From 12536e76e9491f5a6c643d1f0b9726dcee2af0fc Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Sun, 26 Feb 2017 12:06:59 +0300
Subject: [PATCH] HardenedBSD

update-users BSD
---
 docs/FreeBSD.md                        | 2 +-
 playbooks/freebsd.yml                  | 6 +++---
 roles/dns_adblocking/tasks/freebsd.yml | 2 +-
 roles/vpn/tasks/freebsd.yml            | 4 ++--
 users.yml                              | 5 ++++-
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/docs/FreeBSD.md b/docs/FreeBSD.md
index e082809f..fbbddbe6 100644
--- a/docs/FreeBSD.md
+++ b/docs/FreeBSD.md
@@ -1,4 +1,4 @@
-# FreeBSD
+# FreeBSD / HardenedBSD
 
 It is only possible to install Algo on existing systems only in order to avoid recompiling the kernel while deploying
 
diff --git a/playbooks/freebsd.yml b/playbooks/freebsd.yml
index 00d77b1a..8cf0579f 100644
--- a/playbooks/freebsd.yml
+++ b/playbooks/freebsd.yml
@@ -1,9 +1,9 @@
 ---
 
-- name: FreeBSD | Install prerequisites
-  raw: sleep 10 && sudo pkg install -y python27
+- name: FreeBSD / HardenedBSD | Install prerequisites
+  raw: sleep 10 && env ASSUME_ALWAYS_YES=YES sudo pkg install -y python27
 
-- name: FreeBSD | Configure defaults
+- name: FreeBSD / HardenedBSD | Configure defaults
   raw: sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python2.7
 
 - include: facts/FreeBSD.yml
diff --git a/roles/dns_adblocking/tasks/freebsd.yml b/roles/dns_adblocking/tasks/freebsd.yml
index 1e32f2bc..a08e2342 100644
--- a/roles/dns_adblocking/tasks/freebsd.yml
+++ b/roles/dns_adblocking/tasks/freebsd.yml
@@ -1,4 +1,4 @@
 ---
 
-- name: FreeBSD | Enable dnsmasq
+- name: FreeBSD / HardenedBSD | Enable dnsmasq
   lineinfile: dest=/etc/rc.conf regexp=^dnsmasq_enable= line='dnsmasq_enable="YES"'
diff --git a/roles/vpn/tasks/freebsd.yml b/roles/vpn/tasks/freebsd.yml
index 39619431..e9a8c9b6 100644
--- a/roles/vpn/tasks/freebsd.yml
+++ b/roles/vpn/tasks/freebsd.yml
@@ -1,4 +1,4 @@
 ---
-  
-- name: FreeBSD | Enable strongswan
+
+- name: FreeBSD / HardenedBSD | Enable strongswan
   lineinfile: dest=/etc/rc.conf regexp=^strongswan_enable= line='strongswan_enable="YES"'
diff --git a/users.yml b/users.yml
index 105c9be8..314858dc 100644
--- a/users.yml
+++ b/users.yml
@@ -36,6 +36,9 @@
     - config.cfg
 
   pre_tasks:
+    - name: Common pre-tasks
+      include: playbooks/common.yml
+
     - set_fact:
         IP_subject_alt_name: "{{ IP_subject }}"
         easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"
@@ -117,7 +120,7 @@
     - name: Copy the revoked certificates to the vpn server
       copy:
         src: configs/{{ IP_subject_alt_name }}/pki/crl/{{ item }}.crt
-        dest: /etc/ipsec.d/crls/{{ item }}.crt
+        dest: "{{ config_prefix|default('/') }}etc/ipsec.d/crls/{{ item }}.crt"
       when: item not in users
       with_items: "{{ valid_certs.stdout_lines }}"
       notify: