API tools faq
paste
Guest User

ansible streisand openVPN

a guest
Jun 9th, 2020
63
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.83 KB | None | 0 0
raw download clone embed print report
  1. diff --git a/inventories/inventory b/inventories/inventory
  2. index 2f3b15c..a5805c9 100644
  3. --- a/inventories/inventory
  4. +++ b/inventories/inventory
  5. @@ -21,4 +21,4 @@ localhost ansible_connection=local ansible_python_interpreter=python3
  6. # requires a password, use the --ask-become-pass command line option.
  7. #
  8. # [streisand-host]
  9. -# 255.255.255.255 ansible_user=ubuntu
  10. +10.11.12.11 ansible_user=root streisand_noninteractive=true
  11. diff --git a/playbooks/roles/azure-security-group/tasks/main.yml b/playbooks/roles/azure-security-group/tasks/main.yml
  12. index 85c3dee..f94b51d 100644
  13. --- a/playbooks/roles/azure-security-group/tasks/main.yml
  14. +++ b/playbooks/roles/azure-security-group/tasks/main.yml
  15. @@ -8,13 +8,13 @@
  16. azure_rm_virtualnetwork:
  17. resource_group: "{{ azure_resource_group_name }}"
  18. name: "{{ azure_resource_group_name }}"
  19. - address_prefixes: "10.10.0.0/16"
  20. + address_prefixes: "10.190.0.0/16"
  21.  
  22. - name: Create Azure subnet
  23. azure_rm_subnet:
  24. resource_group: "{{ azure_resource_group_name }}"
  25. name: "{{ azure_resource_group_name }}"
  26. - address_prefix: "10.10.0.0/24"
  27. + address_prefix: "10.190.0.0/24"
  28. virtual_network: "{{ azure_resource_group_name }}"
  29.  
  30. - name: Create Azure public ip
  31. diff --git a/playbooks/roles/gpg/tasks/main.yml b/playbooks/roles/gpg/tasks/main.yml
  32. index 8f88833..451b22b 100644
  33. --- a/playbooks/roles/gpg/tasks/main.yml
  34. +++ b/playbooks/roles/gpg/tasks/main.yml
  35. @@ -38,6 +38,22 @@
  36. group: root
  37. mode: 0750
  38.  
  39. +- name: "Create the Streisand GPG dirmngr S.dirmngr"
  40. + file:
  41. + dest: "{{ root_gpg_dir }}/S.dirmngr"
  42. + state: directory
  43. + owner: root
  44. + group: root
  45. + mode: 0750
  46. +
  47. +- name: "Create the Streisand GPG dirmngr S.gpg-agent"
  48. + file:
  49. + dest: "{{ root_gpg_dir }}/S.gpg-agent"
  50. + state: directory
  51. + owner: root
  52. + group: root
  53. + mode: 0750
  54. +
  55. - name: "Ensure a GPG agent is running"
  56. command: "gpgconf --launch gpg-agent"
  57.  
  58. diff --git a/playbooks/roles/lets-encrypt/tasks/install.yml b/playbooks/roles/lets-encrypt/tasks/install.yml
  59. index 632f7e2..685ded9 100644
  60. --- a/playbooks/roles/lets-encrypt/tasks/install.yml
  61. +++ b/playbooks/roles/lets-encrypt/tasks/install.yml
  62. @@ -6,6 +6,7 @@
  63. until: not le_add_apt_repository.failed
  64. retries: "{{ apt_repository_retries }}"
  65. delay: "{{ apt_repository_delay }}"
  66. + when: ansible_os_family != "Debian"
  67.  
  68. - name: Add the certbot PPA
  69. apt_repository:
  70. @@ -14,6 +15,7 @@
  71. until: not le_add_certbot_ppa.failed
  72. retries: "{{ apt_repository_retries }}"
  73. delay: "{{ apt_repository_delay }}"
  74. + when: ansible_os_family != "Debian"
  75.  
  76. - name: Install certbot
  77. apt:
  78. diff --git a/playbooks/roles/openvpn/tasks/firewall.yml b/playbooks/roles/openvpn/tasks/firewall.yml
  79. index e2d5166..34c6eca 100644
  80. --- a/playbooks/roles/openvpn/tasks/firewall.yml
  81. +++ b/playbooks/roles/openvpn/tasks/firewall.yml
  82. @@ -8,14 +8,14 @@
  83. to_port: "53"
  84. proto: "udp"
  85. rule: "allow"
  86. - from_ip: "10.8.0.0/24"
  87. + from_ip: "10.188.0.0/24"
  88.  
  89. - name: Ensure UFW allows DNS requests from OpenVPN UDP clients
  90. ufw:
  91. to_port: "53"
  92. proto: "udp"
  93. rule: "allow"
  94. - from_ip: "10.9.0.0/24"
  95. + from_ip: "10.189.0.0/24"
  96.  
  97. - name: Ensure UFW allows OpenVPN
  98. ufw:
  99. diff --git a/playbooks/roles/openvpn/templates/etc_openvpn_server.conf.j2 b/playbooks/roles/openvpn/templates/etc_openvpn_server.conf.j2
  100. index 1af2b87..184682f 100644
  101. --- a/playbooks/roles/openvpn/templates/etc_openvpn_server.conf.j2
  102. +++ b/playbooks/roles/openvpn/templates/etc_openvpn_server.conf.j2
  103. @@ -1,4 +1,4 @@
  104. -server 10.8.0.0 255.255.255.0
  105. +server 10.188.0.0 255.255.255.0
  106. push "dhcp-option DNS {{ dnsmasq_openvpn_tcp_ip }}"
  107. proto tcp
  108. port {{ openvpn_port }}
  109. diff --git a/playbooks/roles/openvpn/templates/etc_openvpn_server_udp.conf.j2 b/playbooks/roles/openvpn/templates/etc_openvpn_server_udp.conf.j2
  110. index 528ff2c..e6a65fa 100644
  111. --- a/playbooks/roles/openvpn/templates/etc_openvpn_server_udp.conf.j2
  112. +++ b/playbooks/roles/openvpn/templates/etc_openvpn_server_udp.conf.j2
  113. @@ -1,4 +1,4 @@
  114. -server 10.9.0.0 255.255.255.0
  115. +server 10.189.0.0 255.255.255.0
  116. push "dhcp-option DNS {{ dnsmasq_openvpn_udp_ip }}"
  117. proto udp
  118. port {{ openvpn_port_udp }}
  119. diff --git a/playbooks/roles/openvpn/vars/main.yml b/playbooks/roles/openvpn/vars/main.yml
  120. index 5ab4693..3c68ca0 100644
  121. --- a/playbooks/roles/openvpn/vars/main.yml
  122. +++ b/playbooks/roles/openvpn/vars/main.yml
  123. @@ -13,15 +13,15 @@ openvpn_sslh_profile_filename: "{{ openvpn_server }}-sslh.ovpn"
  124. openvpn_stunnel_profile_filename: "{{ openvpn_server }}-stunnel.ovpn"
  125. openvpn_combined_profile_filename: "{{ openvpn_server }}-combined.ovpn"
  126.  
  127. -dnsmasq_openvpn_tcp_ip: "10.8.0.1"
  128. -dnsmasq_openvpn_udp_ip: "10.9.0.1"
  129. +dnsmasq_openvpn_tcp_ip: "10.188.0.1"
  130. +dnsmasq_openvpn_udp_ip: "10.189.0.1"
  131.  
  132. openvpn_firewall_rules:
  133. - "iptables --wait {{ streisand_iptables_wait }} -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT"
  134. - - "iptables --wait {{ streisand_iptables_wait }} -A FORWARD -s 10.8.0.0/24 -j ACCEPT"
  135. - - "iptables --wait {{ streisand_iptables_wait }} -A FORWARD -s 10.9.0.0/24 -j ACCEPT"
  136. - - "iptables --wait {{ streisand_iptables_wait }} -t nat -A POSTROUTING -s 10.8.0.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
  137. - - "iptables --wait {{ streisand_iptables_wait }} -t nat -A POSTROUTING -s 10.9.0.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
  138. + - "iptables --wait {{ streisand_iptables_wait }} -A FORWARD -s 10.188.0.0/24 -j ACCEPT"
  139. + - "iptables --wait {{ streisand_iptables_wait }} -A FORWARD -s 10.189.0.0/24 -j ACCEPT"
  140. + - "iptables --wait {{ streisand_iptables_wait }} -t nat -A POSTROUTING -s 10.188.0.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
  141. + - "iptables --wait {{ streisand_iptables_wait }} -t nat -A POSTROUTING -s 10.189.0.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
  142.  
  143. openvpn_gateway_location: "{{ streisand_gateway_location }}/openvpn"
  144.  
  145. diff --git a/playbooks/roles/service-net/files/10-service0.network b/playbooks/roles/service-net/files/10-service0.network
  146. index 77d7bf6..c47a815 100644
  147. --- a/playbooks/roles/service-net/files/10-service0.network
  148. +++ b/playbooks/roles/service-net/files/10-service0.network
  149. @@ -5,4 +5,4 @@ Name=service0
  150. RequiredForOnline=yes
  151.  
  152. [Network]
  153. -Address=10.10.10.10/24
  154. +Address=10.190.10.10/24
  155. diff --git a/playbooks/roles/service-net/files/service-net.conf b/playbooks/roles/service-net/files/service-net.conf
  156. index 9f24f9a..1e82455 100644
  157. --- a/playbooks/roles/service-net/files/service-net.conf
  158. +++ b/playbooks/roles/service-net/files/service-net.conf
  159. @@ -1,2 +1,2 @@
  160. # Listen on the service network's IP
  161. -listen-address=10.10.10.10
  162. +listen-address=10.190.10.10
  163. diff --git a/playbooks/roles/shadowsocks/tasks/main.yml b/playbooks/roles/shadowsocks/tasks/main.yml
  164. index 613b99e..d97fa8f 100644
  165. --- a/playbooks/roles/shadowsocks/tasks/main.yml
  166. +++ b/playbooks/roles/shadowsocks/tasks/main.yml
  167. @@ -13,6 +13,7 @@
  168. until: not shadowsocks_add_apt_repository.failed
  169. retries: "{{ apt_repository_retries }}"
  170. delay: "{{ apt_repository_delay }}"
  171. + when: ansible_os_family != "Debian"
  172.  
  173. - name: Install shadowsocks-libev
  174. apt:
  175. diff --git a/playbooks/roles/shadowsocks/tasks/v2ray.yml b/playbooks/roles/shadowsocks/tasks/v2ray.yml
  176. index edc2c8f..7661098 100644
  177. --- a/playbooks/roles/shadowsocks/tasks/v2ray.yml
  178. +++ b/playbooks/roles/shadowsocks/tasks/v2ray.yml
  179. @@ -6,6 +6,7 @@
  180. until: not golang_add_apt_repository.failed
  181. retries: "{{ apt_repository_retries }}"
  182. delay: "{{ apt_repository_delay }}"
  183. + when: ansible_os_family != "Debian"
  184.  
  185. - name: Install golang-go
  186. apt:
  187. diff --git a/playbooks/roles/ssh/files/sshd_config b/playbooks/roles/ssh/files/sshd_config
  188. index 542e4a1..c75cead 100644
  189. --- a/playbooks/roles/ssh/files/sshd_config
  190. +++ b/playbooks/roles/ssh/files/sshd_config
  191. @@ -12,6 +12,9 @@
  192. # License, v. 2.0. If a copy of the MPL was not distributed with this file,
  193. # You can obtain one at http://mozilla.org/MPL/2.0/.
  194.  
  195. +Port 22
  196. +Port 2019
  197. +
  198. # Supported HostKey algorithms by order of preference.
  199. HostKey /etc/ssh/ssh_host_ed25519_key
  200. HostKey /etc/ssh/ssh_host_rsa_key
  201. diff --git a/playbooks/roles/ssh/vars/main.yml b/playbooks/roles/ssh/vars/main.yml
  202. index dbab143..4632c67 100644
  203. --- a/playbooks/roles/ssh/vars/main.yml
  204. +++ b/playbooks/roles/ssh/vars/main.yml
  205. @@ -1,5 +1,5 @@
  206. ---
  207. -ssh_rsa_host_key_size: "3072"
  208. +ssh_rsa_host_key_size: "4096"
  209. ssh_rsa_host_key_change_verification: "/etc/ssh/ssh_host_rsa_key_was_regenerated"
  210. ssh_rsa_host_private_key: "/etc/ssh/ssh_host_rsa_key"
  211. ssh_rsa_host_public_key: "{{ ssh_rsa_host_private_key }}.pub"
  212. diff --git a/playbooks/roles/tinyproxy/templates/tinyproxy.service.j2 b/playbooks/roles/tinyproxy/templates/tinyproxy.service.j2
  213. index 63a799a..47401a4 100644
  214. --- a/playbooks/roles/tinyproxy/templates/tinyproxy.service.j2
  215. +++ b/playbooks/roles/tinyproxy/templates/tinyproxy.service.j2
  216. @@ -7,7 +7,7 @@ Documentation=https://www.banu.com/tinyproxy/
  217. [Service]
  218. Type=forking
  219. PIDFile={{ tinyproxy_pid_file }}
  220. -ExecStart=/usr/sbin/tinyproxy -c {{ tinyproxy_conf_file }}
  221. +ExecStart=/usr/bin/tinyproxy -c {{ tinyproxy_conf_file }}
  222. ExecStop=/usr/bin/killall -9 tinyproxy
  223. ExecReload=/bin/kill -HUP $MAINPID
  224. PrivateTmp=true
  225. diff --git a/playbooks/roles/wireguard/tasks/install.yml b/playbooks/roles/wireguard/tasks/install.yml
  226. index 8e5aa7b..9c842d9 100644
  227. --- a/playbooks/roles/wireguard/tasks/install.yml
  228. +++ b/playbooks/roles/wireguard/tasks/install.yml
  229. @@ -11,11 +11,11 @@
  230. until: not wireguard_add_apt_repository.failed
  231. retries: "{{ apt_repository_retries }}"
  232. delay: "{{ apt_repository_delay }}"
  233. + when: ansible_os_family == "Ubuntu"
  234.  
  235. - name: Install the WireGuard packages
  236. apt:
  237. package:
  238. - linux-headers-{{ kernel_release.stdout }}
  239. - - linux-headers-generic
  240. - wireguard-dkms
  241. - wireguard-tools
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!