From 8894dd0848131d343e0d60e9a3e40c8e37b51345 Mon Sep 17 00:00:00 2001
From: David Myers <dem@myersnet.net>
Date: Thu, 6 Aug 2020 12:09:15 -0400
Subject: [PATCH] Discontinue use of the WireGuard PPA (#1855)

* Discontinue use of the WireGuard PPA

* Add instructions to update the system

* Change reboot instruction
---
 .github/workflows/main.yml                    |  2 --
 docs/client-linux-wireguard.md                | 12 ++++++----
 docs/faq.md                                   |  2 +-
 roles/common/defaults/main.yml                |  2 +-
 .../files/50-wireguard-unattended-upgrades    |  4 ----
 roles/wireguard/tasks/ubuntu.yml              | 24 -------------------
 6 files changed, 9 insertions(+), 37 deletions(-)
 delete mode 100644 roles/wireguard/files/50-wireguard-unattended-upgrades

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e0187ab..a3d9695 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -39,7 +39,6 @@ jobs:
       - name: Install dependencies
         run: |
           sudo apt update -y
-          sudo add-apt-repository -yu ppa:wireguard/wireguard
           sudo apt install -y \
             python3-pip \
             lxd \
@@ -108,7 +107,6 @@ jobs:
       - name: Install dependencies
         run: |
           set -x
-          sudo add-apt-repository -yu ppa:wireguard/wireguard
           sudo add-apt-repository -yu ppa:ubuntu-lxc/stable
           sudo apt update -y
           sudo apt install -y \
diff --git a/docs/client-linux-wireguard.md b/docs/client-linux-wireguard.md
index 848e3a2..cd47db2 100644
--- a/docs/client-linux-wireguard.md
+++ b/docs/client-linux-wireguard.md
@@ -2,14 +2,16 @@
 
 ## Install WireGuard
 
-To connect to your AlgoVPN using [WireGuard](https://www.wireguard.com) from Ubuntu, first install WireGuard:
+To connect to your AlgoVPN using [WireGuard](https://www.wireguard.com) from Ubuntu, make sure your system is up-to-date then install WireGuard:
 
 ```shell
-# Ubuntu 16.04 only: Add the WireGuard repository
-sudo add-apt-repository ppa:wireguard/wireguard
-sudo apt update
+# Update your system:
+sudo apt update && sudo apt upgrade
 
-# Install the tools:
+# If the file /var/run/reboot-required exists then reboot:
+[ -e /var/run/reboot-required ] && sudo reboot
+
+# Install WireGuard:
 sudo apt install wireguard openresolv
 ```
 
diff --git a/docs/faq.md b/docs/faq.md
index 375d91e..109093e 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -21,7 +21,7 @@ No. This project is under active development. We're happy to [accept and fix iss
 
 ## What's the current status of WireGuard?
 
-[WireGuard reached "stable" 1.0.0 release](https://lists.zx2c4.com/pipermail/wireguard/2020-March/005206.html) in Spring 2020. It has undergone [substantial](https://www.wireguard.com/formal-verification/) security review. Releases are tagged with their build date -- "0.0.YYYYMMDD" -- and users should be advised to apply new updates when they are available. Your Algo server will automatically upgrade and restart WireGuard. For Ubuntu 18.04 LTS, it will retrieve updates from the [official WireGuard PPA for Ubuntu](https://launchpad.net/~wireguard/+archive/ubuntu/wireguard) by default.
+[WireGuard reached "stable" 1.0.0 release](https://lists.zx2c4.com/pipermail/wireguard/2020-March/005206.html) in Spring 2020. It has undergone [substantial](https://www.wireguard.com/formal-verification/) security review.
 
 ## Why aren't you using Tor?
 
diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
index 4a2c6de..bf29472 100644
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-install_headers: true
+install_headers: false
 aip_supported_providers:
   - digitalocean
 snat_aipv4: false
diff --git a/roles/wireguard/files/50-wireguard-unattended-upgrades b/roles/wireguard/files/50-wireguard-unattended-upgrades
deleted file mode 100644
index b1ffc97..0000000
--- a/roles/wireguard/files/50-wireguard-unattended-upgrades
+++ /dev/null
@@ -1,4 +0,0 @@
-// Automatically upgrade packages from these (origin:archive) pairs
-Unattended-Upgrade::Allowed-Origins {
-    "LP-PPA-wireguard-wireguard:${distro_codename}";
-};
diff --git a/roles/wireguard/tasks/ubuntu.yml b/roles/wireguard/tasks/ubuntu.yml
index c7cab99..700cbd9 100644
--- a/roles/wireguard/tasks/ubuntu.yml
+++ b/roles/wireguard/tasks/ubuntu.yml
@@ -1,34 +1,10 @@
 ---
-- block:
-  - name: WireGuard repository configured
-    apt_repository:
-      repo: ppa:wireguard/wireguard
-      state: present
-    register: result
-    until: result is succeeded
-    retries: 10
-    delay: 3
-
-  - name: Configure unattended-upgrades
-    copy:
-      src: 50-wireguard-unattended-upgrades
-      dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
-      owner: root
-      group: root
-      mode: 0644
-  when: ansible_facts['distribution_version'] is version('20.04', '<')
-
 - name: WireGuard installed
   apt:
     name: wireguard
     state: present
     update_cache: true
 
-- name: WireGuard reload-module-on-update
-  file:
-    dest: /etc/wireguard/.reload-module-on-update
-    state: touch
-
 - name: Set OS specific facts
   set_fact:
     service_name: "wg-quick@{{ wireguard_interface }}"