Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '019d729fe6'
${ noResults }
algo/roles/proxy/tasks/main.yml

116 lines
3.6 KiB
YAML
Raw Blame History

- name: Gather Facts
setup:
- name: Privoxy installed
apt: name=privoxy state=latest
- name: Privoxy configured
template: src="{{ item.src }}" dest="{{ item.dest }}"
with_items:
- { src: privoxy_config.j2, dest: /etc/privoxy/config }
- { src: default.filter.j2, dest: /etc/privoxy/default.filter }
notify:
- restart privoxy
- name: Privoxy profile for apparmor configured
template: src=usr.sbin.privoxy.j2 dest=/etc/apparmor.d/usr.sbin.privoxy owner=root group=root mode=0600
when: apparmor_enabled is defined and apparmor_enabled == true
notify:
- restart privoxy
- name: Enforce the privoxy AppArmor policy
shell: aa-enforce usr.sbin.privoxy
when: apparmor_enabled is defined and apparmor_enabled == true
tags: ['apparmor']
- name: Ensure that the privoxy service directory exist
file: path=/etc/systemd/system/privoxy.service.d/ state=directory mode=0755 owner=root group=root
- name: Setup the cgroup limitations for the privoxy daemon
template: src=privoxy_100-CustomLimitations.conf.j2 dest=/etc/systemd/system/privoxy.service.d/100-CustomLimitations.conf
notify:
- daemon-reload
- restart privoxy
- meta: flush_handlers
- name: Privoxy enabled and started
service: name=privoxy state=started enabled=yes
# PageSpeed
- name: Apache installed
apt: name=apache2 state=latest
- name: PageSpeed installed for x86_64
apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
when: ansible_architecture == "x86_64"
- name: PageSpeed installed for i386
apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_i386.deb
when: ansible_architecture != "x86_64"
- name: PageSpeed configured
template: src=pagespeed.conf.j2 dest=/etc/apache2/mods-available/pagespeed.conf
notify:
- restart apache2
- name: Modules enabled
apache2_module: state=present name="{{ item }}"
with_items:
- proxy_http
- pagespeed
- cache
- proxy_connect
- proxy_html
- rewrite
notify:
- restart apache2
- name: VirtualHost configured for the PageSpeed module
template: src=000-default.conf.j2 dest=/etc/apache2/sites-enabled/000-default.conf
notify:
- restart apache2
- name: Apache ports configured
template: src=ports.conf.j2 dest=/etc/apache2/ports.conf
notify:
- restart apache2
- name: Ensure that the apache2 service directory exist
file: path=/etc/systemd/system/apache2.service.d/ state=directory mode=0755 owner=root group=root
- name: Setup the cgroup limitations for the apache2 daemon
template: src=apache2_100-CustomLimitations.conf.j2 dest=/etc/systemd/system/apache2.service.d/100-CustomLimitations.conf
notify:
- daemon-reload
- restart apache2
- meta: flush_handlers
- name: Set facts for mobileconfigs
set_fact:
proxy_enabled: true
- name: Register p12 PayloadContent
shell: >
cat /{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 | base64
register: PayloadContent
with_items: "{{ users }}"
- name: Register CA PayloadContent
shell: >
cat /{{ easyrsa_dir }}/easyrsa3/pki/ca.crt | base64
register: PayloadContentCA
- name: Build the mobileconfigs
template: src=roles/vpn/templates/mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}_proxy.mobileconfig mode=0600
with_together:
- "{{ users }}"
- "{{ PayloadContent.results }}"
no_log: True
- name: Fetch users mobileconfig
fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}_proxy.mobileconfig dest=configs/{{ IP_subject_alt_name }}_{{ item }}_proxy.mobileconfig flat=yes
with_items: "{{ users }}"
Reference in New Issue View Git Blame Copy Permalink