Updating DarkNet VPN setup

precommit-hooks/find-passwords-in-files

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Ignore Ansibilized templates.
-saferegex='\{\{.+\}\}'
+saferegex='\{\{.+\}\}|secrets\['
 # Ignore comments
 saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//|\s+[/]?[*][/]?\s+'
 # AniNIX Constructs

roles/DarkNet/tasks/main.yml

@@ -12,6 +12,38 @@
         - torsocks
         - tor-browser-en
 
+  - name: OpenVPN config
+    become: yes
+    get_url:
+      url: "{{ secrets.DarkNet.vpnserver }}"
+      dest: /etc/openvpn/client/darknet.conf
+      mode: 0600
+      owner: openvpn
+      group: network
+
+  - name: OpenVPN Auth part 1
+    become: yes
+    lineinfile:
+      path: /etc/openvpn/client/darknet.conf
+      regexp: ^auth-user-pass
+      line: auth-user-pass /etc/openvpn/client/darknet.auth
+
+  - name: OpenVPN Auth part 2
+    become: yes
+    lineinfile:
+      path: /etc/openvpn/client/darknet.conf
+      regexp: ^dev
+      line: dev tun0
+
+  - name: OpenVPN Auth part 3
+    become: yes
+    copy:
+      dest: /etc/openvpn/client/darknet.auth
+      content: "{{ secrets.DarkNet.token }}"
+      mode: 0600
+      owner: openvpn
+      group: network
+
   - name: "Enable daemons"
     become: yes
     service:
@@ -19,16 +51,17 @@
       state: started
       enabled: yes
     loop:
-      - tor
-      - nordvpnd
-      - deluged
+      - tor.service
+      - nordvpnd.service
+      - deluged.service
+      - openvpn-client@darknet.service
 
-  - debug:
-      msg: "Remember to use the nordvpn-bin command to set up your account."
-
-
-        # TODO Add yaml for OVPN file, user, pass to Vault
-        # TODO Enforce vpn.service on server instead of nordvpnd.
-        # TODO Add /etc/bashrc.d file for `alias torlynx='torsocks elinks https://check.torproject.org/'`
-        # TODO Add monit checks for tor and openvpn services
-        # TODO Shift deluged to WolfPack
+  - name: BashRC customization
+    become: yes
+    copy:
+      dest: /etc/profile.d/darknet
+      content: |
+        alias torlynx='torsocks elinks https://check.torproject.org/'
+      mode: 0644
+      owner: root
+      group: root

roles/ShadowArch/files/netctl-tun

@@ -0,0 +1,6 @@
+Description='tuntap connection'
+Interface=tun0
+Connection=tuntap
+Mode='tap'
+User='nobody'
+Group='nobody'

roles/ShadowArch/tasks/archlinux-network.yml

@@ -21,6 +21,20 @@
         src: netctl-tap.j2
         dest: "/etc/netctl/{{ ipinterface }}"
 
+  - name: Bridge ArchLinux network config
+    become: yes
+    when: tap and not static
+    template:
+        src: netctl-bond.j2
+        dest: "/etc/netctl/br0"
+
+  - name: Tunnel ArchLinux network config
+    become: yes
+    when: tap and not static
+    copy:
+        src: netctl-tun
+        dest: "/etc/netctl/tun0"
+
   - name: Dynamic ArchLinux network config
     become: yes
     when: not static and not tap

roles/ShadowArch/tasks/bash.yml

@@ -1,6 +1,6 @@
 
 
-   - name: Set Bash MOTD
+  - name: Set Bash MOTD
     become: yes
     copy:
       src: "motd/{{ inventory_hostname }}"

roles/ShadowArch/templates/netctl-bond.j2

@@ -0,0 +1,5 @@
+Description="Bridge connection"
+Interface=br0
+Connection=bridge
+BindsToInterfaces=({{ ipinterface }} tun0)
+IP=dhcp