--- - name: Other features hosts: vpn-host become: true vars_files: - config.cfg tasks: - name: Loopback for services configured template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg - name: Loopback included into the network config lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present - name: Loopback is running shell: ifdown lo:100 && ifup lo:100 # Privoxy - name: Install privoxy apt: name=privoxy state=latest - name: Privoxy configured template: src=privoxy_config.j2 dest=/etc/privoxy/config notify: - restart privoxy - name: Privoxy profile for apparmor configured template: src=usr.sbin.privoxy.j2 dest=/etc/apparmor.d/usr.sbin.privoxy owner=root group=root mode=600 notify: - restart privoxy - name: Enforce the privoxy AppArmor policy shell: aa-enforce usr.sbin.privoxy - name: Privoxy enabled and started service: name=privoxy state=started enabled=yes # PageSpeed - name: Apache installed apt: name=apache2 state=latest - name: PageSpeed installed for x86_64 apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb when: ansible_architecture == "x86_64" - name: PageSpeed installed for i386 apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_i386.deb when: ansible_architecture != "x86_64" - name: PageSpeed configured template: src=pagespeed.conf.j2 dest=/etc/apache2/mods-available/pagespeed.conf notify: - restart apache2 - name: Modules enabled apache2_module: state=present name="{{ item }}" with_items: - proxy_http - pagespeed - cache - proxy_connect - proxy_html - rewrite notify: - restart apache2 - name: VirtualHost configured for the PageSpeed module template: src=000-default.conf.j2 dest=/etc/apache2/sites-enabled/000-default.conf notify: - restart apache2 - name: Apache ports configured template: src=ports.conf.j2 dest=/etc/apache2/ports.conf notify: - restart apache2 # DNS - name: Install dnsmasq apt: name=dnsmasq state=latest - name: Dnsmasq profile for apparmor configured template: src=usr.sbin.dnsmasq.j2 dest=/etc/apparmor.d/usr.sbin.dnsmasq owner=root group=root mode=600 notify: - restart dnsmasq - name: Enforce the dnsmasq AppArmor policy shell: aa-enforce usr.sbin.dnsmasq - name: Dnsmasq configured template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf notify: - restart dnsmasq - name: Adblock script created copy: src=templates/adblock.sh dest=/opt/adblock.sh owner=root group=root mode=755 when: service_dns is defined and service_dns == "True" - name: Adblock script added to cron cron: name="Adblock hosts update" minute="10" hour="2" job="/opt/adblock.sh" when: service_dns is defined and service_dns == "True" - name: Update adblock hosts shell: > /opt/adblock.sh when: service_dns is defined and service_dns == "True" - name: Forward all DNS requests to the local resolver iptables: table: nat chain: PREROUTING protocol: udp destination_port: 53 source: "{{ vpn_network }}" jump: DNAT to_destination: 172.16.0.1:53 notify: - save iptables when: service_dns is defined and service_dns == "True" - name: Forward all DNS requests to the local resolver iptables: table: nat chain: PREROUTING protocol: udp destination_port: 53 source: "{{ vpn_network_ipv6 }}" jump: DNAT to_destination: fcaa::1:53 ip_version: ipv6 notify: - save iptables when: service_dns is defined and service_dns == "True" - name: Dnsmasq enabled and started service: name=dnsmasq state=started enabled=yes when: service_dns is defined and service_dns == "True" - name: Dnsmasq disabled and stopped service: name=dnsmasq state=stopped enabled=no when: service_dns is defined and service_dns == "False" handlers: - name: restart privoxy service: name=privoxy state=restarted - name: restart dnsmasq service: name=dnsmasq state=restarted - name: restart apparmor service: name=apparmor state=restarted - name: restart apache2 service: name=apache2 state=restarted - name: save iptables command: service netfilter-persistent save