Add new virtual machine in computers park

Use Tor for xmpp client poezio
Remove postfix stuff in common role, new role for postfix will be created later
Add condition on GPM service as quickfix
Add proxychains package installation on all hosts
Update conditions in torrc template file using host_vars
Add Tor relay fingerprint of new node

14 files changed, 115 insertions, 39 deletions

diff --git a/host_vars/176.31.191.26 b/host_vars/176.31.191.26
new file mode 100644
index 0000000..df28d52
--- /dev/null
+++ b/host_vars/176.31.191.26
@@ -0,0 +1,4 @@
+nickname: Casper03
+is_public: true
+bprate: 800
+bpburst: 900
diff --git a/host_vars/lancaster.casperlefantom.net b/host_vars/lancaster.casperlefantom.net
new file mode 100644
index 0000000..e79ffd0
--- /dev/null
+++ b/host_vars/lancaster.casperlefantom.net
@@ -0,0 +1,5 @@
+nickname: Casper02
+bprate: 50
+bpburst: 60
+is_public: true
+is_mail: true
diff --git a/host_vars/ns2.casperlefantom.net b/host_vars/ns2.casperlefantom.net
new file mode 100644
index 0000000..b73965f
--- /dev/null
+++ b/host_vars/ns2.casperlefantom.net
@@ -0,0 +1,6 @@
+nickname: Casper01
+is_exit: true
+tor_address: tor-proxy-readme.casperlefantom.net
+is_public: true
+bprate: 800
+bpburst: 900
diff --git a/host_vars/vm01.casperlefantom.net b/host_vars/vm01.casperlefantom.net
new file mode 100644
index 0000000..e8b53f1
--- /dev/null
+++ b/host_vars/vm01.casperlefantom.net
@@ -0,0 +1 @@
+is_jabber: true
diff --git a/host_vars/vm03.casperlefantom.net b/host_vars/vm03.casperlefantom.net
new file mode 100644
index 0000000..d2ed4ef
--- /dev/null
+++ b/host_vars/vm03.casperlefantom.net
@@ -0,0 +1 @@
+is_bitcoin: true
diff --git a/hosts b/hosts
index d2072ed..f80d36f 100644
--- a/hosts
+++ b/hosts
@@ -21,6 +21,7 @@ mosquito.casperlefantom.net
 localhost
 mosquito.casperlefantom.net
 ns2.casperlefantom.net
+176.31.191.26
 
 [proxies]
 ns2.casperlefantom.net
diff --git a/roles/common/files/bashrc b/roles/common/files/bashrc
index b3738eb..7bb9593 100644
--- a/roles/common/files/bashrc
+++ b/roles/common/files/bashrc
@@ -15,7 +15,7 @@ alias screenoff='xset dpms force off'
 alias ltx='tmux ls'
 alias atx='tmux attach -t'
 alias addkey='gpg --keyserver hkp://keys.fedoraproject.org --recv-key'
-alias poezio='tmux -2 new-session -s poezio -n poezio-debug "poezio --debug ~/.local/share/poezio/debug.log"'
+alias poezio='tmux -2 new-session -s poezio -n "poezio-debug by tor" "proxychains poezio --debug ~/.local/share/poezio/debug.log"'
 
 # Source global definitions
 if [ -f /etc/bashrc ]; then
diff --git a/roles/common/files/zshrc b/roles/common/files/zshrc
index 244cd99..3adbe7e 100644
--- a/roles/common/files/zshrc
+++ b/roles/common/files/zshrc
@@ -24,7 +24,7 @@ alias screenoff='xset dpms force off'
 alias ltx='tmux ls'
 alias atx='tmux attach -t'
 alias addkey='gpg --keyserver hkp://keys.fedoraproject.org --recv-key'
-alias poezio='tmux -2 new-session -s poezio -n poezio-debug "poezio --debug ~/.local/share/poezio/debug.log"'
+alias poezio='tmux -2 new-session -s poezio -n "poezio-debug by tor" "proxychains poezio --debug ~/.local/share/poezio/debug.log"'
 
 # Define personal variables
 if [ -f $HOME/bin/setvars ]; then
diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml
index 64d5390..309192b 100644
--- a/roles/common/tasks/pkgs.yml
+++ b/roles/common/tasks/pkgs.yml
@@ -8,7 +8,6 @@
     - yum-plugin-verify
     - screen
     - powertop
-    - postfix
     - ipset
     - patch
     - gpm
diff --git a/roles/common/tasks/services.yml b/roles/common/tasks/services.yml
index bb21e2b..b39f68f 100644
--- a/roles/common/tasks/services.yml
+++ b/roles/common/tasks/services.yml
@@ -1,11 +1,6 @@
-- name: Configuration MTA de Alternatives
-  alternatives: name=mta link=/usr/sbin/sendmail path=/usr/sbin/sendmail.postfix
-
-- name: Activation et démarrage du service postfix
-  service: name=postfix state=started enabled=yes
-
 - name: Activation et démarrage du service Console Mouse Manager
   service: name=gpm state=started enabled=yes
+  when: ansible_default_ipv4.address != "176.31.191.26"
 
 - name: Activation et démarrage du service lm_sensors
   service: name=lm_sensors state=started enabled=yes
diff --git a/roles/torrelay/files/proxychains.conf b/roles/torrelay/files/proxychains.conf
new file mode 100644
index 0000000..4e694de
--- /dev/null
+++ b/roles/torrelay/files/proxychains.conf
@@ -0,0 +1,66 @@
+# proxychains.conf  VER 3.1
+#
+#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
+#	
+
+# The option below identifies how the ProxyList is treated.
+# only one option should be uncommented at time,
+# otherwise the last appearing option will be accepted
+#
+#dynamic_chain
+#
+# Dynamic - Each connection will be done via chained proxies
+# all proxies chained in the order as they appear in the list
+# at least one proxy must be online to play in chain
+# (dead proxies are skipped)
+# otherwise EINTR is returned to the app
+#
+strict_chain
+#
+# Strict - Each connection will be done via chained proxies
+# all proxies chained in the order as they appear in the list
+# all proxies must be online to play in chain
+# otherwise EINTR is returned to the app
+#
+#random_chain
+#
+# Random - Each connection will be done via random proxy
+# (or proxy chain, see  chain_len) from the list.
+# this option is good to test your IDS :)
+
+# Make sense only if random_chain
+#chain_len = 2
+
+# Quiet mode (no output from library)
+#quiet_mode
+quiet_mode
+
+# Proxy DNS requests - no leak for DNS data
+proxy_dns 
+
+# Some timeouts in milliseconds
+tcp_read_time_out 15000
+tcp_connect_time_out 8000
+
+# ProxyList format
+#       type  host  port [user pass]
+#       (values separated by 'tab' or 'blank')
+#
+#
+#        Examples:
+#
+#            	socks5	192.168.67.78	1080	lamer	secret
+#		http	192.168.89.3	8080	justu	hidden
+#	 	socks4	192.168.1.49	1080
+#	        http	192.168.39.93	8080	
+#		
+#
+#       proxy types: http, socks4, socks5
+#        ( auth types supported: "basic"-http  "user/pass"-socks )
+#
+[ProxyList]
+# add proxy here ...
+# meanwile
+# defaults set to "tor"
+socks4 	127.0.0.1 9050
+
diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml
index 265255c..e60ef3b 100644
--- a/roles/torrelay/tasks/main.yml
+++ b/roles/torrelay/tasks/main.yml
@@ -6,8 +6,16 @@
   yum: name=tor state=present
   when: ansible_distribution == "Fedora"
 
-- name: Installation du paquet tor-arm depuis le dépôt
-  yum: name=tor-arm state=present
+- name: Installation de paquets optionnels depuis le dépôt
+  yum: name={{ item }} state=present
+  with_items:
+    - tor-arm
+    - proxychains
+  when: ansible_distribution == "Fedora"
+
+- name: Configuration de proxychains
+  copy: src=proxychains.conf dest=/etc/proxychains.conf
+        mode=644
   when: ansible_distribution == "Fedora"
 
 - name: Création des répertoires de base
@@ -29,7 +37,7 @@
   with_nested:
     - [ '9001/tcp', '9030/tcp' ]
     - [ 'true', 'false' ]
-  when: ansible_distribution == "Fedora"
+  when: ansible_distribution == "Fedora" and is_public is defined
 
 - name: Activation et démarrage du relai Tor
   service: name=tor state=started enabled=yes
diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2
index 6643955..c45af50 100644
--- a/roles/torrelay/templates/torrc.j2
+++ b/roles/torrelay/templates/torrc.j2
@@ -11,39 +11,37 @@ DataDirectory /var/lib/tor
 {% block keys %}{% endblock %}
 HiddenServiceDir /var/lib/tor/hidden_service1/
 HiddenServicePort 22 127.0.0.1:22
+{% if is_public is defined %}
 HiddenServicePort 9030 127.0.0.1:9030
+{% endif %}
 HiddenServicePort 80 127.0.0.1:80
 HiddenServicePort 443 127.0.0.1:443
-{% if ansible_default_ipv6.address == mail_ipv6 %}
+{% if is_mail is defined %}
 HiddenServicePort 143 127.0.0.1:143
 HiddenServicePort 993 127.0.0.1:993
 HiddenServicePort 25 127.0.0.1:25
 HiddenServicePort 587 127.0.0.1:587
 {% endif %}
-{% if ansible_default_ipv6.address == jabber_ipv6 %}
+{% if is_jabber is defined %}
 HiddenServicePort 5222 127.0.0.1:5222
 {% endif %}
-{% if ansible_default_ipv6.address == btc_ipv6 %}
+{% if is_bitcoin is defined %}
 HiddenServicePort 8333 127.0.0.1:8333
 {% endif %}
-ORPort 9001
-{% if ansible_default_ipv6.address == exit_ipv6 %}
-Address tor-proxy-readme.casperlefantom.net
+{% if is_public is defined %}
+ORPort {{ orport }}
+{% if tor_address is defined %}
+Address {{ tor_address }}
 {% endif %}
 Nickname {{ nickname }}
-{% if ansible_default_ipv6.address == exit_ipv6 %}
-RelayBandwidthRate {{ exitbprate }} KB
-RelayBandwidthBurst {{ exitbpburst }} KB
-{% endif %}
-{% if ansible_default_ipv6.address != exit_ipv6 %}
-RelayBandwidthRate {{ relaybprate }} KB
-RelayBandwidthBurst {{ relaybpburst }} KB
-{% endif %}
+RelayBandwidthRate {{ bprate }} KB
+RelayBandwidthBurst {{ bpburst }} KB
 ContactInfo {{ contactinfo }}
-DirPort 9030
+DirPort {{ dirport }}
 DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html
+{% endif %}
 MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %}
 
-{% if ansible_default_ipv6.address != exit_ipv6 %}
+{% if is_exit is not defined %}
 ExitPolicy reject *:*
 {% endif %}
diff --git a/roles/torrelay/vars/main.yml b/roles/torrelay/vars/main.yml
index 8a5ccd0..95f33b6 100644
--- a/roles/torrelay/vars/main.yml
+++ b/roles/torrelay/vars/main.yml
@@ -1,16 +1,8 @@
-nickname: Casper
-exitbprate: 200
-exitbpburst: 400
-relaybprate: 50
-relaybpburst: 60
+orport: 9001
 contactinfo: '0x83288189 Casper <fantom AT fedoraproject dot org>'
+dirport: 9030
 versionupstream: 0.2.5.10
-mail_ipv6: 2a01:e35:2f76:7750::4
-jabber_ipv6: 2a01:e35:2f76:7750::10
-exit_ipv6: 2a00:c70:1:178:170:111:194:c0de
-btc_ipv6: 2a01:e35:2f76:7750::12
 fingerprints:
   - D8AE9C760B74AFE3CA0F48EEB21271E22CF25F7A
   - C9B3C1661A9577BA24C1C2C6123918921A495509
-  - AA03F59D887B21751552A54CBCCA321CFE6E9228
-  - DAF47F992BADEAB31784B82118DB0AF99A0196AF
+  - 8AAACCAEF793C4C55999A53DC1FFFA43D9FFE224