diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..8a675850c1729634a6844c6bb8052bdd8a553b13
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,28 @@
+# OS generated files #
+######################
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Python #
+######################
+*.pyc
+*.pyo
+
+# Emacs, VI #
+######################
+*~
+*.bak
+*.swp
+*.swo
+*#
+.*#
+
+# Ansible #
+######################
+*.retry
+
diff --git a/README.md b/README.md
index 9d05891eeaf82b4de43acf0b6c878b8c94b16b96..16c1c228852ff81e7daa3fae0aebedbe650c0e1b 100644
--- a/README.md
+++ b/README.md
@@ -50,12 +50,32 @@ Execute the command (note that we override `ansible_user` with the `-e` switch,
so it matches the generic user created during server installation)::
ansible-playbook -e "ansible_user=ubuntu" -v -i inventory.yml playbooks/bootstrapconfig.yml
-Installation
-------------
+Installation and Configuration
+------------------------------
+Inspect file `group_vars/authca` and change relevant information, to match
+your organization (country, province, city, organization name, email, organization unit).
+Note that you won't be able to change those, afterwards.
+Execute the `setup.yml` playbook::
+ ansible-playbook -v -i inventory.yml playbooks/setup.yml
+which will take care of:
+ * installing some useful packages (see list in file `roles/setup/vars/Debian.yml`), as well as `openvpn` and `easyRSA`
+ (this latter, by cloning the Git repository).
+ * on *authca*: create EasyRSA vars file, out of dictionary in `group_vars/authca`
+ * execute `./easyrsa init`
+ * on *authca*: execute `./easyrsa build-ca nopass`
+
+At this point, you have created the CA.crt and CA.key files on `authca`.
+
+
+...
+
+to be continued
+
+...
License
diff --git a/group_vars/authca b/group_vars/authca
new file mode 100644
index 0000000000000000000000000000000000000000..388408ef7b324e22fb3f84f0b67ab85642976113
--- /dev/null
+++ b/group_vars/authca
@@ -0,0 +1,9 @@
+easyrsa_vars:
+ EASYRSA_REQ_COUNTRY: '"IT"'
+ EASYRSA_REQ_PROVINCE: '"Lazio"'
+ EASYRSA_REQ_CITY: '"Roma"'
+ EASYRSA_REQ_ORG: '"Pretty Org Co"'
+ EASYRSA_REQ_EMAIL: '"someone@some.where.net"'
+ EASYRSA_REQ_OU: '"Brilliant Organization Unit"'
+
+easyrsaDNstring: '"My org Root CA"'
\ No newline at end of file
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
new file mode 100644
index 0000000000000000000000000000000000000000..597444a2ff2d781a8420c34a251a1fe9edcd2633
--- /dev/null
+++ b/playbooks/setup.yml
@@ -0,0 +1,9 @@
+---
+# Install softwares, Very first operations to be possibly done right after installation
+
+- hosts: all
+ become: True
+ roles:
+ - setup
+
+
diff --git a/roles/bootstrap/meta/main.yml b/roles/bootstrap/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0072ec1ceb3e8589419cc7cc04231ab6b678b10b
--- /dev/null
+++ b/roles/bootstrap/meta/main.yml
@@ -0,0 +1,210 @@
+galaxy_info:
+ author: your name
+ description: your description
+ company: your company (optional)
+
+ # If the issue tracker for your role is not on github, uncomment the
+ # next line and provide a value
+ # issue_tracker_url: http://example.com/issue/tracker
+
+ # Some suggested licenses:
+ # - BSD (default)
+ # - MIT
+ # - GPLv2
+ # - GPLv3
+ # - Apache
+ # - CC-BY
+ license: license (GPLv2, CC-BY, etc)
+
+ min_ansible_version: 1.2
+
+ # Optionally specify the branch Galaxy will use when accessing the GitHub
+ # repo for this role. During role install, if no tags are available,
+ # Galaxy will use this branch. During import Galaxy will access files on
+ # this branch. If travis integration is cofigured, only notification for this
+ # branch will be accepted. Otherwise, in all cases, the repo's default branch
+ # (usually master) will be used.
+ #github_branch:
+
+ #
+ # Below are all platforms currently available. Just uncomment
+ # the ones that apply to your role. If you don't see your
+ # platform on this list, let us know and we'll get it added!
+ #
+ #platforms:
+ #- name: OpenBSD
+ # versions:
+ # - all
+ # - 5.6
+ # - 5.7
+ # - 5.8
+ # - 5.9
+ # - 6.0
+ #- name: Fedora
+ # versions:
+ # - all
+ # - 16
+ # - 17
+ # - 18
+ # - 19
+ # - 20
+ # - 21
+ # - 22
+ # - 23
+ # - 24
+ #- name: DellOS
+ # versions:
+ # - all
+ # - 10
+ # - 6
+ # - 9
+ #- name: MacOSX
+ # versions:
+ # - all
+ # - 10.10
+ # - 10.11
+ # - 10.12
+ # - 10.7
+ # - 10.8
+ # - 10.9
+ #- name: Junos
+ # versions:
+ # - all
+ # - any
+ #- name: GenericBSD
+ # versions:
+ # - all
+ # - any
+ #- name: Void Linux
+ # versions:
+ # - all
+ # - any
+ #- name: GenericLinux
+ # versions:
+ # - all
+ # - any
+ #- name: NXOS
+ # versions:
+ # - all
+ # - any
+ #- name: IOS
+ # versions:
+ # - all
+ # - any
+ #- name: Amazon
+ # versions:
+ # - all
+ # - 2013.03
+ # - 2013.09
+ # - 2016.03
+ #- name: ArchLinux
+ # versions:
+ # - all
+ # - any
+ #- name: FreeBSD
+ # versions:
+ # - all
+ # - 10.0
+ # - 10.1
+ # - 10.2
+ # - 10.3
+ # - 8.0
+ # - 8.1
+ # - 8.2
+ # - 8.3
+ # - 8.4
+ # - 9.0
+ # - 9.1
+ # - 9.1
+ # - 9.2
+ # - 9.3
+ #- name: Ubuntu
+ # versions:
+ # - all
+ # - lucid
+ # - maverick
+ # - natty
+ # - oneiric
+ # - precise
+ # - quantal
+ # - raring
+ # - saucy
+ # - trusty
+ # - utopic
+ # - vivid
+ # - wily
+ # - xenial
+ #- name: Debian
+ # versions:
+ # - all
+ # - etch
+ # - jessie
+ # - lenny
+ # - sid
+ # - squeeze
+ # - stretch
+ # - wheezy
+ #- name: EL
+ # versions:
+ # - all
+ # - 5
+ # - 6
+ # - 7
+ #- name: Windows
+ # versions:
+ # - all
+ # - 2012R2
+ #- name: SmartOS
+ # versions:
+ # - all
+ # - any
+ #- name: opensuse
+ # versions:
+ # - all
+ # - 12.1
+ # - 12.2
+ # - 12.3
+ # - 13.1
+ # - 13.2
+ #- name: SLES
+ # versions:
+ # - all
+ # - 10SP3
+ # - 10SP4
+ # - 11
+ # - 11SP1
+ # - 11SP2
+ # - 11SP3
+ # - 11SP4
+ # - 12
+ # - 12SP1
+ #- name: GenericUNIX
+ # versions:
+ # - all
+ # - any
+ #- name: Solaris
+ # versions:
+ # - all
+ # - 10
+ # - 11.0
+ # - 11.1
+ # - 11.2
+ # - 11.3
+ #- name: eos
+ # versions:
+ # - all
+ # - Any
+
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is
+ # a keyword that describes and categorizes the role.
+ # Users find roles by searching for tags. Be sure to
+ # remove the '[]' above if you add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of
+ # alphanumeric characters. Maximum 20 tags per role.
+
+dependencies: []
+ # List your role dependencies here, one per line.
+ # Be sure to remove the '[]' above if you add dependencies
+ # to this list.
\ No newline at end of file
diff --git a/roles/setup/README.md b/roles/setup/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..225dd44b9fc5b3abff7e9c68ff9e91d505cdd5f0
--- /dev/null
+++ b/roles/setup/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+ - hosts: servers
+ roles:
+ - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/roles/setup/defaults/main.yml b/roles/setup/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..75c425169e0a8a4db325db5005d424d384b60512
--- /dev/null
+++ b/roles/setup/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for setup
\ No newline at end of file
diff --git a/roles/setup/handlers/main.yml b/roles/setup/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..29dbaa7d4b158a7105cb8ea2cdd5137e0c90e542
--- /dev/null
+++ b/roles/setup/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for setup
\ No newline at end of file
diff --git a/roles/setup/meta/main.yml b/roles/setup/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..72237997416054b6ceb4dcba9ceeb992ab8e7f71
--- /dev/null
+++ b/roles/setup/meta/main.yml
@@ -0,0 +1,57 @@
+galaxy_info:
+ author: your name
+ description: your description
+ company: your company (optional)
+
+ # If the issue tracker for your role is not on github, uncomment the
+ # next line and provide a value
+ # issue_tracker_url: http://example.com/issue/tracker
+
+ # Some suggested licenses:
+ # - BSD (default)
+ # - MIT
+ # - GPLv2
+ # - GPLv3
+ # - Apache
+ # - CC-BY
+ license: license (GPLv2, CC-BY, etc)
+
+ min_ansible_version: 1.2
+
+ # If this a Container Enabled role, provide the minimum Ansible Container version.
+ # min_ansible_container_version:
+
+ # Optionally specify the branch Galaxy will use when accessing the GitHub
+ # repo for this role. During role install, if no tags are available,
+ # Galaxy will use this branch. During import Galaxy will access files on
+ # this branch. If Travis integration is configured, only notifications for this
+ # branch will be accepted. Otherwise, in all cases, the repo's default branch
+ # (usually master) will be used.
+ #github_branch:
+
+ #
+ # platforms is a list of platforms, and each platform has a name and a list of versions.
+ #
+ # platforms:
+ # - name: Fedora
+ # versions:
+ # - all
+ # - 25
+ # - name: SomePlatform
+ # versions:
+ # - all
+ # - 1.0
+ # - 7
+ # - 99.99
+
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is a keyword that describes
+ # and categorizes the role. Users find roles by searching for tags. Be sure to
+ # remove the '[]' above, if you add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+ # Maximum 20 tags per role.
+
+dependencies: []
+ # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+ # if you add dependencies to this list.
\ No newline at end of file
diff --git a/roles/setup/tasks/loadVariables.yml b/roles/setup/tasks/loadVariables.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d1279cc959356363f1ba3820f68ad5049622f793
--- /dev/null
+++ b/roles/setup/tasks/loadVariables.yml
@@ -0,0 +1,18 @@
+---
+# load Variables specific for distribution
+
+### get_distribution
+- name: load variables based on OS type, or get default values
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "../vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version | int}}.yml"
+ - "../vars/{{ ansible_distribution }}.yml"
+ - "../vars/{{ ansible_os_family }}.yml"
+ - "../vars/main.yml"
+ check_mode: no
+ tags: always
+
+- name: Print a debug message
+ debug: "msg='{{ ansible_os_family }}'"
+ tags: always
+
diff --git a/roles/setup/tasks/main.yml b/roles/setup/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bfbbc4d0fc7c98989411b91441c2bd8957b22813
--- /dev/null
+++ b/roles/setup/tasks/main.yml
@@ -0,0 +1,96 @@
+---
+# tasks file for setup
+
+### get_distribution
+- include: loadVariables.yml
+
+### Install base repositories and packages
+
+- name: install Debian/Ubuntu repository keys, see under vars/
+ apt_key:
+ url: "{{ item }}"
+ state: present
+ with_items:
+ - "{{ extrakeys }}"
+ when: ansible_os_family == 'Debian' and (extrakeys is defined) and (extrakeys is not none) and (extrakeys | trim != '')
+
+- name: Debian/Ubuntu update package cache
+ apt:
+ update_cache: yes
+ when: ansible_os_family == 'Debian'
+
+- name: install useful apt repositories, see under vars/
+ apt_repository:
+ repo: "{{ item }}"
+ state: present
+ update_cache: yes
+ with_items:
+ - "{{ extrarepos }}"
+ when: ansible_os_family == 'Debian' and (extrarepos is defined) and (extrarepos is not none) and (extrarepos | trim != '')
+
+- name: install useful packages, see under vars/
+ package: name={{ item }} state=latest
+ with_items:
+ - "{{ extrapackages }}"
+
+### Install specific packages
+
+- name: install useful packages, see under vars/
+ package: name={{ item }} state=latest
+ with_items:
+ - openvpn
+ when:
+ - inventory_hostname in groups['openvpn']
+
+### Install EasyRSA
+
+- name: prepare destination directory
+ file:
+ state: directory
+ path: "{{ easyrsaBasedir }}"
+
+- name: clone EasyRSA Git repository
+ git:
+ repo: https://github.com/OpenVPN/easy-rsa.git
+ dest: "{{ easyrsaBasedir }}"
+ update: no
+
+
+### Create EasyRSA vars file
+
+- name: configure variables for EasyRSA
+ block:
+ - name: create vars file from example
+ shell: cp -p vars.example vars
+ args:
+ creates: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}/vars"
+ chdir: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}"
+ - name: update variables in vars file
+ lineinfile:
+ path: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}/vars"
+ regexp: '{{ item.key }}'
+ insertafter: '^#.*{{ item.key }}'
+ line: 'set_var {{ item.key }} {{ item.value }}'
+ with_dict:
+ - "{{ easyrsa_vars }}"
+
+ when:
+ - inventory_hostname in groups['authca']
+
+
+### Initialize EasyRSA
+
+- name: execute init-pki
+ shell: ./easyrsa init-pki
+ args:
+ chdir: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}"
+ creates: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}/pki"
+
+- name: create CA certificates
+ shell: ./easyrsa build-ca nopass
+ args:
+ chdir: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}"
+ creates: "{{ easyrsaBasedir }}/{{ easyrsaSubdir }}/pki/ca.crt"
+ stdin: "{{ easyrsaDNstring | default('Root CA') }}"
+ when:
+ - inventory_hostname in groups['authca']
diff --git a/roles/setup/tests/inventory b/roles/setup/tests/inventory
new file mode 100644
index 0000000000000000000000000000000000000000..878877b0776c44f55fc4e458f70840f31da5bb01
--- /dev/null
+++ b/roles/setup/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/roles/setup/tests/test.yml b/roles/setup/tests/test.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c1e233b942830a25e81ae86aabb084e9cd2b6a2c
--- /dev/null
+++ b/roles/setup/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+ remote_user: root
+ roles:
+ - setup
\ No newline at end of file
diff --git a/roles/setup/vars/Debian.yml b/roles/setup/vars/Debian.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5b4cd1ceb8dcb254873ba12729c9d163d9d1be14
--- /dev/null
+++ b/roles/setup/vars/Debian.yml
@@ -0,0 +1,10 @@
+
+extrarepos:
+#
+
+extrapackages:
+ - telnet
+ - traceroute
+ - curl
+ - git
+
diff --git a/roles/setup/vars/main.yml b/roles/setup/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ac46c709acaa2d66ad7a9d318057a956e6f375ff
--- /dev/null
+++ b/roles/setup/vars/main.yml
@@ -0,0 +1,5 @@
+---
+# vars file for setup
+
+easyrsaBasedir: /home/easyrsa
+easyrsaSubdir: easyrsa3