Merge branch 'master' of github.com:trailofbits/algo

deploy.yml

@@ -38,3 +38,18 @@
   handlers:
     - name: reload eth0
       shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'
+
+  post_tasks:
+    - shell: |
+        echo "#----------------------------------------------------------------------#"
+        echo "#                          Congratulations!                            #"
+        echo "#                     Your Algo server is running.                     #"
+        echo "#    Config files and certificates are in the ./configs/ directory.    #"
+        echo "#              Go to https://whoer.net/ after connecting               #"
+        echo "#        and ensure that all your traffic passes through the VPN.      #"
+        echo "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
+        echo "#----------------------------------------------------------------------#"
+      tags: always
+      register: congrats
+    - debug: msg="{{ congrats.stdout_lines }}"
+      tags: always

roles/common/tasks/main.yml

@@ -2,13 +2,17 @@
 
 - name: Gather Facts
   setup:
+  tags:
+    - always
 
 - name: Install software updates
   apt: update_cache=yes upgrade=dist
+  tags:
+    - cloud
 
 - name: Check if reboot is required
   shell: >
-    if [[ $(readlink -f /vmlinuz) != /boot/vmlinuz-$(uname -r) ]]; then echo "required"; else echo "no"; fi
+    if [[ -e /var/run/reboot-required ]]; then echo "required"; else echo "no"; fi
   args:
     executable: /bin/bash
   register: reboot_required
@@ -43,6 +47,8 @@
   with_items:
     - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' }
     - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' }
+  tags:
+    - cloud
 
 - name: Install tools
   apt: name="{{ item }}" state=latest
@@ -55,24 +61,36 @@
     - sendmail
     - iptables-persistent
     - cgroup-tools
+  tags:
+    - always
 
 - name: Loopback for services configured
   template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
   notify:
     - restart loopback
+  tags:
+    - always
 
 - name: Loopback included into the network config
   lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
   notify:
     - restart loopback
+  tags:
+    - always
 
 - meta: flush_handlers
+  tags:
+    - always
 
 - name: Enable packet forwarding for IPv4
   sysctl: name="{{ item }}" value=1
   with_items:
     - net.ipv4.ip_forward
     - net.ipv4.conf.all.forwarding
+  tags:
+    - always
 
 - name: Enable packet forwarding for IPv6
   sysctl: name=net.ipv6.conf.all.forwarding value=1
+  tags:
+    - always

roles/vpn/handlers/main.yml

@@ -12,15 +12,3 @@
 
 - name: restart iptables
   service: name=netfilter-persistent state=restarted
-
-- name: congrats
-  debug:
-    msg:
-      - "#----------------------------------------------------------------------#"
-      - "#                          Congratulations!                            #"
-      - "#                     Your Algo server is running.                     #"
-      - "#    Config files and certificates are in the ./configs/ directory.    #"
-      - "#              Go to https://whoer.net/ after connecting               #"
-      - "#        and ensure that all your traffic passes through the VPN.      #"
-      - "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
-      - "#----------------------------------------------------------------------#"

roles/vpn/tasks/main.yml

@@ -222,8 +222,6 @@
 
 - name: Fetch server CA certificate
   fetch: src=/{{ easyrsa_dir }}/easyrsa3/pki/ca.crt dest=configs/{{ IP_subject_alt_name }}_ca.crt flat=yes
-  notify:
-    - congrats
 
 - include: iptables.yml
   tags: iptables