removed tasks that were instead migrated to a role task included by a role handler
This commit is contained in:
@@ -3,7 +3,7 @@
|
|||||||
remote_user: "{{ chosen_user | default('senpai') }}"
|
remote_user: "{{ chosen_user | default('senpai') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/git_aliases.yml # REQUIRED
|
- vars/git_aliases.yml # REQUIRED
|
||||||
- vars/vpn_server.yml # REQUIRED
|
- vars/vim_settings.yml # REQUIRED
|
||||||
- vars/config@{{ inventory_hostname | default('vps') }}.yml
|
- vars/config@{{ inventory_hostname | default('vps') }}.yml
|
||||||
tasks:
|
tasks:
|
||||||
- name: Installing requisite packages
|
- name: Installing requisite packages
|
||||||
@@ -11,16 +11,6 @@
|
|||||||
name: init-server
|
name: init-server
|
||||||
tasks_from: userspace@install-pkgs
|
tasks_from: userspace@install-pkgs
|
||||||
handlers_from: userspace
|
handlers_from: userspace
|
||||||
- name: Acquiring home of current user
|
|
||||||
when: ansible_facts["system"] == "Linux"
|
|
||||||
ansible.builtin.shell:
|
|
||||||
cmd: "echo ~{{ ansible_user }}"
|
|
||||||
register: ansible_user_home
|
|
||||||
- name: Acquiring current user
|
|
||||||
when: ansible_facts["system"] == "Linux"
|
|
||||||
ansible.builtin.shell:
|
|
||||||
cmd: "echo {{ ansible_user }}"
|
|
||||||
register: current_user
|
|
||||||
- name: Disabling root user shell login
|
- name: Disabling root user shell login
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
@@ -53,121 +43,3 @@
|
|||||||
scope: global
|
scope: global
|
||||||
value: "{{ item[1] }}"
|
value: "{{ item[1] }}"
|
||||||
loop: "{{ git_aliases }}"
|
loop: "{{ git_aliases }}"
|
||||||
- name: Creating Wireguard VPS VPN service
|
|
||||||
block:
|
|
||||||
- name: Ensuring IP forwarding is allowed
|
|
||||||
become: true
|
|
||||||
ansible.posix.sysctl:
|
|
||||||
name: "net.{{ item }}.conf.all.forwarding"
|
|
||||||
value: "1"
|
|
||||||
sysctl_set: true
|
|
||||||
state: present
|
|
||||||
loop:
|
|
||||||
- ipv4
|
|
||||||
- ipv6
|
|
||||||
- name: Creating a directory to house VPN service client configurations
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d"
|
|
||||||
recurse: true
|
|
||||||
owner: "{{ ansible_user }}"
|
|
||||||
group: "{{ ansible_user }}"
|
|
||||||
mode: "755"
|
|
||||||
state: directory
|
|
||||||
- name: Get the current hostname of the machine
|
|
||||||
ansible.builtin.shell:
|
|
||||||
cmd: "echo $(hostname)"
|
|
||||||
register: current_hostname
|
|
||||||
- name: Starting DSNet-based Wireguard VPN service configuration
|
|
||||||
when: vpn_server.driver.name == "dsnet"
|
|
||||||
block:
|
|
||||||
- name: Getting DSNet binary application
|
|
||||||
become: true
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: "https://github.com/naggie/dsnet/releases/download/{{ vpn_server.driver.version }}/dsnet-linux-amd64"
|
|
||||||
dest: /usr/bin/dsnet
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "744"
|
|
||||||
force: true
|
|
||||||
backup: true
|
|
||||||
- name: Initializing DSNet
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: dsnet init
|
|
||||||
- name: Running DSNet VPN service interface
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: dsnet up
|
|
||||||
- name: Adding peer device for DSNet VPN service interface
|
|
||||||
become: true
|
|
||||||
ansible.builtin.shell:
|
|
||||||
cmd: "dsnet add {{ item.name }}{{ idx }} --owner {{ current_user.stdout }} --description 'For {{ current_hostname.stdout }}--{{ item.desc }}' --confirm > {{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
|
|
||||||
creates: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ idx }}.conf"
|
|
||||||
loop: "{{ vpn_server.clients }}"
|
|
||||||
loop_control:
|
|
||||||
index_var: idx
|
|
||||||
- name: Changing ownership of consequent DSNet VPN service client configurations
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
|
|
||||||
owner: "{{ ansible_user }}"
|
|
||||||
group: "{{ ansible_user }}"
|
|
||||||
state: file
|
|
||||||
loop: "{{ vpn_server.clients }}"
|
|
||||||
loop_control:
|
|
||||||
index_var: idx
|
|
||||||
- name: Pausing to inquire about how to proceed
|
|
||||||
ansible.builtin.pause:
|
|
||||||
prompt: "Type \"fetch\" to get the DSNet VPN service client configuration files, or \"show\" to see their contents for manual copying instead"
|
|
||||||
echo: true
|
|
||||||
register: data_method
|
|
||||||
- name: Presenting DSNet VPN service client configuration files to control node for copying
|
|
||||||
when: data_method.user_input == "show"
|
|
||||||
block:
|
|
||||||
- name: Acquiring contents of DSNet VPN service client configuration files
|
|
||||||
ansible.builtin.slurp:
|
|
||||||
src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
|
|
||||||
loop: "{{ vpn_server.clients }}"
|
|
||||||
loop_control:
|
|
||||||
index_var: idx
|
|
||||||
register: vpn_client_configs
|
|
||||||
- name: Presenting contents of DSNet VPN service client configurations to control node
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "Copy this client configuration of the DSNet VPN service:\n {{ item.content }}"
|
|
||||||
loop: "{{ vpn_client_configs.results }}"
|
|
||||||
- name: Giving opportunity to manually copy contents of DSNet VPN service client configuration files
|
|
||||||
ansible.builtin.pause:
|
|
||||||
- name: Providing DSNet VPN service client configuration files to control node machine
|
|
||||||
when: data_method.user_input == "fetch"
|
|
||||||
block:
|
|
||||||
- name: Dupliciating DSNet VPN service client configuration files to control node
|
|
||||||
ansible.builtin.fetch:
|
|
||||||
src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
|
|
||||||
dest: "/var/tmp/{{ inventory_hostname }}/wg/"
|
|
||||||
flat: true
|
|
||||||
loop: "{{ vpn_server.clients }}"
|
|
||||||
loop_control:
|
|
||||||
index_var: idx
|
|
||||||
- name: Informing control node of acquired files
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "The DSNet VPS service client configuration files have been duplicated to '/var/tmp/{{ inventory_hostname }}/wg/' at the control node."
|
|
||||||
- name: Giving control node user time to read the aforementiioned message
|
|
||||||
ansible.builtin.pause:
|
|
||||||
seconds: 30
|
|
||||||
# @TODO create tasks for registering and presenting contents of just created files
|
|
||||||
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
|
|
||||||
become: true
|
|
||||||
ansible.builtin.iptables:
|
|
||||||
chain: FORWARD
|
|
||||||
protocol: "{{ item[0][0] }}"
|
|
||||||
source_port: "{{ item[0][1] }}"
|
|
||||||
in_interface: "{{ item[1] }}"
|
|
||||||
jump: ACCEPT
|
|
||||||
loop: "{{ vpn_server.forwards | product([vpn_server.interface]) }}"
|
|
||||||
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
|
|
||||||
become: true
|
|
||||||
ansible.builtin.iptables:
|
|
||||||
table: nat
|
|
||||||
chain: POSTROUTING
|
|
||||||
out_interface: "{{ vpn_server.interface }}"
|
|
||||||
jump: MASQUERADE
|
|
||||||
Reference in New Issue
Block a user