2024-01-06 03:08:22 +00:00
|
|
|
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
- name: "proxy proxy_mode.yml"
|
|
|
|
debug:
|
|
|
|
verbosity: 1
|
|
|
|
msg: "DEBUG: Including proxy proxy_mode.yml {{lookup('env', 'MODE')}}"
|
|
|
|
|
|
|
|
- block:
|
|
|
|
|
|
|
|
# takes precedence but This may notbe installed yet on first check
|
|
|
|
- name: PROXY_MODE from proxy_whonix_mode
|
|
|
|
environment: "{{ shell_no_proxy_env }}"
|
|
|
|
shell: |
|
|
|
|
[ -x /usr/local/bin/proxy_ping_lib.bash ] || exit 0
|
|
|
|
/usr/local/bin/proxy_ping_lib.bash proxy_whonix_mode
|
|
|
|
register: proxy_whonix_mode
|
|
|
|
when:
|
|
|
|
# - ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
|
|
|
|
- "PROXY_MODE|default('') == ''"
|
|
|
|
|
|
|
|
- name: PROXY_MODE from proxy_whonix_mode
|
|
|
|
environment: "{{ shell_no_proxy_env }}"
|
|
|
|
shell: |
|
|
|
|
[ -x /usr/local/bin/proxy_ping_lib.bash ] || exit 0
|
|
|
|
/usr/local/bin/proxy_ping_lib.bash proxy_whonix_mode
|
|
|
|
register: proxy_whonix_mode
|
|
|
|
when:
|
|
|
|
# env takes precedence
|
|
|
|
- "PROXY_MODE|default('') == ''"
|
|
|
|
|
|
|
|
- name: PROXY_MODE proxy_whonix_mode
|
|
|
|
set_fact:
|
|
|
|
PROXY_MODE: "{{proxy_whonix_mode.stdout}}"
|
|
|
|
when:
|
|
|
|
- "PROXY_MODE|default('') == ''"
|
|
|
|
- proxy_whonix_mode.rc == 0
|
|
|
|
# WTF? 'dict object' has no attribute 'stdout'
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
- name: PROXY_MODE from inventory
|
|
|
|
set_fact:
|
|
|
|
PROXY_MODE: "{{BOX_PROXY_MODE}}"
|
|
|
|
when:
|
|
|
|
# env takes precedence over hosts.yml
|
|
|
|
- "PROXY_MODE|default('') == ''"
|
|
|
|
|
|
|
|
check_mode: false
|
|
|
|
|
|
|
|
- name: PROXY_MODE != ''
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- PROXY_MODE != ''
|
|
|
|
|
|
|
|
- name: PROXY_MODE == 'tor'
|
|
|
|
set_fact:
|
|
|
|
PROXY_FEATURES: "['run_tor', 'run_dnsmasq', 'run_polipo'] + {{BOX_PROXY_FEATURES}}"
|
|
|
|
when:
|
|
|
|
- PROXY_MODE == 'tor'
|
|
|
|
- BOX_WHONIX_PROXY_HOST == ""
|
|
|
|
|
|
|
|
- name: PROXY_MODE == 'whonix'
|
|
|
|
set_fact:
|
|
|
|
PROXY_FEATURES: "['run_dnsmasq', 'run_polipo', 'run_sdwdate'] + {{BOX_PROXY_FEATURES}}"
|
|
|
|
when:
|
|
|
|
- PROXY_MODE in ['selektor', 'whonix'] and BOX_WHONIX_PROXY_HOST != ""
|
|
|
|
|
|
|
|
- name: PROXY_MODE == 'vda'
|
|
|
|
set_fact:
|
|
|
|
PROXY_FEATURES: "[] + {{BOX_PROXY_FEATURES}}"
|
|
|
|
# vda is generic and has to be configured from inventory
|
|
|
|
when:
|
|
|
|
- PROXY_MODE == 'vda' and BOX_WHONIX_PROXY_HOST != "" or
|
|
|
|
proxy_vda_cmdline_fact.rc|default(1) == 0
|
|
|
|
|
|
|
|
- name: PROXY_MODE == 'nat'
|
|
|
|
set_fact:
|
|
|
|
PROXY_FEATURES: "[] + {{BOX_PROXY_FEATURES}}"
|
|
|
|
when:
|
|
|
|
- PROXY_MODE == 'nat' and BOX_WHONIX_PROXY_HOST != ""
|
|
|
|
|
|
|
|
- name: PROXY_MODE == 'ws' or PROXY_MODE == 'workstation'
|
|
|
|
set_fact:
|
|
|
|
PROXY_FEATURES: "['run_dnsmasq', 'run_polipo'] + {{BOX_PROXY_FEATURES}}"
|
|
|
|
when:
|
|
|
|
- PROXY_MODE == 'ws' or PROXY_MODE == 'workstation'
|
|
|
|
or BOX_OS_FLAVOR|default('') == 'WhonixWorkstation'
|
|
|
|
|
|
|
|
- name: PROXY_MODE == 'gateway'
|
|
|
|
set_fact:
|
|
|
|
PROXY_FEATURES: "[] + {{BOX_PROXY_FEATURES}}"
|
|
|
|
when:
|
|
|
|
- PROXY_MODE == 'gateway' or BOX_OS_FLAVOR|default('') == 'WhonixGateway'
|
|
|
|
|
|
|
|
- name: PROXY_DNS_PROXY dnsmasq
|
|
|
|
set_fact:
|
|
|
|
PROXY_DNS_PROXY: dnsmasq
|
|
|
|
when:
|
|
|
|
- "'run_dnsmasq' in PROXY_FEATURES"
|
|
|
|
|
|
|
|
- name: BOX_TIME_DAEMON sdwdate
|
|
|
|
set_fact:
|
|
|
|
BOX_TIME_DAEMON: sdwdate
|
|
|
|
when:
|
|
|
|
- "'run_sdwdate' in PROXY_FEATURES"
|
|
|
|
|
|
|
|
- block:
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: "including proxy_export.txt"
|
|
|
|
|
|
|
|
- name: "make a tempfile for proxy_export.txt"
|
|
|
|
tempfile:
|
|
|
|
state: file
|
|
|
|
delegate_to: localhost
|
|
|
|
register: proxy_export_txt_file
|
|
|
|
|
|
|
|
- name: "create REMOTE proxy_export.txt"
|
|
|
|
environment: "{{ shell_no_proxy_env }}"
|
|
|
|
shell: |
|
|
|
|
PROXY_MODE={{PROXY_MODE}}
|
|
|
|
. /usr/local/bin/proxy_export.bash
|
|
|
|
cat > /tmp/proxy_export.txt << EOF
|
|
|
|
http_proxy: "$http_proxy"
|
|
|
|
https_proxy: "$https_proxy"
|
|
|
|
socks_proxy: "$socks_proxy"
|
|
|
|
no_proxy: "$no_proxy"
|
|
|
|
RSYNC_PROXY: "$RSYNC_PROXY"
|
|
|
|
EOF
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
- name: "slurp REMOTE proxy_export.txt"
|
|
|
|
slurp:
|
|
|
|
src: "/tmp/proxy_export.txt"
|
|
|
|
register: proxy_export_txt
|
|
|
|
|
|
|
|
- name: "copy slurped proxy_export.txt to tempfile"
|
|
|
|
copy:
|
|
|
|
dest: "{{ proxy_export_txt_file.path}}"
|
|
|
|
content: "{{ proxy_export_txt['content']|b64decode }}"
|
|
|
|
delegate_to: localhost
|
|
|
|
|
|
|
|
- name: "include copied proxy_export.txt"
|
|
|
|
include_vars: "{{proxy_export_txt_file.path}}"
|
|
|
|
|
|
|
|
check_mode: false
|
|
|
|
rescue:
|
|
|
|
- debug:
|
2024-01-09 15:35:38 +00:00
|
|
|
msg: "WARN: RESCUE error including proxy_export.txt"
|