Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '24ee07cec4'
${ noResults }
algo/features.yml

92 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Other features
hosts: vpn-host
gather_facts: false
remote_user: root
vars_files:
- config.cfg
tasks:
- name: Loopback for services configured
template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
- name: Loopback included into the network config
lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
- name: Loopback is running
shell: ifdown lo:100 && ifup lo:100
# Privoxy
- name: Install privoxy
apt: name=privoxy state=latest
- name: Privoxy configured
template: src=privoxy_config.j2 dest=/etc/privoxy/config
notify:
- restart privoxy
- name: Privoxy enabled and started
service: name=privoxy state=started enabled=yes
# DNS
- name: Install dnsmasq
apt: name=dnsmasq state=latest
- name: Dnsmasq profile for apparmor configured
template: src=usr.sbin.dnsmasq.j2 dest=/etc/apparmor.d/usr.sbin.dnsmasq
- name: Enforcing dnsmasq with apparmor
shell: aa-enforce usr.sbin.dnsmasq
notify:
- restart apparmor
- name: Dnsmasq configured
template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
- name: Adblock script created
copy: src=templates/adblock.sh dest=/opt/adblock.sh owner=root group=root mode=755
- name: Adblock script added to cron
cron: name="Adblock hosts update" minute="10" hour="2" job="/opt/adblock.sh"
- name: Update adblock hosts
shell: >
/opt/adblock.sh
- name: Forward all DNS requests to the local resolver
iptables:
table: nat
chain: PREROUTING
protocol: udp
destination_port: 53
source: 10.0.0.0/24
jump: DNAT
to_destination: 172.16.0.1:53
notify:
- save iptables
when: service_dns is defined and service_dns == "Y"
- name: Dnsmasq enabled and started
service: name=dnsmasq state=started enabled=yes
when: service_dns is defined and service_dns == "Y"
- name: Dnsmasq disabled and stopped
service: name=dnsmasq state=stopped enabled=no
when: service_dns is defined and service_dns == "N"
handlers:
- name: restart privoxy
service: name=privoxy state=restarted
- name: restart apparmor
service: name=apparmor state=restarted
- name: save iptables
command: service netfilter-persistent save
Reference in New Issue View Git Blame Copy Permalink