Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-13 19:12:06 +00:00
Code Issues Projects Releases Wiki Activity
feb0091448
algo/roles/strongswan/tasks/client_configs.yml
Jack Ivanov 273c7665d3 Refactoring (#1334) 
<!--- Provide a general summary of your changes in the Title above -->

## Description
Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162
Configures Ansible to use python3 on the server side. Closes #1024 
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the `config` folder. Closes #1330
<details><summary>Here is how the config directory looks like now</summary>
<p>

```
configs/X.X.X.X/
|-- ipsec
|   |-- apple
|   |   |-- desktop.mobileconfig
|   |   |-- laptop.mobileconfig
|   |   `-- phone.mobileconfig
|   |-- manual
|   |   |-- cacert.pem
|   |   |-- desktop.p12
|   |   |-- desktop.ssh.pem
|   |   |-- ipsec_desktop.conf
|   |   |-- ipsec_desktop.secrets
|   |   |-- ipsec_laptop.conf
|   |   |-- ipsec_laptop.secrets
|   |   |-- ipsec_phone.conf
|   |   |-- ipsec_phone.secrets
|   |   |-- laptop.p12
|   |   |-- laptop.ssh.pem
|   |   |-- phone.p12
|   |   `-- phone.ssh.pem
|   `-- windows
|       |-- desktop.ps1
|       |-- laptop.ps1
|       `-- phone.ps1
|-- ssh-tunnel
|   |-- desktop.pem
|   |-- desktop.pub
|   |-- laptop.pem
|   |-- laptop.pub
|   |-- phone.pem
|   |-- phone.pub
|   `-- ssh_config
`-- wireguard
    |-- desktop.conf
    |-- desktop.png
    |-- laptop.conf
    |-- laptop.png
    |-- phone.conf
    `-- phone.png
```

![finder](https://i.imgur.com/FtOmKO0.png)

</p>
</details>

## Motivation and Context
This refactoring is focused to aim to the 1.0 release

## How Has This Been Tested?
Deployed to several cloud providers with various options enabled and disabled

## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Refactoring

## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] All new and existing tests passed.
2019-03-10 13:16:34 -04:00

54 lines
1.3 KiB
YAML
Raw Blame History

---
- name: Register p12 PayloadContent
shell: cat private/{{ item }}.p12 | base64
register: PayloadContent
args:
chdir: "{{ ipsec_pki_path }}"
with_items: "{{ users }}"
- name: Set facts for mobileconfigs
set_fact:
PayloadContentCA: "{{ lookup('file' , '{{ ipsec_pki_path }}/cacert.pem')|b64encode }}"
- name: Build the mobileconfigs
template:
src: mobileconfig.j2
dest: "{{ ipsec_config_path }}/apple/{{ item.0 }}.mobileconfig"
mode: 0600
with_together:
- "{{ users }}"
- "{{ PayloadContent.results }}"
no_log: True
- name: Build the client ipsec config file
template:
src: client_ipsec.conf.j2
dest: "{{ ipsec_config_path }}/manual/{{ item }}.conf"
mode: 0600
with_items:
- "{{ users }}"
- name: Build the client ipsec secret file
template:
src: client_ipsec.secrets.j2
dest: "{{ ipsec_config_path }}/manual/{{ item }}.secrets"
mode: 0600
with_items:
- "{{ users }}"
- name: Build the windows client powershell script
template:
src: client_windows.ps1.j2
dest: "{{ ipsec_config_path }}/windows/{{ item.0 }}.ps1"
mode: 0600
when: algo_windows
with_together:
- "{{ users }}"
- "{{ PayloadContent.results }}"
- name: Restrict permissions for the local private directories
file:
path: "{{ ipsec_config_path }}"
state: directory
mode: 0700
Reference in New Issue View Git Blame Copy Permalink