Add tor role

4 files changed, 51 insertions, 0 deletions

diff --git a/roles/tor/files/middlebox.conf b/roles/tor/files/middlebox.conf
new file mode 100644
index 0000000..70f147e
--- /dev/null
+++ b/roles/tor/files/middlebox.conf
@@ -0,0 +1,4 @@
+VirtualAddrNetworkIPv4 10.192.0.0/10
+AutomapHostsOnResolve 1
+TransPort 10.0.2.1:9040
+DNSPort 10.0.2.1:5353
diff --git a/roles/tor/handlers/main.yml b/roles/tor/handlers/main.yml
new file mode 100644
index 0000000..e979d13
--- /dev/null
+++ b/roles/tor/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Reload tor
+  ansible.builtin.service:
+    name: tor
+    state: reloaded
diff --git a/roles/tor/meta/main.yml b/roles/tor/meta/main.yml
new file mode 100644
index 0000000..84def5a
--- /dev/null
+++ b/roles/tor/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: wgtor
diff --git a/roles/tor/tasks/main.yml b/roles/tor/tasks/main.yml
new file mode 100644
index 0000000..3600404
--- /dev/null
+++ b/roles/tor/tasks/main.yml
@@ -0,0 +1,41 @@
+- name: Install tor
+  ansible.builtin.package:
+    name:
+      - tor
+    state: present
+
+- name: Create /etc/torrc.d for drop-in tor configs
+  ansible.builtin.file:
+    path: /etc/torrc.d
+    state: directory
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+
+- name: Allow usage of drop-in configs from /etc/torrc.d
+  ansible.builtin.lineinfile:
+    dest: /etc/tor/torrc
+    state: present
+    regexp: '^(#)?%include /etc/torrc.d/\*.conf'
+    line: '%include /etc/torrc.d/*.conf'
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+  notify:
+    - Reload tor
+
+- name: Configure Tor middlebox
+  ansible.builtin.copy:
+    src: files/middlebox.conf
+    dest: /etc/torrc.d/middlebox.conf
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+  notify:
+    - Reload tor
+
+- name: Enable tor systemd service
+  ansible.builtin.service:
+    name: tor
+    enabled: yes
+    state: started