diff options
| author | heqnx <root@heqnx.com> | 2025-05-25 11:51:57 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-05-25 11:51:57 +0300 |
| commit | 8fb0b275bf00c963a24c21e1dfbaa64491c4f445 (patch) | |
| tree | 28e9b4bbf0d4391f092f832d8f00d84ec20fed4f /roles/tor | |
| parent | 7c8ed923df3c02338dfbf826fd6fd9a23dac502e (diff) | |
| download | ansible-playbooks-8fb0b275bf00c963a24c21e1dfbaa64491c4f445.tar.gz ansible-playbooks-8fb0b275bf00c963a24c21e1dfbaa64491c4f445.zip | |
added role-based playbooks
Diffstat (limited to 'roles/tor')
| -rw-r--r-- | roles/tor/handlers/main.yaml | 6 | ||||
| -rw-r--r-- | roles/tor/tasks/main.yaml | 1 | ||||
| -rw-r--r-- | roles/tor/tasks/tor_install.yaml | 48 | ||||
| -rw-r--r-- | roles/tor/templates/torrc.j2 | 30 |
4 files changed, 85 insertions, 0 deletions
diff --git a/roles/tor/handlers/main.yaml b/roles/tor/handlers/main.yaml new file mode 100644 index 0000000..8903ad6 --- /dev/null +++ b/roles/tor/handlers/main.yaml @@ -0,0 +1,6 @@ +- name: restart tor + systemd: + name: tor + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/roles/tor/tasks/main.yaml b/roles/tor/tasks/main.yaml new file mode 100644 index 0000000..3168032 --- /dev/null +++ b/roles/tor/tasks/main.yaml @@ -0,0 +1 @@ +- import_tasks: tasks/tor_install.yaml diff --git a/roles/tor/tasks/tor_install.yaml b/roles/tor/tasks/tor_install.yaml new file mode 100644 index 0000000..e0f6d1d --- /dev/null +++ b/roles/tor/tasks/tor_install.yaml @@ -0,0 +1,48 @@ +- name: install tor and required packages + apt: + name: + - tor + - tor-geoipdb + - torsocks + - proxychains + - curl + state: present + update_cache: yes + +- name: check if /etc/tor/torrc exists + stat: + path: /etc/tor/torrc + register: torrc_stat + +- name: back up /etc/tor/torrc + copy: + src: /etc/tor/torrc + dest: /etc/tor/torrc.bak + remote_src: yes + force: no + when: + - torrc_stat.stat.exists + +- name: deploy custom tor configuration + template: + src: templates/torrc.j2 + dest: /etc/tor/torrc + owner: debian-tor + group: debian-tor + mode: '0644' + notify: restart tor + +- name: check if tor is routing traffic correctly + command: curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip + register: tor_check + changed_when: false + +- name: print tor check json response + debug: + msg: "tor check response: {{ tor_check.stdout }}" + +- name: verify tor is active + fail: + msg: "tor is not routing traffic correctly: istor is {{ tor_check.stdout | from_json | json_query('IsTor') }}" + when: + - tor_check.stdout | from_json | json_query('IsTor') != true diff --git a/roles/tor/templates/torrc.j2 b/roles/tor/templates/torrc.j2 new file mode 100644 index 0000000..b12f93c --- /dev/null +++ b/roles/tor/templates/torrc.j2 @@ -0,0 +1,30 @@ +Log notice file /var/log/tor/notices.log +Log info file /var/log/tor/info.log +Log warn file /var/log/tor/warn.log +SafeLogging 1 + +RunAsDaemon 1 + +DataDirectory /var/lib/tor + +UseEntryGuards 1 + +ExitRelay 0 + +ExcludeNodes {us},{gb},{ca},{nz},{au},{dk},{fr},{nl},{no},{de},{be},{it},{es},{se},{cn},{ru},{ir} +StrictNodes 1 + +SOCKSPort 127.0.0.1:9050 + +DNSPort 127.0.0.1:5353 +TransPort 9040 +VirtualAddrNetworkIPv4 10.192.0.0/10 +AutomapHostsOnResolve 1 + +HardwareAccel 1 +Sandbox 1 +NoExec 1 +KeepAlivePeriod 60 +ClientRejectInternalAddresses 1 +NewCircuitPeriod 30 +MaxCircuitDirtiness 600 |