diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-16 04:25:09 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-16 04:25:09 -0400 |
commit | bd4b8406ddf02f6223fc1f508c4102d42765ead7 (patch) | |
tree | 50262362fe8b1ac1577d3aa9144e5099c4c312e7 /bin | |
parent | d78e3fe6779b8bccfcc3c05bb5c601de6ffa45ef (diff) | |
download | puppet-tozt-bd4b8406ddf02f6223fc1f508c4102d42765ead7.tar.gz puppet-tozt-bd4b8406ddf02f6223fc1f508c4102d42765ead7.zip |
support managing algo instances
Diffstat (limited to 'bin')
-rw-r--r-- | bin/helpers/algo-config.diff | 45 | ||||
-rwxr-xr-x | bin/helpers/launch-algo | 60 | ||||
-rwxr-xr-x | bin/launch | 4 | ||||
-rwxr-xr-x | bin/terminate | 2 |
4 files changed, 108 insertions, 3 deletions
diff --git a/bin/helpers/algo-config.diff b/bin/helpers/algo-config.diff new file mode 100644 index 0000000..662b165 --- /dev/null +++ b/bin/helpers/algo-config.diff @@ -0,0 +1,45 @@ +diff --git i/config.cfg w/config.cfg +index d61e404..003308a 100644 +--- i/config.cfg ++++ w/config.cfg +@@ -3,8 +3,11 @@ + # Add as many users as you want for your VPN server here. + # Credentials will be generated for each one. + users: +- - dan +- - jack ++ - hush ++ - bishamon ++ - phone ++ - tozt ++ - mail + + # NOTE: If your usernames have leading 0's, like "000dan", you have to escape them + +@@ -26,7 +29,7 @@ wireguard_port: 51820 + # - https://github.com/trailofbits/algo/issues/216 + # - https://github.com/trailofbits/algo/issues?utf8=%E2%9C%93&q=is%3Aissue%20mtu + # - https://serverfault.com/questions/601143/ssh-not-working-over-ipsec-tunnel-strongswan +-#max_mss: 1316 ++max_mss: 1316 + + # StrongSwan log level + # https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration +@@ -82,7 +85,7 @@ VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}" + CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}" + + # Block traffic between connected clients +-BetweenClients_DROP: true ++BetweenClients_DROP: false + + congrats: + common: | +@@ -113,7 +116,7 @@ cloud_providers: + digitalocean: + size: s-1vcpu-1gb + image: "ubuntu-18-04-x64" +- floating_ip: false ++ floating_ip: "165.227.249.213" + # Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest. + # Warning: the Algo script will take approximately 6 minutes longer to complete. + # Also note that the documented AWS minimum permissions aren't sufficient. diff --git a/bin/helpers/launch-algo b/bin/helpers/launch-algo new file mode 100755 index 0000000..06260b7 --- /dev/null +++ b/bin/helpers/launch-algo @@ -0,0 +1,60 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +script_path="$(realpath "$(dirname "$0")")" +secrets_bin="${script_path}/../secrets" + +"$secrets_bin" open + +cd /mnt/algo/algo +git reset --hard +git clean -dfx +git pull +git apply "${script_path}/algo-config.diff" + +# using tmpdir as a virtualenv because the tozt-secrets filesystem is too small +# to hold the whole python installation +envdir="$(mktemp --tmpdir -d launch-algo.XXXXXXXXXX)" +cleanup() { + if perl -e'exit 1 unless $ARGV[0] =~ m{^/tmp/launch-algo.*$}' "$envdir"; then + rm -rf "$envdir" + fi + + cd + "$secrets_bin" close +} +trap cleanup EXIT + +python2 -m virtualenv --python="$(command -v python2)" "$envdir" +set +eu +# shellcheck disable=SC1090 +. "$envdir"/bin/activate +set -eu + +logfile="/mnt/algo/algo-log-$(date +%s).log" +latest_logfile=/mnt/algo/algo-log-latest.log +touch "$logfile" +ln -sf "$(basename "$logfile")" "$latest_logfile" +echo "Logging to $latest_logfile" + +echo "Installing dependencies..." +python -m pip install -U pip >> "$logfile" +python -m pip install -r requirements.txt >> "$logfile" +echo "done." + +echo "Running Ansible..." +do_token=$(cat /mnt/algo/algo-digitalocean) +ansible-playbook main.yml -e " + provider=digitalocean + server_name=algo + ondemand_cellular=false + ondemand_wifi=false + local_dns=false + ssh_tunneling=true + windows=false + store_cakey=true + region=nyc3 + do_token=$do_token +" >> "$logfile" +echo "done." @@ -3,8 +3,8 @@ set -eu set -o pipefail case "$1" in - tozt) - "$(dirname "$0")"/helpers/launch-tozt + tozt|algo) + "$(dirname "$0")/helpers/launch-$1" ;; *) echo "unknown host $1" >&2 diff --git a/bin/terminate b/bin/terminate index 2805abb..7631206 100755 --- a/bin/terminate +++ b/bin/terminate @@ -3,7 +3,7 @@ set -eu set -o pipefail case "$1" in - tozt) + tozt|algo) doctl compute droplet delete "$1" ;; *) |