ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit 3958045984309c9e4ef66375966ab726847eb682
parent 21f0da07b314edc967df14dd7aa3ae825405340d
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Tue,  8 Nov 2022 02:20:00 +0200

tor_relay: Update role and add three new relays

Diffstat:
ansible/inventory/group_vars/tor_relay/all.yml | 1+
ansible/inventory/group_vars/tor_relay/apt_preferences.yml | 2+-
ansible/inventory/group_vars/tor_relay/ferm.yml | 2+-
ansible/inventory/host_vars/t1/all.yml | 4++++
ansible/inventory/host_vars/t2/all.yml | 1+
ansible/inventory/host_vars/t3/all.yml | 4++++
ansible/playbooks/tor_relay.yml | 9+++++++--
ansible/roles/tor_relay/templates/torrc.j2 | 4++++
8 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/ansible/inventory/group_vars/tor_relay/all.yml b/ansible/inventory/group_vars/tor_relay/all.yml @@ -1,3 +1,4 @@ --- tor__ORPort: 443 +tor__family: '{{ lookup("password", secret + "/credentials/tor_relay/tor/family") }}' diff --git a/ansible/inventory/group_vars/tor_relay/apt_preferences.yml b/ansible/inventory/group_vars/tor_relay/apt_preferences.yml @@ -2,4 +2,4 @@ apt_preferences__group_list: - package: 'tor' - backports: ['stretch'] + backports: ['bullseye'] diff --git a/ansible/inventory/group_vars/tor_relay/ferm.yml b/ansible/inventory/group_vars/tor_relay/ferm.yml @@ -8,4 +8,4 @@ ferm__group_rules: chain: 'INPUT' dport: ['{{ tor__ORPort }}'] protocol: 'tcp' - domain: 'ip' + domain: ['ip', 'ip6'] diff --git a/ansible/inventory/host_vars/t1/all.yml b/ansible/inventory/host_vars/t1/all.yml @@ -0,0 +1,4 @@ +--- + +tor__nickname: '{{ lookup("password", secret + "/credentials/t1/tor/nickname") }}' +pki_enabled: False diff --git a/ansible/inventory/host_vars/t2/all.yml b/ansible/inventory/host_vars/t2/all.yml @@ -1,3 +1,4 @@ --- tor__nickname: '{{ lookup("password", secret + "/credentials/t2/tor/nickname") }}' +pki_enabled: False diff --git a/ansible/inventory/host_vars/t3/all.yml b/ansible/inventory/host_vars/t3/all.yml @@ -0,0 +1,4 @@ +--- + +tor__nickname: '{{ lookup("password", secret + "/credentials/t3/tor/nickname") }}' +pki_enabled: False diff --git a/ansible/playbooks/tor_relay.yml b/ansible/playbooks/tor_relay.yml @@ -1,6 +1,9 @@ --- + - hosts: tor_relay become: True + collections: [ 'debops.debops', 'debops.roles01', + 'debops.roles02', 'debops.roles03' ] environment: '{{ inventory__environment | d({}) | combine(inventory__group_environment | d({})) @@ -8,9 +11,11 @@ roles: - - role: debops.secret + - role: secret + tags: ['role::tor_relay'] - - role: debops.ferm + - role: ferm tags: [ 'role::ferm' ] - role: tor_relay + tags: ['role::tor_relay'] diff --git a/ansible/roles/tor_relay/templates/torrc.j2 b/ansible/roles/tor_relay/templates/torrc.j2 @@ -3,3 +3,6 @@ ORPort {{ tor__ORPort }} ExitRelay 0 ExitPolicy reject *:* SocksPort 0 +{% if tor__family is defined and tor__family %} +MyFamily {{ tor__family }} +{% endif %}+ \ No newline at end of file