mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
2.3 KiB
YAML
87 lines
2.3 KiB
YAML
---
|
|
|
|
- name: Register p12 PayloadContent
|
|
shell: cat private/{{ item }}.p12 | base64
|
|
register: PayloadContent
|
|
args:
|
|
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
|
|
with_items: "{{ users }}"
|
|
|
|
- name: Set facts for mobileconfigs
|
|
set_fact:
|
|
PayloadContentCA: "{{ lookup('file' , 'configs/{{ IP_subject_alt_name }}/pki/cacert.pem')|b64encode }}"
|
|
|
|
- name: Build the mobileconfigs
|
|
template:
|
|
src: mobileconfig.j2
|
|
dest: configs/{{ IP_subject_alt_name }}/{{ item.0 }}.mobileconfig
|
|
mode: 0600
|
|
with_together:
|
|
- "{{ users }}"
|
|
- "{{ PayloadContent.results }}"
|
|
no_log: True
|
|
|
|
- name: Build the strongswan app android config
|
|
template:
|
|
src: sswan.j2
|
|
dest: configs/{{ IP_subject_alt_name }}/android_{{ item.0 }}.sswan
|
|
mode: 0600
|
|
with_together:
|
|
- "{{ users }}"
|
|
- "{{ PayloadContent.results }}"
|
|
no_log: True
|
|
|
|
- name: Build the android helper html
|
|
template:
|
|
src: android_html_helper.j2
|
|
dest: configs/{{ IP_subject_alt_name }}/android_{{ item.0 }}_helper.html
|
|
mode: 0600
|
|
with_together:
|
|
- "{{ users }}"
|
|
no_log: True
|
|
|
|
- name: Build the client ipsec config file
|
|
template:
|
|
src: client_ipsec.conf.j2
|
|
dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.conf
|
|
mode: 0600
|
|
with_items:
|
|
- "{{ users }}"
|
|
|
|
- name: Build the client ipsec secret file
|
|
template:
|
|
src: client_ipsec.secrets.j2
|
|
dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.secrets
|
|
mode: 0600
|
|
with_items:
|
|
- "{{ users }}"
|
|
|
|
- name: Create the windows check file
|
|
file:
|
|
state: touch
|
|
path: configs/{{ IP_subject_alt_name }}/.supports_windows
|
|
when: Win10_Enabled is defined and Win10_Enabled == "Y"
|
|
|
|
- name: Check if the windows check file exists
|
|
stat:
|
|
path: configs/{{ IP_subject_alt_name }}/.supports_windows
|
|
register: supports_windows
|
|
|
|
- name: Build the windows client powershell script
|
|
template:
|
|
src: client_windows.ps1.j2
|
|
dest: configs/{{ IP_subject_alt_name }}/windows_{{ item.0 }}.ps1
|
|
mode: 0600
|
|
when: Win10_Enabled is defined and Win10_Enabled == "Y" or supports_windows.stat.exists == true
|
|
with_together:
|
|
- "{{ users }}"
|
|
- "{{ PayloadContent.results }}"
|
|
|
|
- name: Restrict permissions for the local private directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0700
|
|
with_items:
|
|
- configs/{{ IP_subject_alt_name }}
|