78 lines
No EOL
1.6 KiB
YAML
78 lines
No EOL
1.6 KiB
YAML
- name: Install tor
|
|
apt:
|
|
name: tor
|
|
update_cache: yes
|
|
|
|
- name: Set torrc file
|
|
template:
|
|
src: torrc.j2
|
|
dest: /etc/tor/torrc
|
|
|
|
- name: Install iptables-persistent
|
|
apt:
|
|
name: iptables-persistent
|
|
state: present
|
|
|
|
- name: Forward IPv4 TCP traffic to TOR
|
|
become: yes
|
|
iptables:
|
|
ip_version: ipv4
|
|
table: nat
|
|
chain: PREROUTING
|
|
in_interface: "{{ vm_net_interface_name }}"
|
|
ctstate: NEW
|
|
protocol: tcp
|
|
jump: REDIRECT
|
|
to_ports: "{{ tor_trans_port }}"
|
|
notify: persist iptables
|
|
|
|
- name: Forward IPv6 TCP traffic to TOR
|
|
become: yes
|
|
iptables:
|
|
ip_version: ipv6
|
|
table: nat
|
|
chain: PREROUTING
|
|
in_interface: "{{ vm_net_interface_name }}"
|
|
ctstate: NEW
|
|
protocol: tcp
|
|
jump: REDIRECT
|
|
to_ports: "{{ tor_trans_port }}"
|
|
notify: persist iptables
|
|
|
|
- name: Forward IPv4 DNS traffic to TOR
|
|
become: yes
|
|
iptables:
|
|
ip_version: ipv4
|
|
table: nat
|
|
chain: PREROUTING
|
|
in_interface: "{{ vm_net_interface_name }}"
|
|
protocol: udp
|
|
jump: REDIRECT
|
|
to_ports: "{{ tor_dns_port }}"
|
|
notify: persist iptables
|
|
|
|
- name: Forward IPv6 DNS traffic to TOR
|
|
become: yes
|
|
iptables:
|
|
ip_version: ipv6
|
|
table: nat
|
|
chain: PREROUTING
|
|
in_interface: "{{ vm_net_interface_name }}"
|
|
protocol: udp
|
|
jump: REDIRECT
|
|
to_ports: "{{ tor_dns_port }}"
|
|
notify: persist iptables
|
|
|
|
- name: Ensure log file exists
|
|
file:
|
|
path: "{{ tor_logfile_path }}"
|
|
state: touch
|
|
owner: debian-tor
|
|
mode: 0644
|
|
|
|
- name: Start and enable tor service
|
|
service:
|
|
name: tor
|
|
state: started
|
|
enabled: yes
|
|
daemon_reload: yes |