diff --git a/deploy.yml b/deploy.yml index 9fbf792f..7fecd165 100644 --- a/deploy.yml +++ b/deploy.yml @@ -38,3 +38,18 @@ handlers: - name: reload eth0 shell: sh -c 'ifdown eth0; ip addr flush dev eth0; ifup eth0' + + post_tasks: + - shell: | + echo "#----------------------------------------------------------------------#" + echo "# Congratulations! #" + echo "# Your Algo server is running. #" + echo "# Config files and certificates are in the ./configs/ directory. #" + echo "# Go to https://whoer.net/ after connecting #" + echo "# and ensure that all your traffic passes through the VPN. #" + echo "# Local DNS resolver and Proxy IP address: {{ local_service_ip }}" + echo "#----------------------------------------------------------------------#" + tags: always + register: congrats + - debug: msg="{{ congrats.stdout_lines }}" + tags: always diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 4b6e2ee1..a5730ac1 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -2,13 +2,17 @@ - name: Gather Facts setup: + tags: + - always - name: Install software updates apt: update_cache=yes upgrade=dist + tags: + - cloud - name: Check if reboot is required shell: > - if [[ $(readlink -f /vmlinuz) != /boot/vmlinuz-$(uname -r) ]]; then echo "required"; else echo "no"; fi + if [[ -e /var/run/reboot-required ]]; then echo "required"; else echo "no"; fi args: executable: /bin/bash register: reboot_required @@ -43,6 +47,8 @@ with_items: - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' } - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' } + tags: + - cloud - name: Install tools apt: name="{{ item }}" state=latest @@ -55,24 +61,36 @@ - sendmail - iptables-persistent - cgroup-tools + tags: + - always - name: Loopback for services configured template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg notify: - restart loopback + tags: + - always - name: Loopback included into the network config lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present notify: - restart loopback + tags: + - always - meta: flush_handlers + tags: + - always - name: Enable packet forwarding for IPv4 sysctl: name="{{ item }}" value=1 with_items: - net.ipv4.ip_forward - net.ipv4.conf.all.forwarding + tags: + - always - name: Enable packet forwarding for IPv6 sysctl: name=net.ipv6.conf.all.forwarding value=1 + tags: + - always diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml index 26ba6fff..32885b5f 100644 --- a/roles/vpn/handlers/main.yml +++ b/roles/vpn/handlers/main.yml @@ -12,15 +12,3 @@ - name: restart iptables service: name=netfilter-persistent state=restarted - -- name: congrats - debug: - msg: - - "#----------------------------------------------------------------------#" - - "# Congratulations! #" - - "# Your Algo server is running. #" - - "# Config files and certificates are in the ./configs/ directory. #" - - "# Go to https://whoer.net/ after connecting #" - - "# and ensure that all your traffic passes through the VPN. #" - - "# Local DNS resolver and Proxy IP address: {{ local_service_ip }}" - - "#----------------------------------------------------------------------#" diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index 6fff583c..53734b76 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -222,8 +222,6 @@ - name: Fetch server CA certificate fetch: src=/{{ easyrsa_dir }}/easyrsa3/pki/ca.crt dest=configs/{{ IP_subject_alt_name }}_ca.crt flat=yes - notify: - - congrats - include: iptables.yml tags: iptables