diff options
Diffstat (limited to 'roles/torrelay')
| -rw-r--r-- | roles/torrelay/tasks/main.yml | 34 | ||||
| -rw-r--r-- | roles/torrelay/templates/torrc.j2 | 39 | ||||
| -rw-r--r-- | roles/torrelay/vars/main.yml | 3 |
3 files changed, 72 insertions, 4 deletions
diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml index cd66d27..fd8cd15 100644 --- a/roles/torrelay/tasks/main.yml +++ b/roles/torrelay/tasks/main.yml @@ -4,14 +4,25 @@ - name: Installation du paquet Tor depuis le dépôt yum: name=tor state=present - when: ansible_distribution == "Fedora" + when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 + +- name: Installation du paquet Tor depuis le dépôt + dnf: name=tor state=present + when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 - name: Installation de paquets optionnels depuis le dépôt yum: name={{ item }} state=present with_items: - tor-arm - proxychains - when: ansible_distribution == "Fedora" + when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 + +- name: Installation de paquets optionnels depuis le dépôt + dnf: name={{ item }} state=present + with_items: + - tor-arm + - proxychains + when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 - name: Configuration de proxychains copy: src=proxychains.conf dest=/etc/proxychains.conf @@ -30,19 +41,34 @@ owner=root group=root mode=644 - notify: restart tor -- name: Ouverture des ports Firewalld +- name: Ouverture des ports Firewalld standards firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled with_nested: - [ '9001/tcp', '9030/tcp' ] - [ 'true', 'false' ] when: ansible_distribution == "Fedora" and is_public is defined +- name: Ouverture des ports Firewalld spéciaux + firewalld: service={{ item[0] }} permanent={{ item[1] }} state=enabled + with_nested: + - [ 'http', 'https' ] + - [ 'true', 'false' ] + when: ansible_distribution == "Fedora" and is_gardian is defined + - name: Déploiement du module SELinux pour hidden_services copy: src=tor-selinux-f22-policy-module.pp dest=/root/tor-selinux-f22-policy-module.pp mode=644 when: ansible_distribution == "Fedora" +- name: Déploiement du module SELinux pour hidden_services + copy: src=tor-selinux-centos6.6-policy-module.pp dest=/root/tor-selinux-centos6.6-policy-module.pp + mode=644 + when: ansible_distribution == "CentOS" + +- name: Configuration du booleen SELinux + seboolean: name=tor_can_network_relay state=yes persistent=yes + when: ansible_selinux.status != "disabled" and is_gardian is defined + - name: Activation et démarrage du relai Tor service: name=tor state=started enabled=yes diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2 index 21f7e92..b2dff22 100644 --- a/roles/torrelay/templates/torrc.j2 +++ b/roles/torrelay/templates/torrc.j2 @@ -11,42 +11,81 @@ DataDirectory /var/lib/tor {% block keys %}{% endblock %} HiddenServiceDir /var/lib/tor/hidden_service1/ HiddenServicePort 22 127.0.0.1:22 + {% if is_public is defined %} HiddenServicePort 9030 127.0.0.1:9030 {% endif %} + HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 443 127.0.0.1:443 + {% if is_mail is defined %} HiddenServicePort 143 127.0.0.1:143 HiddenServicePort 993 127.0.0.1:993 HiddenServicePort 25 127.0.0.1:25 HiddenServicePort 587 127.0.0.1:587 {% endif %} + {% if is_jabber is defined %} HiddenServicePort 5222 127.0.0.1:5222 {% endif %} + {% if is_bitcoin is defined %} HiddenServicePort 8333 127.0.0.1:8333 {% endif %} + {% if is_seeks is defined %} HiddenServiceDir /var/lib/tor/hidden_service2/ HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 443 127.0.0.1:443 {% endif %} + {% if is_public is defined %} ORPort {{ orport }} + + {% if tor_address is defined %} Address {{ tor_address }} {% endif %} + + Nickname {{ nickname }} RelayBandwidthRate {{ bprate }} RelayBandwidthBurst {{ bpburst }} ContactInfo {{ contactinfo }} DirPort {{ dirport }} + + +{% if is_exit is defined %} +DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html +{% endif %} + + +{% endif %} + +{% if is_gardian is defined %} +ORPort {{ httpsport }} + + +{% if tor_address is defined %} +Address {{ tor_address }} +{% endif %} + + +Nickname {{ nickname }} +RelayBandwidthRate {{ bprate }} +RelayBandwidthBurst {{ bpburst }} +ContactInfo {{ contactinfo }} +DirPort {{ httpport }} DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html {% endif %} + MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %} +{% if is_exit is defined %} +ExitRelay 1 +{%endif %} + {% if is_exit is not defined %} ExitPolicy reject *:* {% endif %} diff --git a/roles/torrelay/vars/main.yml b/roles/torrelay/vars/main.yml index eb14b55..36e1826 100644 --- a/roles/torrelay/vars/main.yml +++ b/roles/torrelay/vars/main.yml @@ -6,3 +6,6 @@ fingerprints: - D8AE9C760B74AFE3CA0F48EEB21271E22CF25F7A - C9B3C1661A9577BA24C1C2C6123918921A495509 - 8AAACCAEF793C4C55999A53DC1FFFA43D9FFE224 + - BB60F5BA113A0B8B44B7B37DE3567FE561E92F78 +httpport: 80 +httpsport: 443 |