v0.0.1alphaHEAD main

author: repliqa <sarzilhossain@proton.me> 2025-07-23 14:06:15 +0600
committer: repliqa <sarzilhossain@proton.me> 2025-07-23 14:06:15 +0600
commit: 69acb7a82a68eeb439e55b994281056df52c81b1 (patch)
tree: 7c6a53694e11511a3014470c213255a503f9c95e /roles/base/tasks/base_setup.yaml
1 files changed, 58 insertions, 0 deletions
diff --git a/roles/base/tasks/base_setup.yaml b/roles/base/tasks/base_setup.yaml
new file mode 100644
index 00000000..f1ed062a
--- /dev/null
+++ b/roles/base/tasks/base_setup.yaml
@@ -0,0 +1,58 @@
+---
+- name: "Create vpns user"
+  ansible.builtin.user:
+    name: _vpn
+    create_home: no
+    comment: Project VPN user
+    state: present
+    shell: /sbin/nologin
+  notify: restart_notification
+
+- name: "Create root directory of vpn services"
+  ansible.builtin.file:
+    path: /var/reactance/
+    state: directory
+    owner: _vpn
+    group: _vpn
+    mode:  0755
+
+- name: "templating out ip forwarding rules in sysctl.conf"
+  ansible.builtin.blockinfile:
+    path: /etc/sysctl.conf
+    create: true
+    backup: true
+    marker: "### REACTANCE - IP Forwarding - {mark} ###"
+    insertafter: "EOF"
+    block: |
+      net.inet.ip.forwarding=1
+      net.inet6.ip6.forwarding=1
+
+- name: "templating out sysctl.conf"
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: '0644'
+  notify: syslogd_restart
+  loop:
+    - src: syslog.conf.j2
+      dest: /etc/syslog.conf
+    - src: newsyslog.conf.j2
+      dest: /etc/newsyslog.conf
+    
+
+# openbsd_pkg cant be run parallely otherwise there could be package locks and pipeline would fail
+- name: "install necessary utils"
+  community.general.openbsd_pkg:
+    name:
+      - unzip--
+      - curl--
+      - rsync--
+      - jq--
+    state: present
+  when: inventory_hostname in (groups['vless']|default([]) + groups['vmess']|default([]) + groups['trojan']|default([]) + groups['all_vpns']|default([]))
+
+- name: "tune unbound performance"
+  community.general.openbsd_pkg:
+    name: ripgrep
+    state: present
+  when: not disable_dns|default(False)
author	repliqa <sarzilhossain@proton.me>	2025-07-23 14:06:15 +0600
committer	repliqa <sarzilhossain@proton.me>	2025-07-23 14:06:15 +0600
commit	69acb7a82a68eeb439e55b994281056df52c81b1 (patch)
tree	7c6a53694e11511a3014470c213255a503f9c95e /roles/base/tasks/base_setup.yaml