Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fix/14704
dependabot/pip/ansible-9.4.0
master
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fff70293f1'
${ noResults }
algo/ec2.yml

152 lines
4.3 KiB
YAML
Raw Blame History

# vim:ft=ansible:
- name: Create a sandbox instance
hosts: localhost
gather_facts: False
vars:
instance_type: t2.nano
security_group: vpn-secgroup
regions:
"1": "us-east-1"
"2": "us-west-1"
"3": "us-west-2"
"4": "ap-south-1"
"5": "ap-northeast-2"
"6": "ap-southeast-1"
"7": "ap-southeast-2"
"8": "ap-northeast-1"
"9": "eu-central-1"
"10": "eu-west-1"
"11": "sa-east-1"
vars_prompt:
- name: "region"
prompt: >
What region should the server be located in?
1. us-east-1 US East (N. Virginia)
2. us-west-1 US West (N. California)
3. us-west-2 US West (Oregon)
4. ap-south-1 Asia Pacific (Mumbai)
5. ap-northeast-2 Asia Pacific (Seoul)
6. ap-southeast-1 Asia Pacific (Singapore)
7. ap-southeast-2 Asia Pacific (Sydney)
8. ap-northeast-1 Asia Pacific (Tokyo)
9. eu-central-1 EU (Frankfurt)
10. eu-west-1 EU (Ireland)
11. sa-east-1 South America (São Paulo)
default: "1"
private: no
- name: "dns_enabled"
prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
default: "Y"
private: no
- name: "auditd_enabled"
prompt: "Do you want to use auditd ? (Y or N):\n"
default: "Y"
private: no
tasks:
- name: Grab the default interface subnet.
ec2_eni_facts:
region: "{{ regions[region] }}"
register: ec2_enis
- name: Locate official Ubuntu 16.04 AMI for region.
ec2_ami_find:
name: "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"
owner: 099720109477
sort: name
sort_order: descending
sort_end: 1
region: "{{ regions[region] }}"
register: ami_search
- set_fact:
ami_image: "{{ ami_search.results[0].ami_id }}"
default_subnet: "{{ ec2_enis.interfaces[0].subnet_id }}"
- name: Fetch our IP for security group.
ipify_facts:
- name: Add ssh public key.
ec2_key:
name: VPNKEY
region: "{{ regions[region] }}"
key_material: "{{ item }}"
with_file: ~/.ssh/id_rsa.pub
register: keypair
- name: Configure EC2 security group
ec2_group:
name: "{{ security_group }}"
description: Security group for VPN servers
region: "{{ regions[region] }}"
rules:
- proto: udp
from_port: 4500
to_port: 4500
cidr_ip: 0.0.0.0/0
- proto: udp
from_port: 500
to_port: 500
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: "{{ ipify_public_ip }}/32"
rules_egress:
- proto: all
from_port: 0-65535
to_port: 0-65535
cidr_ip: 0.0.0.0/0
- name: Launch instance
ec2:
keypair: "VPNKEY"
group: "{{ security_group }}"
instance_type: "{{ instance_type }}"
image: "{{ ami_image }}"
wait: true
region: "{{ regions[region] }}"
vpc_subnet_id: "{{ default_subnet }}"
assign_public_ip: yes
instance_tags:
Name: VPN
register: ec2
- name: Add new instance to host group
add_host:
hostname: "{{ item.public_ip }}"
groupname: vpn-host
remote_user: ubuntu
ansible_python_interpreter: "/usr/bin/python2.7"
dns_enabled: "{{ dns_enabled }}"
auditd_enabled: " {{ auditd_enabled }}"
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_dns_name }} port=22 delay=60 timeout=320 state=started
with_items: "{{ ec2.instances }}"
- name: Post-provisioning tasks
hosts: vpn-host
gather_facts: false
become: true
vars_files:
- config.cfg
pre_tasks:
- name: Install prerequisites
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
- name: Configure defaults
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
roles:
- common
- security
- features
- vpn
Reference in New Issue View Git Blame Copy Permalink