Merge branch 'master' of github.com:trailofbits/algo

8 years ago · ede452fad4
parent ee95846445 c5860cbc5d
commit ede452fad4
4 changed files with 34 additions and 15 deletions
--- a/deploy.yml
+++ b/deploy.yml
@ -38,3 +38,18 @@
  handlers:
    - name: reload eth0
      shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0'
  post_tasks:
    - shell: |
        echo "#----------------------------------------------------------------------#"
        echo "#                          Congratulations!                            #"
        echo "#                     Your Algo server is running.                     #"
        echo "#    Config files and certificates are in the ./configs/ directory.    #"
        echo "#              Go to https://whoer.net/ after connecting               #"
        echo "#        and ensure that all your traffic passes through the VPN.      #"
        echo "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
        echo "#----------------------------------------------------------------------#"
      tags: always
      register: congrats
    - debug: msg="{{ congrats.stdout_lines }}"
      tags: always
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -2,13 +2,17 @@
 - name: Gather Facts
  setup:
  tags:
    - always
 - name: Install software updates
  apt: update_cache=yes upgrade=dist
  tags:
    - cloud
 - name: Check if reboot is required
  shell: >
-    if [[ $(readlink -f /vmlinuz) != /boot/vmlinuz-$(uname -r) ]]; then echo "required"; else echo "no"; fi
+    if [[ -e /var/run/reboot-required ]]; then echo "required"; else echo "no"; fi
  args:
    executable: /bin/bash
  register: reboot_required
@ -43,6 +47,8 @@
  with_items:
    - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' }
    - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' }
  tags:
    - cloud
 - name: Install tools
  apt: name="{{ item }}" state=latest
@ -55,24 +61,36 @@
    - sendmail
    - iptables-persistent
    - cgroup-tools
  tags:
    - always
 - name: Loopback for services configured
  template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
  notify:
    - restart loopback
  tags:
    - always
 - name: Loopback included into the network config
  lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
  notify:
    - restart loopback
  tags:
    - always
 - meta: flush_handlers
  tags:
    - always
 - name: Enable packet forwarding for IPv4
  sysctl: name="{{ item }}" value=1
  with_items:
    - net.ipv4.ip_forward
    - net.ipv4.conf.all.forwarding
  tags:
    - always
 - name: Enable packet forwarding for IPv6
  sysctl: name=net.ipv6.conf.all.forwarding value=1
  tags:
    - always
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@ -12,15 +12,3 @@
 - name: restart iptables
  service: name=netfilter-persistent state=restarted
 - name: congrats
  debug:
    msg:
      - "#----------------------------------------------------------------------#"
      - "#                          Congratulations!                            #"
      - "#                     Your Algo server is running.                     #"
      - "#    Config files and certificates are in the ./configs/ directory.    #"
      - "#              Go to https://whoer.net/ after connecting               #"
      - "#        and ensure that all your traffic passes through the VPN.      #"
      - "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
      - "#----------------------------------------------------------------------#"
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -222,8 +222,6 @@
 - name: Fetch server CA certificate
  fetch: src=/{{ easyrsa_dir }}/easyrsa3/pki/ca.crt dest=configs/{{ IP_subject_alt_name }}_ca.crt flat=yes
  notify:
    - congrats
 - include: iptables.yml
  tags: iptables