Browse Source

Init

master
blallo 11 months ago
commit
8816208357
Signed by: blallo GPG Key ID: 0CBE577C9B72DC3F
  1. 2
      files/local_system_tor_apparmor
  2. 3
      files/tor_unit_override.conf
  3. 87
      tasks/main.yml
  4. 8
      templates/hidden_services.conf.j2

2
files/local_system_tor_apparmor

@ -0,0 +1,2 @@
# vim:syntax=apparmor
/etc/tor/** r,

3
files/tor_unit_override.conf

@ -0,0 +1,3 @@
[Service]
Restart=always
RestartSec=60

87
tasks/main.yml

@ -0,0 +1,87 @@
---
- name: Ensure tor is installed
apt:
name: tor
state: present
default_release: "{{ ansible_distribution_release }}-backports"
- name: Ensure torrc.d directory is present
file:
path: /etc/tor/torrc.d/
state: directory
owner: root
group: root
mode: 0755
- name: Include custom apparmor profile
copy:
src: local_system_tor_apparmor
dest: /etc/apparmor.d/local/system_tor
owner: root
group: root
mode: 0644
force: yes
register: apparmor_profile
- name: Ensure apparmor reads the latest config
systemd:
name: apparmor.service
state: reloaded
when: apparmor_profile is defined and apparmor_profile.changed
- name: Ensure include directive is present in torrc
lineinfile:
path: /etc/tor/torrc
insertafter: EOF
line: "%include /etc/tor/torrc.d/*.conf"
- name: Add hidden services to torrc
template:
src: hidden_services.conf.j2
dest: /etc/tor/torrc.d/hidden_services.conf
owner: root
group: root
mode: 0644
register: config
- name: Ensure tor service is enabled and restarted
systemd:
name: tor.service
state: restarted
enabled: yes
when: config is defined and config.changed
- name: Ensure tor@.service override directory is present
file:
state: directory
path: /etc/systemd/system/tor@.service.d/
mode: 0700
owner: root
group: root
- name: Ensure tor@default unit is properly overloaded
copy:
src: tor_unit_override.conf
dest: /etc/systemd/system/tor@.service.d/override.conf
mode: 0600
owner: root
group: root
register: override
- name: Ensure tor@default.service is enabled and restarted
systemd:
name: tor@default.service
state: restarted
daemon_reload: yes
enabled: yes
when: override is defined and override.changed
- name: Register each hidden service onion address
shell: "cat /var/lib/tor/{{ item.name }}/hostname"
loop: "{{ tor_node_services }}"
register: hostnames
- name: Display hostnames
debug:
msg: "{{ dict(hostnames.results | map(attribute='item') | map(attribute='name') | zip(hostnames.results | map(attribute='stdout'))) }}"

8
templates/hidden_services.conf.j2

@ -0,0 +1,8 @@
{% for srv in tor_node_services %}
HiddenServiceDir /var/lib/tor/{{ srv.name }}/
{% if srv.full_service_port_line is defined %}
HiddenServicePort {{ srv.full_service_port_line }}
{% else %}
HiddenServicePort {{ srv.public_port }} 127.0.0.1:{{ srv.local_port }}
{% endif %}
{% endfor %}
Loading…
Cancel
Save