136 lines
3.7 KiB
YAML
136 lines
3.7 KiB
YAML
|
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
||
|
|
||
|
---
|
||
|
|
||
|
# to be run on the guest our guest workstation by libvirt_qemu
|
||
|
|
||
|
- name: "proxy whonix_guest.yml"
|
||
|
debug:
|
||
|
verbosity: 1
|
||
|
msg: "proxy whonix_guest.yml PROXY_FEATURES={{PROXY_FEATURES}}"
|
||
|
|
||
|
## Whonix Guest or libvirt nat
|
||
|
- block:
|
||
|
|
||
|
- name: "proxy whonix_guest"
|
||
|
debug:
|
||
|
verbosity: 1
|
||
|
msg: "proxy whonix.yml HOST={{ansible_virtualization_role|replace('NA', 'host')}}"
|
||
|
|
||
|
- name: /etc/init.d/qemu-guest-agent
|
||
|
shell: |
|
||
|
# even systemd
|
||
|
[ -x /etc/init.d/qemu-guest-agent ] || exit 1
|
||
|
/etc/init.d/qemu-guest-agent status || /etc/init.d/qemu-guest-agent start
|
||
|
/etc/init.d/qemu-guest-agent status
|
||
|
|
||
|
- name: /dev/virtio-ports/org/qemu.guest_agent.0
|
||
|
shell: |
|
||
|
[ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]
|
||
|
|
||
|
- name: external
|
||
|
delegate_to: localhost
|
||
|
shell: |
|
||
|
grep ' external$' /etc/hosts | sed -e 's/ .*//'
|
||
|
register: external_out
|
||
|
check_mode: false
|
||
|
|
||
|
- name: BASE_EXTERNAL_IP
|
||
|
set_fact:
|
||
|
BASE_EXTERNAL_IP: "{{external_out.stdout}}"
|
||
|
when: external_out.rc|default(1) == 0
|
||
|
check_mode: false
|
||
|
|
||
|
when:
|
||
|
- "ansible_virtualization_role|replace('NA', 'host') == 'guest'"
|
||
|
- BOX_OS_FLAVOR|default('') in [ 'WhonixWorkstation', 'WhonixGateway', 'Gentoo']
|
||
|
|
||
|
- block:
|
||
|
|
||
|
- name: /etc/rc.local
|
||
|
shell: |
|
||
|
[ -f /etc/rc.local ] && exit 0
|
||
|
cp -p /usr/local/etc/local.d/Whonix-Gateway.local /etc/rc.local
|
||
|
|
||
|
- name: /etc/sysctl.d/80_whonix_gateway.conf
|
||
|
blockinfile:
|
||
|
dest: /etc/sysctl.d/80_whonix_gateway.conf
|
||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
|
||
|
insertafter: "Type=oneshot"
|
||
|
mode: 0644
|
||
|
owner: "{{BOX_ROOT_USER}}"
|
||
|
group: "{{BOX_ROOT_GROUP}}"
|
||
|
create: yes
|
||
|
block: |
|
||
|
LimitNOFILE=100000
|
||
|
RestartSec=600s
|
||
|
Restart=never
|
||
|
|
||
|
when:
|
||
|
- BOX_OS_FLAVOR|default('') == 'WhonixGateway'
|
||
|
|
||
|
- block:
|
||
|
|
||
|
- name: /etc/rc.local
|
||
|
shell: |
|
||
|
[ -f /etc/rc.local ] && exit 0
|
||
|
cp -p /usr/local/etc/local.d/Whonix-Workstation.local /etc/rc.local
|
||
|
|
||
|
- name: /etc/sysctl.d/80_whonix_gateway.conf
|
||
|
blockinfile:
|
||
|
dest: /etc/sysctl.d/80_whonix_gateway.conf
|
||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
|
||
|
mode: 0644
|
||
|
owner: "{{BOX_ROOT_USER}}"
|
||
|
group: "{{BOX_ROOT_GROUP}}"
|
||
|
create: yes
|
||
|
block: |
|
||
|
fs.file-max = 100000
|
||
|
|
||
|
when:
|
||
|
- BOX_OS_FLAVOR|default('') == 'WhonixWorkstation'
|
||
|
|
||
|
- block:
|
||
|
|
||
|
# #x1:12345:respawn:/sbin/agetty -J 38400 console linux /etc/inittab
|
||
|
- name: "/etc/inittab"
|
||
|
lineinfile:
|
||
|
dest: "/etc/inittab"
|
||
|
insertbefore: BOF
|
||
|
mode: 0755
|
||
|
owner: "{{BOX_ROOT_USER}}"
|
||
|
group: "{{BOX_ROOT_GROUP}}"
|
||
|
create: yes
|
||
|
regexp: "^#x1:12345:respawn:/sbin/agetty"
|
||
|
line: "x1:12345:respawn:/sbin/agetty"
|
||
|
|
||
|
when:
|
||
|
proxy_vda_cmdline_fact|default(1) == 0
|
||
|
|
||
|
- block:
|
||
|
|
||
|
- name: /etc/X11/xorg.conf.d/80_qxl.conf
|
||
|
blockinfile:
|
||
|
dest: /etc/X11/xorg.conf.d/80_qxl.conf
|
||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
|
||
|
insertafter: "Type=oneshot"
|
||
|
mode: 0644
|
||
|
owner: "{{BOX_ROOT_USER}}"
|
||
|
group: "{{BOX_ROOT_GROUP}}"
|
||
|
create: yes
|
||
|
block: |
|
||
|
Section "Device"
|
||
|
Identifier "qxl"
|
||
|
Driver "qxl"
|
||
|
Option "DPI" "96 x 96"
|
||
|
Option "ENABLE_IMAGE_CACHE" "True"
|
||
|
Option "ENABLE_FALLBACK_CACHE" "False"
|
||
|
Option "ENABLE_SURFACES" "False"
|
||
|
EndSection
|
||
|
|
||
|
|
||
|
when:
|
||
|
- BOX_OS_FLAVOR|default('') != 'WhonixWorkstation' # already done
|
||
|
- BOX_OS_FLAVOR|default('') != 'WhonixGateway' # already done
|
||
|
- ansible_virtualization_role|replace('NA', 'host') == 'guest'
|