- hosts: vpnservers
  gather_facts: yes
  become_user: root
  tasks:
  - name: Check OpenVPN installation.
    stat: 
      path: /etc/openvpn/server.conf
    register: openvpn_config_file
  - name: Download OpenVPN install script.
    get_url:
      url: https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
      dest: /etc/openvpn-install.sh
    when: openvpn_config_file.stat.exists == false
  - name: Install OpenVPN.
    command: bash /etc/openvpn-install.sh
    environment:
      APPROVE_INSTALL: y
      APPROVE_IP: y
      IPV6_SUPPORT: n
      PORT_CHOICE: 1
      PROTOCOL_CHOICE: 2
      DNS: 7
      COMPRESSION_ENABLED: n
      CUSTOMIZE_ENC: n
      CLIENT: client
      PASS: 1
    when: openvpn_config_file.stat.exists == false
  - name: Fetch OpenVPN client file.
    fetch:
      src: /root/client.ovpn
      dest: .
      mode: 0774
  - name: Install Obfs4.
    apt: pkg=obfs4proxy state=present
  - name: Create Obfs4 config directories.
    file:
      path: /var/lib/tor/pt_state/obfs4
      state: directory
  - name: Copy Obfs4 config.
    copy:
      src: obfs4.config
      dest: /var/lib/tor/pt_state/obfs4/obfs4.config
  - name: Create a systemd service for Obfs4.
    copy:
      src: obfs4proxy.service
      dest: /etc/systemd/system/obfs4proxy.service
  - name: Enable the systemd service for Obfs4.
    systemd:
      name: obfs4proxy
      state: started
      enabled: yes
  - name: Fetch the Obfs4 certificate.
    fetch:
      src: /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt
      dest: .
      mode: 0774
  - name: Install Firewall
    apt: pkg=ufw state=present
  - name: Firewall - Limit ssh/tcp
    ufw:
      rule: limit
      port: ssh
      proto: tcp
  - name: Firewall - Limit 443/tcp
    ufw:
      rule: limit
      port: 443
      proto: tcp
  - name: Firewall - Enable
    ufw:
      state: enabled
      logging: on