Initial commit

group_vars/all/vars.yml

@@ -0,0 +1 @@
+---

inventory/hosts.yml

@@ -0,0 +1,3 @@
+---
+all:
+  localhost:

roles/tor_gateway/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+tor_trans_port: 9040
+tor_dns_port: 5353
+tor_logfile_path: /var/log/tor/notices.log

roles/tor_gateway/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: save iptables v4 rules
+  shell: iptables-save > /etc/iptables/rules.v4
+  listen: persist iptables
+
+- name: save iptables v6 rules
+  shell: ip6tables-save > /etc/iptables/rules.v6
+  listen: persist iptables

roles/tor_gateway/tasks/main.yml

@@ -0,0 +1,73 @@
+- name: Install tor
+  apt:
+    name: tor
+    update_cache: yes
+
+- name: Set torrc file
+  template:
+    src: torrc.j2
+    dest: /etc/tor/torrc
+
+- name: Forward IPv4 TCP traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv4
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    ctstate: NEW
+    protocol: tcp
+    jump: REDIRECT
+    to_ports: "{{ tor_trans_port }}"
+  notify: persist iptables
+
+- name: Forward IPv6 TCP traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv6
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    ctstate: NEW
+    protocol: tcp
+    jump: REDIRECT
+    to_ports: "{{ tor_trans_port }}"
+  notify: persist iptables
+
+- name: Forward IPv4 DNS traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv4
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    protocol: udp
+    jump: REDIRECT
+    to_ports: "{{ tor_dns_port }}"
+  notify: persist iptables
+
+- name: Forward IPv6 DNS traffic to TOR
+  become: yes
+  iptables:
+    ip_version: ipv6
+    table: nat
+    chain: PREROUTING
+    in_interface: "{{ vm_net_interface_name }}"
+    protocol: udp
+    jump: REDIRECT
+    to_ports: "{{ tor_dns_port }}"
+  notify: persist iptables
+
+- name: Ensure log file exists
+  file:
+    path: "{{ tor_logfile_path }}"
+    state: touch
+    owner: debian-tor
+    mode: 0644
+
+- name: Start and enable tor service
+  service:
+    name: tor
+    state: started
+    enabled: yes
+    daemon_reload: yes

roles/tor_gateway/templates/torrc.j2

@@ -0,0 +1,7 @@
+Log notice file {{ tor_logfile_path }}
+VirtualAddrNetworkIPv4 10.192.0.0/10
+VirtualAddrNetworkIPv6: [fc00::]/7
+AutomapHostsSuffixes .onion,.exit
+AutomapHostsOnResolve 1
+TransPort {{ tor_trans_port }}
+DNSPort {{ tor_dns_port }}

setup.yml

@@ -0,0 +1,4 @@
+---
+- hosts: localhost
+  roles:
+    - tor_gateway