88 lines
2.1 KiB
YAML
88 lines
2.1 KiB
YAML
---
|
|
- name: Ensure tor is installed
|
|
apt:
|
|
name: tor
|
|
state: present
|
|
default_release: "{{ ansible_distribution_release }}-backports"
|
|
|
|
- name: Ensure torrc.d directory is present
|
|
file:
|
|
path: /etc/tor/torrc.d/
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Include custom apparmor profile
|
|
copy:
|
|
src: local_system_tor_apparmor
|
|
dest: /etc/apparmor.d/local/system_tor
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
force: yes
|
|
register: apparmor_profile
|
|
|
|
- name: Ensure apparmor reads the latest config
|
|
systemd:
|
|
name: apparmor.service
|
|
state: reloaded
|
|
when: apparmor_profile is defined and apparmor_profile.changed
|
|
|
|
- name: Ensure include directive is present in torrc
|
|
lineinfile:
|
|
path: /etc/tor/torrc
|
|
insertafter: EOF
|
|
line: "%include /etc/tor/torrc.d/*.conf"
|
|
|
|
- name: Add hidden services to torrc
|
|
template:
|
|
src: hidden_services.conf.j2
|
|
dest: /etc/tor/torrc.d/hidden_services.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
register: config
|
|
|
|
- name: Ensure tor service is enabled and restarted
|
|
systemd:
|
|
name: tor.service
|
|
state: restarted
|
|
enabled: yes
|
|
when: config is defined and config.changed
|
|
|
|
- name: Ensure tor@.service override directory is present
|
|
file:
|
|
state: directory
|
|
path: /etc/systemd/system/tor@.service.d/
|
|
mode: 0700
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Ensure tor@default unit is properly overloaded
|
|
copy:
|
|
src: tor_unit_override.conf
|
|
dest: /etc/systemd/system/tor@.service.d/override.conf
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
register: override
|
|
|
|
- name: Ensure tor@default.service is enabled and restarted
|
|
systemd:
|
|
name: tor@default.service
|
|
state: restarted
|
|
daemon_reload: yes
|
|
enabled: yes
|
|
when: override is defined and override.changed
|
|
|
|
- name: Register each hidden service onion address
|
|
shell: "cat /var/lib/tor/{{ item.name }}/hostname"
|
|
loop: "{{ tor_node_services }}"
|
|
register: hostnames
|
|
|
|
- name: Display hostnames
|
|
debug:
|
|
msg: "{{ dict(hostnames.results | map(attribute='item') | map(attribute='name') | zip(hostnames.results | map(attribute='stdout'))) }}"
|
|
|