diff options
author | Matthieu Saulnier <fantom@fedoraproject.org> | 2015-01-09 23:27:36 +0100 |
---|---|---|
committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2015-01-09 23:27:36 +0100 |
commit | 2bcfdeb042eea7dee32ad8e1b55c4c0029de2645 (patch) | |
tree | 1f526441b7e862ede9d230d3527381428c8f9976 | |
parent | 0238c3e556273f147ab3810cd3c49d8462362d11 (diff) | |
download | playbooks-ansible-2bcfdeb042eea7dee32ad8e1b55c4c0029de2645.tar.gz playbooks-ansible-2bcfdeb042eea7dee32ad8e1b55c4c0029de2645.tar.xz playbooks-ansible-2bcfdeb042eea7dee32ad8e1b55c4c0029de2645.zip |
Add new virtual machine in computers park
Use Tor for xmpp client poezio
Remove postfix stuff in common role, new role for postfix will be created later
Add condition on GPM service as quickfix
Add proxychains package installation on all hosts
Update conditions in torrc template file using host_vars
Add Tor relay fingerprint of new node
-rw-r--r-- | host_vars/176.31.191.26 | 4 | ||||
-rw-r--r-- | host_vars/lancaster.casperlefantom.net | 5 | ||||
-rw-r--r-- | host_vars/ns2.casperlefantom.net | 6 | ||||
-rw-r--r-- | host_vars/vm01.casperlefantom.net | 1 | ||||
-rw-r--r-- | host_vars/vm03.casperlefantom.net | 1 | ||||
-rw-r--r-- | hosts | 1 | ||||
-rw-r--r-- | roles/common/files/bashrc | 2 | ||||
-rw-r--r-- | roles/common/files/zshrc | 2 | ||||
-rw-r--r-- | roles/common/tasks/pkgs.yml | 1 | ||||
-rw-r--r-- | roles/common/tasks/services.yml | 7 | ||||
-rw-r--r-- | roles/torrelay/files/proxychains.conf | 66 | ||||
-rw-r--r-- | roles/torrelay/tasks/main.yml | 14 | ||||
-rw-r--r-- | roles/torrelay/templates/torrc.j2 | 30 | ||||
-rw-r--r-- | roles/torrelay/vars/main.yml | 14 |
14 files changed, 115 insertions, 39 deletions
diff --git a/host_vars/176.31.191.26 b/host_vars/176.31.191.26 new file mode 100644 index 0000000..df28d52 --- /dev/null +++ b/host_vars/176.31.191.26 @@ -0,0 +1,4 @@ +nickname: Casper03 +is_public: true +bprate: 800 +bpburst: 900 diff --git a/host_vars/lancaster.casperlefantom.net b/host_vars/lancaster.casperlefantom.net new file mode 100644 index 0000000..e79ffd0 --- /dev/null +++ b/host_vars/lancaster.casperlefantom.net @@ -0,0 +1,5 @@ +nickname: Casper02 +bprate: 50 +bpburst: 60 +is_public: true +is_mail: true diff --git a/host_vars/ns2.casperlefantom.net b/host_vars/ns2.casperlefantom.net new file mode 100644 index 0000000..b73965f --- /dev/null +++ b/host_vars/ns2.casperlefantom.net @@ -0,0 +1,6 @@ +nickname: Casper01 +is_exit: true +tor_address: tor-proxy-readme.casperlefantom.net +is_public: true +bprate: 800 +bpburst: 900 diff --git a/host_vars/vm01.casperlefantom.net b/host_vars/vm01.casperlefantom.net new file mode 100644 index 0000000..e8b53f1 --- /dev/null +++ b/host_vars/vm01.casperlefantom.net @@ -0,0 +1 @@ +is_jabber: true diff --git a/host_vars/vm03.casperlefantom.net b/host_vars/vm03.casperlefantom.net new file mode 100644 index 0000000..d2ed4ef --- /dev/null +++ b/host_vars/vm03.casperlefantom.net @@ -0,0 +1 @@ +is_bitcoin: true @@ -21,6 +21,7 @@ mosquito.casperlefantom.net localhost mosquito.casperlefantom.net ns2.casperlefantom.net +176.31.191.26 [proxies] ns2.casperlefantom.net diff --git a/roles/common/files/bashrc b/roles/common/files/bashrc index b3738eb..7bb9593 100644 --- a/roles/common/files/bashrc +++ b/roles/common/files/bashrc @@ -15,7 +15,7 @@ alias screenoff='xset dpms force off' alias ltx='tmux ls' alias atx='tmux attach -t' alias addkey='gpg --keyserver hkp://keys.fedoraproject.org --recv-key' -alias poezio='tmux -2 new-session -s poezio -n poezio-debug "poezio --debug ~/.local/share/poezio/debug.log"' +alias poezio='tmux -2 new-session -s poezio -n "poezio-debug by tor" "proxychains poezio --debug ~/.local/share/poezio/debug.log"' # Source global definitions if [ -f /etc/bashrc ]; then diff --git a/roles/common/files/zshrc b/roles/common/files/zshrc index 244cd99..3adbe7e 100644 --- a/roles/common/files/zshrc +++ b/roles/common/files/zshrc @@ -24,7 +24,7 @@ alias screenoff='xset dpms force off' alias ltx='tmux ls' alias atx='tmux attach -t' alias addkey='gpg --keyserver hkp://keys.fedoraproject.org --recv-key' -alias poezio='tmux -2 new-session -s poezio -n poezio-debug "poezio --debug ~/.local/share/poezio/debug.log"' +alias poezio='tmux -2 new-session -s poezio -n "poezio-debug by tor" "proxychains poezio --debug ~/.local/share/poezio/debug.log"' # Define personal variables if [ -f $HOME/bin/setvars ]; then diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml index 64d5390..309192b 100644 --- a/roles/common/tasks/pkgs.yml +++ b/roles/common/tasks/pkgs.yml @@ -8,7 +8,6 @@ - yum-plugin-verify - screen - powertop - - postfix - ipset - patch - gpm diff --git a/roles/common/tasks/services.yml b/roles/common/tasks/services.yml index bb21e2b..b39f68f 100644 --- a/roles/common/tasks/services.yml +++ b/roles/common/tasks/services.yml @@ -1,11 +1,6 @@ -- name: Configuration MTA de Alternatives - alternatives: name=mta link=/usr/sbin/sendmail path=/usr/sbin/sendmail.postfix - -- name: Activation et démarrage du service postfix - service: name=postfix state=started enabled=yes - - name: Activation et démarrage du service Console Mouse Manager service: name=gpm state=started enabled=yes + when: ansible_default_ipv4.address != "176.31.191.26" - name: Activation et démarrage du service lm_sensors service: name=lm_sensors state=started enabled=yes diff --git a/roles/torrelay/files/proxychains.conf b/roles/torrelay/files/proxychains.conf new file mode 100644 index 0000000..4e694de --- /dev/null +++ b/roles/torrelay/files/proxychains.conf @@ -0,0 +1,66 @@ +# proxychains.conf VER 3.1 +# +# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS. +# + +# The option below identifies how the ProxyList is treated. +# only one option should be uncommented at time, +# otherwise the last appearing option will be accepted +# +#dynamic_chain +# +# Dynamic - Each connection will be done via chained proxies +# all proxies chained in the order as they appear in the list +# at least one proxy must be online to play in chain +# (dead proxies are skipped) +# otherwise EINTR is returned to the app +# +strict_chain +# +# Strict - Each connection will be done via chained proxies +# all proxies chained in the order as they appear in the list +# all proxies must be online to play in chain +# otherwise EINTR is returned to the app +# +#random_chain +# +# Random - Each connection will be done via random proxy +# (or proxy chain, see chain_len) from the list. +# this option is good to test your IDS :) + +# Make sense only if random_chain +#chain_len = 2 + +# Quiet mode (no output from library) +#quiet_mode +quiet_mode + +# Proxy DNS requests - no leak for DNS data +proxy_dns + +# Some timeouts in milliseconds +tcp_read_time_out 15000 +tcp_connect_time_out 8000 + +# ProxyList format +# type host port [user pass] +# (values separated by 'tab' or 'blank') +# +# +# Examples: +# +# socks5 192.168.67.78 1080 lamer secret +# http 192.168.89.3 8080 justu hidden +# socks4 192.168.1.49 1080 +# http 192.168.39.93 8080 +# +# +# proxy types: http, socks4, socks5 +# ( auth types supported: "basic"-http "user/pass"-socks ) +# +[ProxyList] +# add proxy here ... +# meanwile +# defaults set to "tor" +socks4 127.0.0.1 9050 + diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml index 265255c..e60ef3b 100644 --- a/roles/torrelay/tasks/main.yml +++ b/roles/torrelay/tasks/main.yml @@ -6,8 +6,16 @@ yum: name=tor state=present when: ansible_distribution == "Fedora" -- name: Installation du paquet tor-arm depuis le dépôt - yum: name=tor-arm state=present +- name: Installation de paquets optionnels depuis le dépôt + yum: name={{ item }} state=present + with_items: + - tor-arm + - proxychains + when: ansible_distribution == "Fedora" + +- name: Configuration de proxychains + copy: src=proxychains.conf dest=/etc/proxychains.conf + mode=644 when: ansible_distribution == "Fedora" - name: Création des répertoires de base @@ -29,7 +37,7 @@ with_nested: - [ '9001/tcp', '9030/tcp' ] - [ 'true', 'false' ] - when: ansible_distribution == "Fedora" + when: ansible_distribution == "Fedora" and is_public is defined - name: Activation et démarrage du relai Tor service: name=tor state=started enabled=yes diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2 index 6643955..c45af50 100644 --- a/roles/torrelay/templates/torrc.j2 +++ b/roles/torrelay/templates/torrc.j2 @@ -11,39 +11,37 @@ DataDirectory /var/lib/tor {% block keys %}{% endblock %} HiddenServiceDir /var/lib/tor/hidden_service1/ HiddenServicePort 22 127.0.0.1:22 +{% if is_public is defined %} HiddenServicePort 9030 127.0.0.1:9030 +{% endif %} HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 443 127.0.0.1:443 -{% if ansible_default_ipv6.address == mail_ipv6 %} +{% if is_mail is defined %} HiddenServicePort 143 127.0.0.1:143 HiddenServicePort 993 127.0.0.1:993 HiddenServicePort 25 127.0.0.1:25 HiddenServicePort 587 127.0.0.1:587 {% endif %} -{% if ansible_default_ipv6.address == jabber_ipv6 %} +{% if is_jabber is defined %} HiddenServicePort 5222 127.0.0.1:5222 {% endif %} -{% if ansible_default_ipv6.address == btc_ipv6 %} +{% if is_bitcoin is defined %} HiddenServicePort 8333 127.0.0.1:8333 {% endif %} -ORPort 9001 -{% if ansible_default_ipv6.address == exit_ipv6 %} -Address tor-proxy-readme.casperlefantom.net +{% if is_public is defined %} +ORPort {{ orport }} +{% if tor_address is defined %} +Address {{ tor_address }} {% endif %} Nickname {{ nickname }} -{% if ansible_default_ipv6.address == exit_ipv6 %} -RelayBandwidthRate {{ exitbprate }} KB -RelayBandwidthBurst {{ exitbpburst }} KB -{% endif %} -{% if ansible_default_ipv6.address != exit_ipv6 %} -RelayBandwidthRate {{ relaybprate }} KB -RelayBandwidthBurst {{ relaybpburst }} KB -{% endif %} +RelayBandwidthRate {{ bprate }} KB +RelayBandwidthBurst {{ bpburst }} KB ContactInfo {{ contactinfo }} -DirPort 9030 +DirPort {{ dirport }} DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html +{% endif %} MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %} -{% if ansible_default_ipv6.address != exit_ipv6 %} +{% if is_exit is not defined %} ExitPolicy reject *:* {% endif %} diff --git a/roles/torrelay/vars/main.yml b/roles/torrelay/vars/main.yml index 8a5ccd0..95f33b6 100644 --- a/roles/torrelay/vars/main.yml +++ b/roles/torrelay/vars/main.yml @@ -1,16 +1,8 @@ -nickname: Casper -exitbprate: 200 -exitbpburst: 400 -relaybprate: 50 -relaybpburst: 60 +orport: 9001 contactinfo: '0x83288189 Casper <fantom AT fedoraproject dot org>' +dirport: 9030 versionupstream: 0.2.5.10 -mail_ipv6: 2a01:e35:2f76:7750::4 -jabber_ipv6: 2a01:e35:2f76:7750::10 -exit_ipv6: 2a00:c70:1:178:170:111:194:c0de -btc_ipv6: 2a01:e35:2f76:7750::12 fingerprints: - D8AE9C760B74AFE3CA0F48EEB21271E22CF25F7A - C9B3C1661A9577BA24C1C2C6123918921A495509 - - AA03F59D887B21751552A54CBCCA321CFE6E9228 - - DAF47F992BADEAB31784B82118DB0AF99A0196AF + - 8AAACCAEF793C4C55999A53DC1FFFA43D9FFE224 |