Commit f0c70cbc authored by nanahira's avatar nanahira

save

parent b66691e2
/zeeai-certs
This diff is collapsed.
......@@ -25,7 +25,7 @@
become: true
apt:
update_cache: true
name: ocserv,apache2-utils
name: ocserv,apache2-utils,python3-six
- name: stop ocserv
become: true
service:
......@@ -40,8 +40,26 @@
- name: install pip packages
become: true
pip:
name: ansible==2.9.6,awscli,jinja2==3.0.0
name: ansible<2.11.0,jinja2==3.0.0
state: latest
- name: set ansible module_utils path
set_fact:
module_util_path: '/usr/local/lib/python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}/dist-packages/ansible/module_utils'
- name: remove deprecated six
become: true
file:
path: '{{module_util_path}}/six'
state: absent
- name: copy six.py
become: true
copy:
src: /usr/lib/python3/dist-packages/six.py
dest: '{{module_util_path}}/six.py'
- name: copy urls.py
become: true
copy:
src: ./files/urls.py
dest: '{{module_util_path}}/urls.py'
- name: ansible
become: true
synchronize:
......
---
- hosts: zeeai-certs
remote_user: root
tasks:
- name: directories
ignore_errors: true
file:
path: '{{path}}'
state: directory
recurse: yes
with_items: '{{certs}}'
- name: certs
synchronize:
src: ../certs/{{item.domain}}/
dest: '{{path}}'
delete: yes
copy_links: yes
verify_host: no
recursive: yes
checksum: yes
archive: no
with_items: '{{certs}}'
when: not item.become is defined or not item.become
notify: handle
---
- hosts: znodes
remote_user: root
vars:
openvpn_docker_compose:
version: '2.4'
services:
openvpn:
restart: always
image: kylemanna/openvpn
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
volumes:
- ./data:/etc/openvpn
openvpn_client_name: orange
tasks:
- name: public key
authorized_key:
user: '{{ ansible_ssh_user }}'
key: '{{ ssh_pubkey }}'
- name: wg directory
become: true
file:
path: '/etc/wireguard'
state: directory
recurse: true
- name: wg config
become: true
copy:
dest: '/etc/wireguard/wgz.conf'
content: |
[Interface]
Address = {{ wg_address }}
PrivateKey = {{ wg_privkey }}
ListenPort = {{ wg_port }}
notify: restart_wg
- name: launch wg-quick
become: true
systemd:
name: wg-quick@wgz
enabled: true
state: started
- name: openvpn directory
file:
path: '{{ansible_user_dir}}/openvpn/data'
state: directory
recurse: true
- name: openvpn docker-compose.yml
copy:
content: '{{ openvpn_docker_compose | to_nice_yaml }}'
dest: '{{ansible_user_dir}}/openvpn/docker-compose.yml'
- name: init openvpn
shell: |
docker compose run --rm openvpn ovpn_genconfig -u udp://{{ansible_ssh_host}} -n {{dns}} -s {{openvpn_network}}
yes '' | docker compose run --rm openvpn ovpn_initpki nopass
docker compose run --rm openvpn easyrsa build-client-full {{ openvpn_client_name }} nopass
docker compose run --rm openvpn ovpn_getclient {{ openvpn_client_name }} > {{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn
args:
creates: '{{ansible_user_dir}}/openvpn/data/openvpn.conf'
chdir: '{{ansible_user_dir}}/openvpn'
register: openvpn_inited
- name: generate conf base64
shell: |
cat {{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn | base64 -w 0 > {{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn.base64
args:
creates: '{{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn.base64'
- name: docker-compose up -d
docker_compose:
project_src: '{{ansible_user_dir}}/openvpn'
state: present
remove_orphans: true
- name: collect openvpn file
fetch:
src: '{{ansible_user_dir}}/openvpn/{{ openvpn_client_name }}.ovpn.base64'
dest: '../collector/znode-ovpn/{{ansible_ssh_host}}.ovpn.base64'
flat: true
# when: openvpn_inited.changed
handlers:
- name: restart_wg
systemd:
name: wg-quick@wgz
state: restarted
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment