somewhat cleaner

StreisandEffect · Sep 30, 2018 · c987e62 · c987e62
1 parent 17a4e89
commit c987e62
Show file tree

Hide file tree

Showing 15 changed files with 261 additions and 80 deletions.
diff --git a/global_vars/vars.yml b/global_vars/vars.yml
@@ -1,7 +1,7 @@
 ---
 upstream_dns_servers:
-  - 8.8.8.8
-  - 8.8.4.4
+  - 1.1.1.1
+  - 1.0.0.1
 
 streisand_client_test: no
 

diff --git a/playbooks/roles/common/vars/main.yml b/playbooks/roles/common/vars/main.yml
@@ -6,8 +6,6 @@ streisand_common_packages:
   - apt-transport-https
   # Used to perform a system upgrade
   - aptitude
-  # Used to compile Libreswan and OpenConnect Server (ocserv)
-  #- build-essential
   # Used to perform API requests, including the version check for
   # the Tor Browser Bundle
   - curl

diff --git a/playbooks/roles/dnsmasq/templates/dnsmasq.conf.j2 b/playbooks/roles/dnsmasq/templates/dnsmasq.conf.j2
@@ -18,6 +18,10 @@ bogus-priv
 # uncomment this.
 no-resolv
 
-{% for item in upstream_dns_servers %}
-server={{ item }}
-{% endfor %}
+bind-interfaces
+
+server=127.0.0.53
+
+#{% for item in upstream_dns_servers %}
+#server={{ item }}
+#{% endfor %}
diff --git a/playbooks/roles/gpg/tasks/main.yml b/playbooks/roles/gpg/tasks/main.yml
@@ -51,9 +51,6 @@
 - name: "Start a new dirmngr with our config changes"
   command: "gpgconf --launch dirmngr"
 
-- name: "Start the gpg-agent"
-  command: "gpg-agent --daemon --write-env-file {{ root_gpg_dir }}"
-
 - name: "Wait for the GPG agent and dirmngr control sockets"
   wait_for:
     path: "{{ root_gpg_dir }}/{{ item }}"

diff --git a/playbooks/roles/openvpn/meta/main.yml b/playbooks/roles/openvpn/meta/main.yml
@@ -2,5 +2,5 @@
 dependencies:
   # OpenVPN needs to be added to the firewall
   - { role: ufw }
-  # - { role: dnsmasq }
+  - { role: dnsmasq }
   - { role: ip-forwarding }
diff --git a/playbooks/roles/openvpn/tasks/install.yml b/playbooks/roles/openvpn/tasks/install.yml
@@ -1,10 +1,10 @@
 ---
-#- name: "Add the official OpenVPN APT key; hiding 25 lines of log..."
-#  apt_key:
-#    id: E158C569
-#    data: "{{ item }}"
-#  with_file: openvpn_signing.key
-#  no_log: True
+- name: "Add the official OpenVPN APT key; hiding 25 lines of log..."
+  apt_key:
+    id: E158C569
+    data: "{{ item }}"
+  with_file: openvpn_signing.key
+  no_log: True
 
 #- name: Add the official OpenVPN repository
 #  apt_repository:

diff --git a/playbooks/roles/openvpn/tasks/main.yml b/playbooks/roles/openvpn/tasks/main.yml
@@ -2,11 +2,11 @@
 # Add the apt key and install OpenVPN
 - import_tasks: install.yml
 
-#- name: "Configure DNSMasq to listen on {{ dnsmasq_openvpn_tcp_ip }}:53 and {{ dnsmasq_openvpn_udp_ip }}:53"
-#  template:
-#    src: openvpn_dnsmasq.conf.j2
-#    dest: /etc/dnsmasq.d/openvpn.conf
-#  notify: Restart dnsmasq
+- name: "Configure DNSMasq to listen on {{ dnsmasq_openvpn_tcp_ip }}:53 and {{ dnsmasq_openvpn_udp_ip }}:53"
+  template:
+    src: openvpn_dnsmasq.conf.j2
+    dest: /etc/dnsmasq.d/openvpn.conf
+  notify: Restart dnsmasq
 
 - include_role:
     name: certificates

diff --git a/playbooks/roles/stunnel/tasks/main.yml b/playbooks/roles/stunnel/tasks/main.yml
@@ -41,11 +41,6 @@
     name: stunnel4.service
     state: stopped
 
-- name: Remove the stunnel init.d script
-  file:
-    state: absent
-    path: "/etc/init.d/stunnel4"
-
 - name: Copy the stunnel system unit file
   template:
     src: stunnel.service.j2

diff --git a/playbooks/roles/stunnel/templates/stunnel-remote.conf.j2 b/playbooks/roles/stunnel/templates/stunnel-remote.conf.j2
@@ -1,7 +1,6 @@
 cert = {{ stunnel_cert }}
 key = {{ stunnel_key }}
 debug = 4
-options = NO_SSLv2
 options = NO_SSLv3
 options = NO_TLSv1
 options = NO_TLSv1.1

diff --git a/playbooks/roles/tinyproxy/tasks/main.yml b/playbooks/roles/tinyproxy/tasks/main.yml
@@ -3,37 +3,42 @@
   apt:
     name: tinyproxy
 
-- name: Create the tinyproxy config directory
-  file:
-    path: "{{ tinyproxy_conf_dir }}"
-    state: directory
-    owner: nobody
-    group: nogroup
-    mode: 0755
+#- name: Create the tinyproxy config directory
+#  file:
+#    path: "{{ tinyproxy_conf_dir }}"
+#    state: directory
+#    owner: nobody
+#    group: nogroup
+#    mode: 0755
 
-- name: Generate the tinyproxy configuration file
-  template:
-    src: tinyproxy.conf.j2
-    dest: "{{ tinyproxy_conf_file }}"
-    owner: root
-    group: root
-    mode: 0644
+#- name: Generate the tinyproxy configuration file
+#  template:
+#    src: tinyproxy.conf.j2
+#    dest: "{{ tinyproxy_conf_file }}"
+#    owner: root
+#    group: root
+#    mode: 0644
 
-- name: Generate the tinyproxy system unit file
-  template:
-    src: tinyproxy.service.j2
-    dest: /etc/systemd/system/tinyproxy.service
-    owner: root
-    group: root
-    mode: 0644
+#- name: Create the tinyproxy systemd drop-in configuration directory
+#  file:
+#    path: "{{ tinyproxy_systemd_service_path }}"
+#    state: directory
 
-- name: Generate the systemd tmpfile for tinyproxy
-  template:
-    src: tinyproxytmp.conf.j2
-    dest: /etc/tmpfiles.d/tinyproxy.conf
-    owner: root
-    group: root
-    mode: 0644
+#- name: Generate the tinyproxy systemd drop-in service file
+#  template:
+#    src: tinyproxy.service.j2
+#    dest: "{{ tinyproxy_systemd_service_path }}/10-restart-failure.service"
+#    owner: root
+#    group: root
+#    mode: 0644
+
+#- name: Generate the systemd tmpfile for tinyproxy
+#  template:
+#    src: tinyproxytmp.conf.j2
+#    dest: /etc/tmpfiles.d/tinyproxy.conf
+#    owner: root
+#    group: root
+#    mode: 0644
 
 - name: Enable and restart the tinyproxy service
   systemd: