From 4762f3d96e5495d7d40bbac7346ff8363846f760 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Denis=20Nu=C8=9Biu?= <denis.nutiu@gmail.com>
Date: Thu, 11 Apr 2019 23:54:22 +0300
Subject: [PATCH] Add ansible playbook for obfs4-openvpn server

---
 .gitignore                              | 164 ++++++++++++++++++++++++
 obfs4-openvpn-server/ansible.cfg        |   2 +
 obfs4-openvpn-server/hosts              |   2 +
 obfs4-openvpn-server/obfs4.config       |   5 +
 obfs4-openvpn-server/obfs4proxy.service |   9 ++
 obfs4-openvpn-server/playbook.yml       |  54 ++++++++
 6 files changed, 236 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 obfs4-openvpn-server/ansible.cfg
 create mode 100644 obfs4-openvpn-server/hosts
 create mode 100644 obfs4-openvpn-server/obfs4.config
 create mode 100644 obfs4-openvpn-server/obfs4proxy.service
 create mode 100755 obfs4-openvpn-server/playbook.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..35f3568
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,164 @@
+
+# Created by https://www.gitignore.io/api/macos,python,ansible
+# Edit at https://www.gitignore.io/?templates=macos,python,ansible
+
+### Ansible ###
+*.retry
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don’t work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# Downloaded files
+root@*
+
+# End of https://www.gitignore.io/api/macos,python,ansible
\ No newline at end of file
diff --git a/obfs4-openvpn-server/ansible.cfg b/obfs4-openvpn-server/ansible.cfg
new file mode 100644
index 0000000..3653316
--- /dev/null
+++ b/obfs4-openvpn-server/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+hostfile = hosts
diff --git a/obfs4-openvpn-server/hosts b/obfs4-openvpn-server/hosts
new file mode 100644
index 0000000..029ebbc
--- /dev/null
+++ b/obfs4-openvpn-server/hosts
@@ -0,0 +1,2 @@
+[vpnservers]
+#user@ip
\ No newline at end of file
diff --git a/obfs4-openvpn-server/obfs4.config b/obfs4-openvpn-server/obfs4.config
new file mode 100644
index 0000000..672fd1a
--- /dev/null
+++ b/obfs4-openvpn-server/obfs4.config
@@ -0,0 +1,5 @@
+TOR_PT_MANAGED_TRANSPORT_VER=1
+TOR_PT_STATE_LOCATION=/var/lib/tor/pt_state/obfs4
+TOR_PT_SERVER_TRANSPORTS=obfs4
+TOR_PT_SERVER_BINDADDR=obfs4-0.0.0.0:443
+TOR_PT_ORPORT=127.0.0.1:1194
\ No newline at end of file
diff --git a/obfs4-openvpn-server/obfs4proxy.service b/obfs4-openvpn-server/obfs4proxy.service
new file mode 100644
index 0000000..1ab046d
--- /dev/null
+++ b/obfs4-openvpn-server/obfs4proxy.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Obfsproxy Server
+
+[Service]
+EnvironmentFile=/var/lib/tor/pt_state/obfs4/obfs4.config
+ExecStart=/usr/bin/obfs4proxy -enableLogging true -logLevelStr INFO
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/obfs4-openvpn-server/playbook.yml b/obfs4-openvpn-server/playbook.yml
new file mode 100755
index 0000000..ed509e7
--- /dev/null
+++ b/obfs4-openvpn-server/playbook.yml
@@ -0,0 +1,54 @@
+- hosts: vpnservers
+  gather_facts: yes
+  become_user: root
+  tasks:
+  tasks:
+  - name: Install python 2
+    raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
+  - name: Download OpenVPN install script.
+    get_url:
+      url: https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
+      dest: /etc/openvpn-install.sh
+  - name: Install OpenVPN
+    command: bash /etc/openvpn-install.sh
+    environment:
+      APPROVE_INSTALL: y
+      APPROVE_IP: y
+      IPV6_SUPPORT: n
+      PORT_CHOICE: 1
+      PROTOCOL_CHOICE: 2
+      DNS: 7
+      COMPRESSION_ENABLED: n
+      CUSTOMIZE_ENC: n
+      CLIENT: client
+      PASS: 1
+  - name: Retrieve the OpenVPN client file.
+    fetch:
+      src: /root/client.ovpn
+      dest: .
+      mode: 0774
+  - name: Install obfsproxy
+    apt: pkg=obfs4proxy state=present
+  - name: Creates obfs4 directories
+    file:
+      path: /var/lib/tor/pt_state/obfs4
+      state: directory
+  - name: Copy obfs4 config from host to remote
+    copy:
+      src: obfs4.config
+      dest: /var/lib/tor/pt_state/obfs4/obfs4.config
+  - name: Create systemd service for obfs4
+    copy:
+      src: obfs4proxy.service
+      dest: /etc/systemd/system/obfs4proxy.service
+  - name: Enable the obfs4proxy systemd service
+    systemd:
+      name: obfs4proxy
+      state: started
+      enabled: yes
+  - name: Retrieve the obs4 cert key file.
+    fetch:
+      src: /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt
+      dest: .
+      mode: 0774
+  
\ No newline at end of file