dnutiu/ansible-playbooks
dnutiu/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve openvpn+obfs4 recipe

Browse source
This commit is contained in:
Denis-Cosmin Nutiu 2019-04-14 14:00:11 +03:00
parent c987354d0f
commit 8dc2bc4040
3 changed files with 35 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
obfs4-openvpn-server/ansible.cfg
View file

@ -1,2 +1,3 @@
[defaults]
hostfile = hosts
host_key_checking = False

5
obfs4-openvpn-server/hosts
View file

@ -1 +1,4 @@
[vpnservers]
[vpnservers]
[vpnservers:vars]
ansible_python_interpreter=/usr/bin/python3

40
obfs4-openvpn-server/playbook.yml
View file

@ -2,13 +2,16 @@
gather_facts: yes
become_user: root
tasks:
- name: Install python 2
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
- name: Check OpenVPN installation.
stat:
path: /etc/openvpn/server.conf
register: openvpn_config_file
- name: Download OpenVPN install script.
get_url:
url: https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
dest: /etc/openvpn-install.sh
- name: Install OpenVPN
when: openvpn_config_file.stat.exists == false
- name: Install OpenVPN.
command: bash /etc/openvpn-install.sh
environment:
APPROVE_INSTALL: y
@ -21,33 +24,50 @@
CUSTOMIZE_ENC: n
CLIENT: client
PASS: 1
- name: Retrieve the OpenVPN client file.
when: openvpn_config_file.stat.exists == false
- name: Fetch OpenVPN client file.
fetch:
src: /root/client.ovpn
dest: .
mode: 0774
- name: Install obfsproxy
- name: Install Obfs4.
apt: pkg=obfs4proxy state=present
- name: Creates obfs4 directories
- name: Create Obfs4 config directories.
file:
path: /var/lib/tor/pt_state/obfs4
state: directory
- name: Copy obfs4 config from host to remote
- name: Copy Obfs4 config.
copy:
src: obfs4.config
dest: /var/lib/tor/pt_state/obfs4/obfs4.config
- name: Create systemd service for obfs4
- name: Create a systemd service for Obfs4.
copy:
src: obfs4proxy.service
dest: /etc/systemd/system/obfs4proxy.service
- name: Enable the obfs4proxy systemd service
- name: Enable the systemd service for Obfs4.
systemd:
name: obfs4proxy
state: started
enabled: yes
- name: Retrieve the obs4 cert key file.
- name: Fetch the Obfs4 certificate.
fetch:
src: /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt
dest: .
mode: 0774
- name: Install Firewall
apt: pkg=ufw state=present
- name: Firewall - Limit ssh/tcp
ufw:
rule: limit
port: ssh
proto: tcp
- name: Firewall - Limit 443/tcp
ufw:
rule: limit
port: 443
proto: tcp
- name: Firewall - Enable
ufw:
state: enabled
logging: on