diff --git a/administrate@vps.yml b/administrate@vps.yml index 55dee89..3f78f65 100644 --- a/administrate@vps.yml +++ b/administrate@vps.yml @@ -3,7 +3,7 @@ remote_user: "{{ chosen_user | default('senpai') }}" vars_files: - vars/git_aliases.yml # REQUIRED - - vars/vpn_server.yml # REQUIRED + - vars/vim_settings.yml # REQUIRED - vars/config@{{ inventory_hostname | default('vps') }}.yml tasks: - name: Installing requisite packages @@ -11,16 +11,6 @@ name: init-server tasks_from: userspace@install-pkgs handlers_from: userspace - - name: Acquiring home of current user - when: ansible_facts["system"] == "Linux" - ansible.builtin.shell: - cmd: "echo ~{{ ansible_user }}" - register: ansible_user_home - - name: Acquiring current user - when: ansible_facts["system"] == "Linux" - ansible.builtin.shell: - cmd: "echo {{ ansible_user }}" - register: current_user - name: Disabling root user shell login become: true ansible.builtin.user: @@ -53,121 +43,3 @@ scope: global value: "{{ item[1] }}" loop: "{{ git_aliases }}" - - name: Creating Wireguard VPS VPN service - block: - - name: Ensuring IP forwarding is allowed - become: true - ansible.posix.sysctl: - name: "net.{{ item }}.conf.all.forwarding" - value: "1" - sysctl_set: true - state: present - loop: - - ipv4 - - ipv6 - - name: Creating a directory to house VPN service client configurations - ansible.builtin.file: - path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d" - recurse: true - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: "755" - state: directory - - name: Get the current hostname of the machine - ansible.builtin.shell: - cmd: "echo $(hostname)" - register: current_hostname - - name: Starting DSNet-based Wireguard VPN service configuration - when: vpn_server.driver.name == "dsnet" - block: - - name: Getting DSNet binary application - become: true - ansible.builtin.get_url: - url: "https://github.com/naggie/dsnet/releases/download/{{ vpn_server.driver.version }}/dsnet-linux-amd64" - dest: /usr/bin/dsnet - owner: root - group: root - mode: "744" - force: true - backup: true - - name: Initializing DSNet - become: true - ansible.builtin.command: - cmd: dsnet init - - name: Running DSNet VPN service interface - become: true - ansible.builtin.command: - cmd: dsnet up - - name: Adding peer device for DSNet VPN service interface - become: true - ansible.builtin.shell: - cmd: "dsnet add {{ item.name }}{{ idx }} --owner {{ current_user.stdout }} --description 'For {{ current_hostname.stdout }}--{{ item.desc }}' --confirm > {{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf" - creates: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ idx }}.conf" - loop: "{{ vpn_server.clients }}" - loop_control: - index_var: idx - - name: Changing ownership of consequent DSNet VPN service client configurations - become: true - ansible.builtin.file: - path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - state: file - loop: "{{ vpn_server.clients }}" - loop_control: - index_var: idx - - name: Pausing to inquire about how to proceed - ansible.builtin.pause: - prompt: "Type \"fetch\" to get the DSNet VPN service client configuration files, or \"show\" to see their contents for manual copying instead" - echo: true - register: data_method - - name: Presenting DSNet VPN service client configuration files to control node for copying - when: data_method.user_input == "show" - block: - - name: Acquiring contents of DSNet VPN service client configuration files - ansible.builtin.slurp: - src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf" - loop: "{{ vpn_server.clients }}" - loop_control: - index_var: idx - register: vpn_client_configs - - name: Presenting contents of DSNet VPN service client configurations to control node - ansible.builtin.debug: - msg: "Copy this client configuration of the DSNet VPN service:\n {{ item.content }}" - loop: "{{ vpn_client_configs.results }}" - - name: Giving opportunity to manually copy contents of DSNet VPN service client configuration files - ansible.builtin.pause: - - name: Providing DSNet VPN service client configuration files to control node machine - when: data_method.user_input == "fetch" - block: - - name: Dupliciating DSNet VPN service client configuration files to control node - ansible.builtin.fetch: - src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf" - dest: "/var/tmp/{{ inventory_hostname }}/wg/" - flat: true - loop: "{{ vpn_server.clients }}" - loop_control: - index_var: idx - - name: Informing control node of acquired files - ansible.builtin.debug: - msg: "The DSNet VPS service client configuration files have been duplicated to '/var/tmp/{{ inventory_hostname }}/wg/' at the control node." - - name: Giving control node user time to read the aforementiioned message - ansible.builtin.pause: - seconds: 30 - # @TODO create tasks for registering and presenting contents of just created files - - name: Forwarding network traffic on certain ports to Wireguard VPS service interface - become: true - ansible.builtin.iptables: - chain: FORWARD - protocol: "{{ item[0][0] }}" - source_port: "{{ item[0][1] }}" - in_interface: "{{ item[1] }}" - jump: ACCEPT - loop: "{{ vpn_server.forwards | product([vpn_server.interface]) }}" - - name: Forwarding network traffic on certain ports to Wireguard VPS service interface - become: true - ansible.builtin.iptables: - table: nat - chain: POSTROUTING - out_interface: "{{ vpn_server.interface }}" - jump: MASQUERADE \ No newline at end of file