diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-01-06 18:48:59 +0100 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-01-06 18:48:59 +0100 |
| commit | 9222b89e867d33923dc695088e2f995312f07cb8 (patch) | |
| tree | 460ba7dd2a93a58b1bf63fd3e36fc8b9a0d3566e | |
| parent | 52097b94aa3969f6345c6ef043f14fc78dfc8261 (diff) | |
| download | playbooks-ansible-9222b89e867d33923dc695088e2f995312f07cb8.tar.gz playbooks-ansible-9222b89e867d33923dc695088e2f995312f07cb8.tar.xz playbooks-ansible-9222b89e867d33923dc695088e2f995312f07cb8.zip | |
Split torreplay tasks into multiple files
| -rw-r--r-- | roles/torrelay/tasks/config.yml | 17 | ||||
| -rw-r--r-- | roles/torrelay/tasks/fw.yml | 13 | ||||
| -rw-r--r-- | roles/torrelay/tasks/main.yml | 81 | ||||
| -rw-r--r-- | roles/torrelay/tasks/pkgs.yml | 21 | ||||
| -rw-r--r-- | roles/torrelay/tasks/selinux.yml | 18 | ||||
| -rw-r--r-- | roles/torrelay/tasks/services.yml | 2 |
6 files changed, 81 insertions, 71 deletions
diff --git a/roles/torrelay/tasks/config.yml b/roles/torrelay/tasks/config.yml new file mode 100644 index 0000000..3936e11 --- /dev/null +++ b/roles/torrelay/tasks/config.yml @@ -0,0 +1,17 @@ +- name: Configuration de proxychains + copy: src=proxychains.conf dest=/etc/proxychains.conf + mode=644 + when: ansible_distribution == "Fedora" + +- name: Création des répertoires de base + file: path=/usr/local/share/tor state=directory + +- name: Installation de la page html + copy: src=index-fedora.html dest=/usr/local/share/tor/tor-exit-notice.html + mode=644 + +- name: Configuration du service + template: src=keys.j2 dest=/etc/tor/torrc + owner=root + group=root + mode=644 diff --git a/roles/torrelay/tasks/fw.yml b/roles/torrelay/tasks/fw.yml new file mode 100644 index 0000000..c20cf7e --- /dev/null +++ b/roles/torrelay/tasks/fw.yml @@ -0,0 +1,13 @@ +- name: Ouverture des ports Firewalld standards + firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled + with_nested: + - [ '9001/tcp', '9030/tcp' ] + - [ 'true', 'false' ] + when: ansible_distribution == "Fedora" and is_public is defined + +- name: Ouverture des ports Firewalld spéciaux + firewalld: service={{ item[0] }} permanent={{ item[1] }} state=enabled + with_nested: + - [ 'pop3', 'pop3s' ] + - [ 'true', 'false' ] + when: ansible_distribution == "Fedora" and is_gardian is defined diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml index 5b960e5..1081c8b 100644 --- a/roles/torrelay/tasks/main.yml +++ b/roles/torrelay/tasks/main.yml @@ -1,75 +1,14 @@ -- name: Installation du paquet Tor depuis le dépôt - yum: name=tor state=present - when: ansible_pkg_mgr == "yum" +- name: Installation des paquets + include: pkgs.yml -- name: Installation du paquet Tor depuis le dépôt - dnf: name=tor state=present - when: ansible_pkg_mgr == "dnf" +- name: Configuration des services + include: config.yml -- name: Installation de paquets optionnels depuis le dépôt - yum: name={{ item }} state=present - with_items: - - tor-arm - - proxychains - when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "yum" +- name: Configuration du parefeu + include: fw.yml -- name: Installation de paquets optionnels depuis le dépôt - dnf: name={{ item }} state=present - with_items: - - tor-arm - - proxychains - when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "dnf" +- name: Modules et booleens SELinux + include: selinux.yml -- name: Configuration de proxychains - copy: src=proxychains.conf dest=/etc/proxychains.conf - mode=644 - when: ansible_distribution == "Fedora" - -- name: Création des répertoires de base - file: path=/usr/local/share/tor state=directory - -- name: Installation de la page d'accueil html - copy: src=index-fedora.html dest=/usr/local/share/tor/tor-exit-notice.html - mode=644 - -- name: Configuration du service - template: src=keys.j2 dest=/etc/tor/torrc - owner=root - group=root - mode=644 - -- name: Ouverture des ports Firewalld standards - firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled - with_nested: - - [ '9001/tcp', '9030/tcp' ] - - [ 'true', 'false' ] - when: ansible_distribution == "Fedora" and is_public is defined - -- name: Ouverture des ports Firewalld spéciaux - firewalld: service={{ item[0] }} permanent={{ item[1] }} state=enabled - with_nested: - - [ 'pop3', 'pop3s' ] - - [ 'true', 'false' ] - when: ansible_distribution == "Fedora" and is_gardian is defined - -- name: Déploiement du module SELinux pour hidden_services - copy: src=tor-selinux-f22-policy-module.pp dest=/root/tor-selinux-f22-policy-module.pp - mode=644 - when: ansible_distribution == "Fedora" - -- name: Déploiement du module SELinux pour AVC dac error - copy: src=tor-dac-capabilities.pp dest=/root/tor-dac-capabilities.pp - mode=644 - when: ansible_distribution == "Fedora" - -- name: Déploiement du module SELinux pour hidden_services - copy: src=tor-selinux-centos6.6-policy-module.pp dest=/root/tor-selinux-centos6.6-policy-module.pp - mode=644 - when: ansible_distribution == "CentOS" - -- name: Configuration du booleen SELinux - seboolean: name=tor_can_network_relay state=yes persistent=yes - when: ansible_selinux.status != "disabled" and is_gardian is defined - -- name: Activation et démarrage du relai Tor - service: name=tor state=started enabled=yes +- name: Gestion du service + include: services.yml diff --git a/roles/torrelay/tasks/pkgs.yml b/roles/torrelay/tasks/pkgs.yml new file mode 100644 index 0000000..67e9d1d --- /dev/null +++ b/roles/torrelay/tasks/pkgs.yml @@ -0,0 +1,21 @@ +- name: Installation du paquet Tor depuis le dépôt + yum: name=tor state=present + when: ansible_pkg_mgr == "yum" + +- name: Installation du paquet Tor depuis le dépôt + dnf: name=tor state=present + when: ansible_pkg_mgr == "dnf" + +- name: Installation de paquets optionnels depuis le dépôt + yum: name={{ item }} state=present + with_items: + - tor-arm + - proxychains + when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "yum" + +- name: Installation de paquets optionnels depuis le dépôt + dnf: name={{ item }} state=present + with_items: + - tor-arm + - proxychains + when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "dnf" diff --git a/roles/torrelay/tasks/selinux.yml b/roles/torrelay/tasks/selinux.yml new file mode 100644 index 0000000..39b98c9 --- /dev/null +++ b/roles/torrelay/tasks/selinux.yml @@ -0,0 +1,18 @@ +- name: Déploiement du module SELinux pour hidden_services + copy: src=tor-selinux-f22-policy-module.pp dest=/root/tor-selinux-f22-policy-module.pp + mode=644 + when: ansible_distribution == "Fedora" + +- name: Déploiement du module SELinux pour AVC dac error + copy: src=tor-dac-capabilities.pp dest=/root/tor-dac-capabilities.pp + mode=644 + when: ansible_distribution == "Fedora" + +- name: Déploiement du module SELinux pour hidden_services + copy: src=tor-selinux-centos6.6-policy-module.pp dest=/root/tor-selinux-centos6.6-policy-module.pp + mode=644 + when: ansible_distribution == "CentOS" + +- name: Configuration du booleen SELinux + seboolean: name=tor_can_network_relay state=yes persistent=yes + when: ansible_selinux.status != "disabled" and is_gardian is defined diff --git a/roles/torrelay/tasks/services.yml b/roles/torrelay/tasks/services.yml new file mode 100644 index 0000000..e0c6876 --- /dev/null +++ b/roles/torrelay/tasks/services.yml @@ -0,0 +1,2 @@ +- name: Activation et démarrage du relai Tor + service: name=tor state=started enabled=yes |