ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs
commit 1b1aa8db9ae01e2facd20c7e36afa20453d25d18
parent 3c892fae8436c5e97135712ef3276be143e381eb
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Tue,  7 May 2019 01:58:42 +0300

tor_relay: Initialize role to setup a tor relay

Diffstat:

ansible/inventory/group_vars/tor_relay/all.yml | 3+++


ansible/inventory/group_vars/tor_relay/apt_install.yml | 3+++


ansible/inventory/group_vars/tor_relay/apt_preferences.yml | 5+++++


ansible/inventory/group_vars/tor_relay/ferm.yml | 11+++++++++++


ansible/inventory/host_vars/t2/all.yml | 3+++


ansible/playbooks/tor_relay.yml | 16++++++++++++++++


ansible/roles/tor_relay/tasks/main.yml | 15+++++++++++++++


ansible/roles/tor_relay/templates/torrc.j2 | 5+++++


8 files changed, 61 insertions(+), 0 deletions(-)

diff --git a/ansible/inventory/group_vars/tor_relay/all.yml b/ansible/inventory/group_vars/tor_relay/all.yml
@@ -0,0 +1,3 @@
+---
+
+tor__ORPort: 443
diff --git a/ansible/inventory/group_vars/tor_relay/apt_install.yml b/ansible/inventory/group_vars/tor_relay/apt_install.yml
@@ -0,0 +1,3 @@
+---
+
+apt_install__group_packages: ['tor']
diff --git a/ansible/inventory/group_vars/tor_relay/apt_preferences.yml b/ansible/inventory/group_vars/tor_relay/apt_preferences.yml
@@ -0,0 +1,5 @@
+---
+
+apt_preferences__group_list:
+  - package: 'tor'
+    backports: ['stretch']
diff --git a/ansible/inventory/group_vars/tor_relay/ferm.yml b/ansible/inventory/group_vars/tor_relay/ferm.yml
@@ -0,0 +1,11 @@
+---
+
+ferm__group_rules:
+  - type: 'accept'
+    filename: 'tor'
+    name: 'tor'
+    table: 'filter'
+    chain: 'INPUT'
+    dport: ['{{ tor__ORPort }}']
+    protocol: 'tcp'
+    domain: 'ip'
diff --git a/ansible/inventory/host_vars/t2/all.yml b/ansible/inventory/host_vars/t2/all.yml
@@ -0,0 +1,3 @@
+---
+
+tor__nickname: '{{ lookup("password", secret + "/credentials/t2/tor/nickname") }}'
diff --git a/ansible/playbooks/tor_relay.yml b/ansible/playbooks/tor_relay.yml
@@ -0,0 +1,16 @@
+---
+- hosts: tor_relay
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  roles:
+
+    - role: debops.secret
+
+    - role: debops.ferm
+      tags: [ 'role::ferm' ]
+
+    - role: tor_relay
diff --git a/ansible/roles/tor_relay/tasks/main.yml b/ansible/roles/tor_relay/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Configure tor daemon
+  template:
+    src: torrc.j2
+    dest: /etc/tor/torrc
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Enable and restart tor daemon
+  systemd:
+    name: tor
+    enabled: yes
+    state: restarted
diff --git a/ansible/roles/tor_relay/templates/torrc.j2 b/ansible/roles/tor_relay/templates/torrc.j2
@@ -0,0 +1,5 @@
+Nickname {{ tor__nickname }}
+ORPort  {{ tor__ORPort }}
+ExitRelay 0
+ExitPolicy reject *:*
+SocksPort 0