From 27ad3dba998d44b484deb683ddf386741896e4c1 Mon Sep 17 00:00:00 2001
From: "Philip (a-0)" <@ph:a-0.me>
Date: Thu, 28 Jul 2022 19:14:01 +0200
Subject: [PATCH] Initial commit

---
 .gitignore                           |  0
 group_vars/all/vars.yml              |  1 +
 inventory/hosts.yml                  |  3 ++
 roles/tor_gateway/defaults/main.yml  |  4 ++
 roles/tor_gateway/handlers/main.yml  |  8 +++
 roles/tor_gateway/tasks/main.yml     | 73 ++++++++++++++++++++++++++++
 roles/tor_gateway/templates/torrc.j2 |  7 +++
 setup.yml                            |  4 ++
 8 files changed, 100 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 group_vars/all/vars.yml
 create mode 100644 inventory/hosts.yml
 create mode 100644 roles/tor_gateway/defaults/main.yml
 create mode 100644 roles/tor_gateway/handlers/main.yml
 create mode 100644 roles/tor_gateway/tasks/main.yml
 create mode 100644 roles/tor_gateway/templates/torrc.j2
 create mode 100644 setup.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
new file mode 100644
index 0000000..73b314f
--- /dev/null
+++ b/group_vars/all/vars.yml
@@ -0,0 +1 @@
+---
\ No newline at end of file
diff --git a/inventory/hosts.yml b/inventory/hosts.yml
new file mode 100644
index 0000000..ca74fc2
--- /dev/null
+++ b/inventory/hosts.yml
@@ -0,0 +1,3 @@
+---
+all:
+  localhost:
\ No newline at end of file
diff --git a/roles/tor_gateway/defaults/main.yml b/roles/tor_gateway/defaults/main.yml
new file mode 100644
index 0000000..27de928
--- /dev/null
+++ b/roles/tor_gateway/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+tor_trans_port: 9040
+tor_dns_port: 5353
+tor_logfile_path: /var/log/tor/notices.log
\ No newline at end of file
diff --git a/roles/tor_gateway/handlers/main.yml b/roles/tor_gateway/handlers/main.yml
new file mode 100644
index 0000000..2b6dd46
--- /dev/null
+++ b/roles/tor_gateway/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: save iptables v4 rules
+  shell: iptables-save > /etc/iptables/rules.v4
+  listen: persist iptables
+
+- name: save iptables v6 rules
+  shell: ip6tables-save > /etc/iptables/rules.v6
+  listen: persist iptables
\ No newline at end of file
diff --git a/roles/tor_gateway/tasks/main.yml b/roles/tor_gateway/tasks/main.yml
new file mode 100644
index 0000000..b5e82c0
--- /dev/null
+++ b/roles/tor_gateway/tasks/main.yml
@@ -0,0 +1,73 @@
+- name: Install tor
+  apt:
+    name: tor
+    update_cache: yes
+
+- name: Set torrc file
+  template:
+    src: torrc.j2
+    dest: /etc/tor/torrc
+
+- name: Forward IPv4 TCP traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv4
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    ctstate: NEW
+    protocol: tcp
+    jump: REDIRECT
+    to_ports: "{{ tor_trans_port }}"
+  notify: persist iptables
+
+- name: Forward IPv6 TCP traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv6
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    ctstate: NEW
+    protocol: tcp
+    jump: REDIRECT
+    to_ports: "{{ tor_trans_port }}"
+  notify: persist iptables
+
+- name: Forward IPv4 DNS traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv4
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    protocol: udp
+    jump: REDIRECT
+    to_ports: "{{ tor_dns_port }}"
+  notify: persist iptables
+
+- name: Forward IPv6 DNS traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv6
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    protocol: udp
+    jump: REDIRECT
+    to_ports: "{{ tor_dns_port }}"
+  notify: persist iptables
+
+- name: Ensure log file exists
+  file:
+    path: "{{ tor_logfile_path }}"
+    state: touch
+    owner: debian-tor
+    mode: 0644
+
+- name: Start and enable tor service
+  service:
+    name: tor
+    state: started
+    enabled: yes
+    daemon_reload: yes
\ No newline at end of file
diff --git a/roles/tor_gateway/templates/torrc.j2 b/roles/tor_gateway/templates/torrc.j2
new file mode 100644
index 0000000..6136be6
--- /dev/null
+++ b/roles/tor_gateway/templates/torrc.j2
@@ -0,0 +1,7 @@
+Log notice file {{ tor_logfile_path }}
+VirtualAddrNetworkIPv4 10.192.0.0/10
+VirtualAddrNetworkIPv6: [fc00::]/7
+AutomapHostsSuffixes .onion,.exit
+AutomapHostsOnResolve 1
+TransPort {{ tor_trans_port }}
+DNSPort {{ tor_dns_port }}
\ No newline at end of file
diff --git a/setup.yml b/setup.yml
new file mode 100644
index 0000000..5fa669f
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1,4 @@
+---
+- hosts: localhost
+  roles:
+    - tor_gateway
\ No newline at end of file