Add ansible playbook for obfs4-openvpn server

.gitignore

@@ -0,0 +1,164 @@
+
+# Created by https://www.gitignore.io/api/macos,python,ansible
+# Edit at https://www.gitignore.io/?templates=macos,python,ansible
+
+### Ansible ###
+*.retry
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don’t work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# Downloaded files
+root@*
+
+# End of https://www.gitignore.io/api/macos,python,ansible

obfs4-openvpn-server/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+hostfile = hosts

obfs4-openvpn-server/hosts

@@ -0,0 +1,2 @@
+[vpnservers]
+#user@ip

obfs4-openvpn-server/obfs4.config

@@ -0,0 +1,5 @@
+TOR_PT_MANAGED_TRANSPORT_VER=1
+TOR_PT_STATE_LOCATION=/var/lib/tor/pt_state/obfs4
+TOR_PT_SERVER_TRANSPORTS=obfs4
+TOR_PT_SERVER_BINDADDR=obfs4-0.0.0.0:443
+TOR_PT_ORPORT=127.0.0.1:1194

obfs4-openvpn-server/obfs4proxy.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Obfsproxy Server
+
+[Service]
+EnvironmentFile=/var/lib/tor/pt_state/obfs4/obfs4.config
+ExecStart=/usr/bin/obfs4proxy -enableLogging true -logLevelStr INFO
+
+[Install]
+WantedBy=multi-user.target

obfs4-openvpn-server/playbook.yml

@@ -0,0 +1,54 @@
+- hosts: vpnservers
+  gather_facts: yes
+  become_user: root
+  tasks:
+  tasks:
+  - name: Install python 2
+    raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
+  - name: Download OpenVPN install script.
+    get_url:
+      url: https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
+      dest: /etc/openvpn-install.sh
+  - name: Install OpenVPN
+    command: bash /etc/openvpn-install.sh
+    environment:
+      APPROVE_INSTALL: y
+      APPROVE_IP: y
+      IPV6_SUPPORT: n
+      PORT_CHOICE: 1
+      PROTOCOL_CHOICE: 2
+      DNS: 7
+      COMPRESSION_ENABLED: n
+      CUSTOMIZE_ENC: n
+      CLIENT: client
+      PASS: 1
+  - name: Retrieve the OpenVPN client file.
+    fetch:
+      src: /root/client.ovpn
+      dest: .
+      mode: 0774
+  - name: Install obfsproxy
+    apt: pkg=obfs4proxy state=present
+  - name: Creates obfs4 directories
+    file:
+      path: /var/lib/tor/pt_state/obfs4
+      state: directory
+  - name: Copy obfs4 config from host to remote
+    copy:
+      src: obfs4.config
+      dest: /var/lib/tor/pt_state/obfs4/obfs4.config
+  - name: Create systemd service for obfs4
+    copy:
+      src: obfs4proxy.service
+      dest: /etc/systemd/system/obfs4proxy.service
+  - name: Enable the obfs4proxy systemd service
+    systemd:
+      name: obfs4proxy
+      state: started
+      enabled: yes
+  - name: Retrieve the obs4 cert key file.
+    fetch:
+      src: /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt
+      dest: .
+      mode: 0774
+