diff --git a/precommit-hooks/find-passwords-in-files b/precommit-hooks/find-passwords-in-files index 3c570c3..2fad1b1 100644 --- a/precommit-hooks/find-passwords-in-files +++ b/precommit-hooks/find-passwords-in-files @@ -1,7 +1,7 @@ #!/bin/bash # Ignore Ansibilized templates. -saferegex='\{\{.+\}\}' +saferegex='\{\{.+\}\}|secrets\[' # Ignore comments saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//|\s+[/]?[*][/]?\s+' # AniNIX Constructs diff --git a/roles/DarkNet/tasks/main.yml b/roles/DarkNet/tasks/main.yml index 2470e04..fc18097 100644 --- a/roles/DarkNet/tasks/main.yml +++ b/roles/DarkNet/tasks/main.yml @@ -12,6 +12,38 @@ - torsocks - tor-browser-en + - name: OpenVPN config + become: yes + get_url: + url: "{{ secrets.DarkNet.vpnserver }}" + dest: /etc/openvpn/client/darknet.conf + mode: 0600 + owner: openvpn + group: network + + - name: OpenVPN Auth part 1 + become: yes + lineinfile: + path: /etc/openvpn/client/darknet.conf + regexp: ^auth-user-pass + line: auth-user-pass /etc/openvpn/client/darknet.auth + + - name: OpenVPN Auth part 2 + become: yes + lineinfile: + path: /etc/openvpn/client/darknet.conf + regexp: ^dev + line: dev tun0 + + - name: OpenVPN Auth part 3 + become: yes + copy: + dest: /etc/openvpn/client/darknet.auth + content: "{{ secrets.DarkNet.token }}" + mode: 0600 + owner: openvpn + group: network + - name: "Enable daemons" become: yes service: @@ -19,16 +51,17 @@ state: started enabled: yes loop: - - tor - - nordvpnd - - deluged + - tor.service + - nordvpnd.service + - deluged.service + - openvpn-client@darknet.service - - debug: - msg: "Remember to use the nordvpn-bin command to set up your account." - - - # TODO Add yaml for OVPN file, user, pass to Vault - # TODO Enforce vpn.service on server instead of nordvpnd. - # TODO Add /etc/bashrc.d file for `alias torlynx='torsocks elinks https://check.torproject.org/'` - # TODO Add monit checks for tor and openvpn services - # TODO Shift deluged to WolfPack + - name: BashRC customization + become: yes + copy: + dest: /etc/profile.d/darknet + content: | + alias torlynx='torsocks elinks https://check.torproject.org/' + mode: 0644 + owner: root + group: root diff --git a/roles/ShadowArch/files/netctl-tun b/roles/ShadowArch/files/netctl-tun new file mode 100644 index 0000000..ce10de0 --- /dev/null +++ b/roles/ShadowArch/files/netctl-tun @@ -0,0 +1,6 @@ +Description='tuntap connection' +Interface=tun0 +Connection=tuntap +Mode='tap' +User='nobody' +Group='nobody' diff --git a/roles/ShadowArch/tasks/archlinux-network.yml b/roles/ShadowArch/tasks/archlinux-network.yml index cbf3630..200de31 100644 --- a/roles/ShadowArch/tasks/archlinux-network.yml +++ b/roles/ShadowArch/tasks/archlinux-network.yml @@ -21,6 +21,20 @@ src: netctl-tap.j2 dest: "/etc/netctl/{{ ipinterface }}" + - name: Bridge ArchLinux network config + become: yes + when: tap and not static + template: + src: netctl-bond.j2 + dest: "/etc/netctl/br0" + + - name: Tunnel ArchLinux network config + become: yes + when: tap and not static + copy: + src: netctl-tun + dest: "/etc/netctl/tun0" + - name: Dynamic ArchLinux network config become: yes when: not static and not tap diff --git a/roles/ShadowArch/tasks/bash.yml b/roles/ShadowArch/tasks/bash.yml index a4b9913..12bfe87 100644 --- a/roles/ShadowArch/tasks/bash.yml +++ b/roles/ShadowArch/tasks/bash.yml @@ -1,6 +1,6 @@ - - name: Set Bash MOTD + - name: Set Bash MOTD become: yes copy: src: "motd/{{ inventory_hostname }}" diff --git a/roles/ShadowArch/templates/netctl-bond.j2 b/roles/ShadowArch/templates/netctl-bond.j2 new file mode 100644 index 0000000..3503e50 --- /dev/null +++ b/roles/ShadowArch/templates/netctl-bond.j2 @@ -0,0 +1,5 @@ +Description="Bridge connection" +Interface=br0 +Connection=bridge +BindsToInterfaces=({{ ipinterface }} tun0) +IP=dhcp