Initial commit
This commit is contained in:
Philip (a-0)
commit
27ad3dba99
8 changed files with 100 additions and 0 deletions
4
roles/tor_gateway/defaults/main.yml
Normal file
4
roles/tor_gateway/defaults/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
tor_trans_port: 9040
|
||||
tor_dns_port: 5353
|
||||
tor_logfile_path: /var/log/tor/notices.log
|
||||
8
roles/tor_gateway/handlers/main.yml
Normal file
8
roles/tor_gateway/handlers/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: save iptables v4 rules
|
||||
shell: iptables-save > /etc/iptables/rules.v4
|
||||
listen: persist iptables
|
||||
|
||||
- name: save iptables v6 rules
|
||||
shell: ip6tables-save > /etc/iptables/rules.v6
|
||||
listen: persist iptables
|
||||
73
roles/tor_gateway/tasks/main.yml
Normal file
73
roles/tor_gateway/tasks/main.yml
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
- name: Install tor
|
||||
apt:
|
||||
name: tor
|
||||
update_cache: yes
|
||||
|
||||
- name: Set torrc file
|
||||
template:
|
||||
src: torrc.j2
|
||||
dest: /etc/tor/torrc
|
||||
|
||||
- name: Forward IPv4 TCP traffic to TOR
|
||||
become: yes
|
||||
iptables:
|
||||
ip_version: ipv4
|
||||
table: nat
|
||||
chain: PREROUTING
|
||||
in_interface: "{{ vm_net_interface_name }}"
|
||||
ctstate: NEW
|
||||
protocol: tcp
|
||||
jump: REDIRECT
|
||||
to_ports: "{{ tor_trans_port }}"
|
||||
notify: persist iptables
|
||||
|
||||
- name: Forward IPv6 TCP traffic to TOR
|
||||
become: yes
|
||||
iptables:
|
||||
ip_version: ipv6
|
||||
table: nat
|
||||
chain: PREROUTING
|
||||
in_interface: "{{ vm_net_interface_name }}"
|
||||
ctstate: NEW
|
||||
protocol: tcp
|
||||
jump: REDIRECT
|
||||
to_ports: "{{ tor_trans_port }}"
|
||||
notify: persist iptables
|
||||
|
||||
- name: Forward IPv4 DNS traffic to TOR
|
||||
become: yes
|
||||
iptables:
|
||||
ip_version: ipv4
|
||||
table: nat
|
||||
chain: PREROUTING
|
||||
in_interface: "{{ vm_net_interface_name }}"
|
||||
protocol: udp
|
||||
jump: REDIRECT
|
||||
to_ports: "{{ tor_dns_port }}"
|
||||
notify: persist iptables
|
||||
|
||||
- name: Forward IPv6 DNS traffic to TOR
|
||||
become: yes
|
||||
iptables:
|
||||
ip_version: ipv6
|
||||
table: nat
|
||||
chain: PREROUTING
|
||||
in_interface: "{{ vm_net_interface_name }}"
|
||||
protocol: udp
|
||||
jump: REDIRECT
|
||||
to_ports: "{{ tor_dns_port }}"
|
||||
notify: persist iptables
|
||||
|
||||
- name: Ensure log file exists
|
||||
file:
|
||||
path: "{{ tor_logfile_path }}"
|
||||
state: touch
|
||||
owner: debian-tor
|
||||
mode: 0644
|
||||
|
||||
- name: Start and enable tor service
|
||||
service:
|
||||
name: tor
|
||||
state: started
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
7
roles/tor_gateway/templates/torrc.j2
Normal file
7
roles/tor_gateway/templates/torrc.j2
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
Log notice file {{ tor_logfile_path }}
|
||||
VirtualAddrNetworkIPv4 10.192.0.0/10
|
||||
VirtualAddrNetworkIPv6: [fc00::]/7
|
||||
AutomapHostsSuffixes .onion,.exit
|
||||
AutomapHostsOnResolve 1
|
||||
TransPort {{ tor_trans_port }}
|
||||
DNSPort {{ tor_dns_port }}
|
||||
Loading…
Add table
Add a link
Reference in a new issue