HardenedBSD

update-users BSD

docs/FreeBSD.md

@@ -1,4 +1,4 @@
-# FreeBSD
+# FreeBSD / HardenedBSD
 
 It is only possible to install Algo on existing systems only in order to avoid recompiling the kernel while deploying
 

playbooks/freebsd.yml

@@ -1,9 +1,9 @@
 ---
 
-- name: FreeBSD | Install prerequisites
-  raw: sleep 10 && sudo pkg install -y python27
+- name: FreeBSD / HardenedBSD | Install prerequisites
+  raw: sleep 10 && env ASSUME_ALWAYS_YES=YES sudo pkg install -y python27
 
-- name: FreeBSD | Configure defaults
+- name: FreeBSD / HardenedBSD | Configure defaults
   raw: sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python2.7
 
 - include: facts/FreeBSD.yml

roles/dns_adblocking/tasks/freebsd.yml

@@ -1,4 +1,4 @@
 ---
 
-- name: FreeBSD | Enable dnsmasq
+- name: FreeBSD / HardenedBSD | Enable dnsmasq
   lineinfile: dest=/etc/rc.conf regexp=^dnsmasq_enable= line='dnsmasq_enable="YES"'

roles/vpn/tasks/freebsd.yml

@@ -1,4 +1,4 @@
 ---
 
-- name: FreeBSD | Enable strongswan
+- name: FreeBSD / HardenedBSD | Enable strongswan
   lineinfile: dest=/etc/rc.conf regexp=^strongswan_enable= line='strongswan_enable="YES"'

users.yml

@@ -36,6 +36,9 @@
     - config.cfg
 
   pre_tasks:
+    - name: Common pre-tasks
+      include: playbooks/common.yml
+
     - set_fact:
         IP_subject_alt_name: "{{ IP_subject }}"
         easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"
@@ -117,7 +120,7 @@
     - name: Copy the revoked certificates to the vpn server
       copy:
         src: configs/{{ IP_subject_alt_name }}/pki/crl/{{ item }}.crt
-        dest: /etc/ipsec.d/crls/{{ item }}.crt
+        dest: "{{ config_prefix|default('/') }}etc/ipsec.d/crls/{{ item }}.crt"
       when: item not in users
       with_items: "{{ valid_certs.stdout_lines }}"
       notify: