioning tasks
|
|
hosts: vpn-host
|
|
gather_facts: false
|
|
user: root
|
|
vars_files:
|
|
- config.cfg
|
|
|
|
pre_tasks:
|
|
- name: Install prerequisites
|
|
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
|
|
- name: Configure defaults
|
|
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
|
|
|
tasks:
|
|
- name: IPv6 configured
|
|
copy: src=configs/20-ipv6.tmp dest=/etc/network/interfaces.d/20-ipv6.cfg owner=root group=root mode=0644
|
|
|
|
- name: IPv6 included into the network config
|
|
lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/20-ipv6.cfg' state=present
|
|
|
|
- name: IPV6 is running
|
|
shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'
|
|
|
|
- name: Wait for SSH to become available
|
|
local_action: "wait_for port=22 host={{ inventory_hostname }} timeout=320"
|
|
become: false
|
|
|
|
|