mirror of
https://github.com/trailofbits/algo
synced 2024-11-18 09:25:38 +00:00
92 lines
2.5 KiB
YAML
92 lines
2.5 KiB
YAML
---
|
|
|
|
- name: Other features
|
|
hosts: vpn-host
|
|
gather_facts: false
|
|
become: true
|
|
vars_files:
|
|
- config.cfg
|
|
|
|
tasks:
|
|
- name: Loopback for services configured
|
|
template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
|
|
|
|
- name: Loopback included into the network config
|
|
lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
|
|
|
|
- name: Loopback is running
|
|
shell: ifdown lo:100 && ifup lo:100
|
|
|
|
# Privoxy
|
|
|
|
- name: Install privoxy
|
|
apt: name=privoxy state=latest
|
|
|
|
- name: Privoxy configured
|
|
template: src=privoxy_config.j2 dest=/etc/privoxy/config
|
|
notify:
|
|
- restart privoxy
|
|
|
|
- name: Privoxy enabled and started
|
|
service: name=privoxy state=started enabled=yes
|
|
|
|
# DNS
|
|
|
|
- name: Install dnsmasq
|
|
apt: name=dnsmasq state=latest
|
|
|
|
- name: Dnsmasq profile for apparmor configured
|
|
template: src=usr.sbin.dnsmasq.j2 dest=/etc/apparmor.d/usr.sbin.dnsmasq
|
|
|
|
- name: Enforce the dnsmasq AppArmor policy
|
|
shell: aa-enforce usr.sbin.dnsmasq
|
|
notify:
|
|
- restart apparmor
|
|
|
|
- name: Dnsmasq configured
|
|
template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
|
|
|
|
- name: Adblock script created
|
|
copy: src=templates/adblock.sh dest=/opt/adblock.sh owner=root group=root mode=755
|
|
|
|
- name: Adblock script added to cron
|
|
cron: name="Adblock hosts update" minute="10" hour="2" job="/opt/adblock.sh"
|
|
|
|
- name: Update adblock hosts
|
|
shell: >
|
|
/opt/adblock.sh
|
|
|
|
- name: Forward all DNS requests to the local resolver
|
|
iptables:
|
|
table: nat
|
|
chain: PREROUTING
|
|
protocol: udp
|
|
destination_port: 53
|
|
source: "{{ vpn_network }}"
|
|
jump: DNAT
|
|
to_destination: 172.16.0.1:53
|
|
notify:
|
|
- save iptables
|
|
when: service_dns is defined and service_dns == "Y"
|
|
|
|
- name: Dnsmasq enabled and started
|
|
service: name=dnsmasq state=started enabled=yes
|
|
when: service_dns is defined and service_dns == "Y"
|
|
|
|
- name: Dnsmasq disabled and stopped
|
|
service: name=dnsmasq state=stopped enabled=no
|
|
when: service_dns is defined and service_dns == "N"
|
|
|
|
handlers:
|
|
- name: restart privoxy
|
|
service: name=privoxy state=restarted
|
|
|
|
- name: restart apparmor
|
|
service: name=apparmor state=restarted
|
|
|
|
- name: save iptables
|
|
command: service netfilter-persistent save
|
|
|
|
|
|
|