Use host variables in tor config file template

9 files changed, 46 insertions, 34 deletions

diff --git a/.gitignore b/.gitignore
index 265f60f..a146b72 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
 roles/dnsserver/vars/keys.yml
 roles/torrelay/templates/keys.j2
+roles/torrelay/vars/email.yml
+roles/torrelay/vars/keys.yml
 roles/mtaserver/files/virtual
 roles/mtaserver/files/credentials
 roles/reverseproxy/vars/email.yml
diff --git a/host_vars/192.168.0.25 b/host_vars/192.168.0.25
index fc92c48..ee1c22c 100644
--- a/host_vars/192.168.0.25
+++ b/host_vars/192.168.0.25
@@ -2,7 +2,13 @@ is_dnsmaster: true
 is_ntpmaster: true
 is_bridge: true
 is_mtamaster: true
-is_tormaster: true
+# torrelay
+hiddenservices:
+  - { number: 2, port: 80, host: "127.0.0.1:4433" }
+  - { number: 3, port: 80, host: "127.0.0.1:4433" }
+  - { number: 4, port: 443, host: "127.0.0.1:4434" }
+  - { number: 5, port: 80, host: "127.0.0.1:4433" }
+  - { number: 6, port: 80, host: "127.0.0.1:4433" }
 # reverseproxy
 domainhttps:
   - admin.casperlefantom.net
diff --git a/host_vars/d72vewh3wa4lwpaj.onion b/host_vars/d72vewh3wa4lwpaj.onion
index fc92c48..ee1c22c 100644
--- a/host_vars/d72vewh3wa4lwpaj.onion
+++ b/host_vars/d72vewh3wa4lwpaj.onion
@@ -2,7 +2,13 @@ is_dnsmaster: true
 is_ntpmaster: true
 is_bridge: true
 is_mtamaster: true
-is_tormaster: true
+# torrelay
+hiddenservices:
+  - { number: 2, port: 80, host: "127.0.0.1:4433" }
+  - { number: 3, port: 80, host: "127.0.0.1:4433" }
+  - { number: 4, port: 443, host: "127.0.0.1:4434" }
+  - { number: 5, port: 80, host: "127.0.0.1:4433" }
+  - { number: 6, port: 80, host: "127.0.0.1:4433" }
 # reverseproxy
 domainhttps:
   - admin.casperlefantom.net
diff --git a/host_vars/manchester.casperlefantom.net b/host_vars/manchester.casperlefantom.net
index fc92c48..ee1c22c 100644
--- a/host_vars/manchester.casperlefantom.net
+++ b/host_vars/manchester.casperlefantom.net
@@ -2,7 +2,13 @@ is_dnsmaster: true
 is_ntpmaster: true
 is_bridge: true
 is_mtamaster: true
-is_tormaster: true
+# torrelay
+hiddenservices:
+  - { number: 2, port: 80, host: "127.0.0.1:4433" }
+  - { number: 3, port: 80, host: "127.0.0.1:4433" }
+  - { number: 4, port: 443, host: "127.0.0.1:4434" }
+  - { number: 5, port: 80, host: "127.0.0.1:4433" }
+  - { number: 6, port: 80, host: "127.0.0.1:4433" }
 # reverseproxy
 domainhttps:
   - admin.casperlefantom.net
diff --git a/host_vars/manchester.home.casperlefantom.net b/host_vars/manchester.home.casperlefantom.net
index fc92c48..ee1c22c 100644
--- a/host_vars/manchester.home.casperlefantom.net
+++ b/host_vars/manchester.home.casperlefantom.net
@@ -2,7 +2,13 @@ is_dnsmaster: true
 is_ntpmaster: true
 is_bridge: true
 is_mtamaster: true
-is_tormaster: true
+# torrelay
+hiddenservices:
+  - { number: 2, port: 80, host: "127.0.0.1:4433" }
+  - { number: 3, port: 80, host: "127.0.0.1:4433" }
+  - { number: 4, port: 443, host: "127.0.0.1:4434" }
+  - { number: 5, port: 80, host: "127.0.0.1:4433" }
+  - { number: 6, port: 80, host: "127.0.0.1:4433" }
 # reverseproxy
 domainhttps:
   - admin.casperlefantom.net
diff --git a/roles/torrelay/tasks/config.yml b/roles/torrelay/tasks/config.yml
index 39f215a..88eb01c 100644
--- a/roles/torrelay/tasks/config.yml
+++ b/roles/torrelay/tasks/config.yml
@@ -18,7 +18,7 @@
 
 - name: Configuration du service
   template:
-    src: keys.j2
+    src: torrc.j2
     dest: /etc/tor/torrc
     owner: root
     group: root
diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml
index a1cde63..e95fb16 100644
--- a/roles/torrelay/tasks/main.yml
+++ b/roles/torrelay/tasks/main.yml
@@ -1,3 +1,9 @@
+- name: Loading hidden variables email
+  include_vars: email.yml
+
+- name: Loading hidden variables keys
+  include_vars: keys.yml
+
 - name: Installation des paquets
   import_tasks: pkgs.yml
 
diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2
index 6a0c1e0..482ee1f 100644
--- a/roles/torrelay/templates/torrc.j2
+++ b/roles/torrelay/templates/torrc.j2
@@ -1,22 +1,14 @@
 Log notice file /var/log/tor/notices.log
 Log warn file /var/log/tor/warnings.log
-# Here are ControlPort configuration imported from ansible template keys.j2
-#
-# for exemple:
-#   ControlPort 9051
-#   HashedControlPassword my-hashed-password-here
-#
-{% block keys %}{% endblock %}
+ControlPort 9051
+HashedControlPassword {{ controlpasswd }}
 
 
 HiddenServiceDir /var/lib/tor/hidden_service1/
 HiddenServicePort 22 127.0.0.1:22
 HiddenServicePort 54444 127.0.0.1:54444
-
-
-{% if ansible_distribution == "Fedora" %}
 HiddenServicePort 9090 127.0.0.1:9090
-{% endif %}
+HiddenServicePort 80 127.0.0.1:4433
 
 
 {% if is_mtamaster is defined %}
@@ -27,19 +19,11 @@ HiddenServicePort 587 127.0.0.1:587
 {% endif %}
 
 
-{% if is_tormaster is defined %}
-HiddenServicePort 80 127.0.0.1:4433
-HiddenServiceDir /var/lib/tor/hidden_service2/
-HiddenServicePort 80 127.0.0.1:4433
-HiddenServiceDir /var/lib/tor/hidden_service3/
-HiddenServicePort 80 127.0.0.1:4433
-HiddenServiceDir /var/lib/tor/hidden_service4/
-HiddenServicePort 80 127.0.0.1:4434
-HiddenServicePort 443 127.0.0.1:4434
-HiddenServiceDir /var/lib/tor/hidden_service5/
-HiddenServicePort 80 127.0.0.1:4433
-HiddenServiceDir /var/lib/tor/hidden_service6/
-HiddenServicePort 80 127.0.0.1:4433
+{% if hiddenservices is defined %}
+{% for service in hiddenservices %}
+HiddenServiceDir /var/lib/tor/hidden_service{{ service.number }}/
+HiddenServicePort {{ service.port }} {{ service.host }}
+{% endfor %}
 {% endif %}
 
 
@@ -81,9 +65,6 @@ MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %}
 
 {% if is_exit is defined %}
 ExitRelay 1
-{% endif %}
-
-
-{% if is_exit is not defined %}
+{% else %}
 ExitPolicy reject *:*
 {% endif %}
diff --git a/roles/torrelay/vars/main.yml b/roles/torrelay/vars/main.yml
index c77c9e5..9f5db23 100644
--- a/roles/torrelay/vars/main.yml
+++ b/roles/torrelay/vars/main.yml
@@ -1,5 +1,4 @@
 orport: 9001
-contactinfo: '0x83288189 Casper <fantom AT fedoraproject dot org>'
 dirport: 9030
 fingerprints:
   - 7350AB9ED7568F22745198359373C04AC783C37C