bash
This commit is contained in:
emdee
parent
d29b1e4542
commit
a354df3d40
63 changed files with 26542 additions and 453 deletions
|
|
@ -19,8 +19,8 @@
|
|||
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
|
||||
retval=0
|
||||
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
|
||||
{{proxy_pkgs_bootstrap}} \
|
||||
{{proxy_pkgs_inst}} \
|
||||
{{' '.join(proxy_pkgs_bootstrap)}} \
|
||||
{{' '.join(proxy_pkgs_inst)}} \
|
||||
&& exit 0
|
||||
retval=$?
|
||||
echo WARN: $retval
|
||||
|
|
@ -35,8 +35,8 @@
|
|||
shell: |
|
||||
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
|
||||
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
|
||||
{{ proxy_pkgs_bootstrap }} \
|
||||
{{ proxy_pkgs_inst_guest }} \
|
||||
{{ ' '.join(proxy_pkgs_bootstrap) }} \
|
||||
{{ ' '.join(proxy_pkgs_inst_guest) }} \
|
||||
|| exit $?
|
||||
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
|
||||
when:
|
||||
|
|
|
|||
|
|
@ -13,4 +13,4 @@
|
|||
|
||||
#- include_tasks: Gentoo/Pentoo/mask.yml
|
||||
|
||||
- include_tasks: Gentoo/Pentoo/accept_keywords.yml
|
||||
#- include_tasks: Gentoo/Pentoo/accept_keywords.yml
|
||||
|
|
|
|||
|
|
@ -13,6 +13,14 @@
|
|||
block: |
|
||||
net-misc/curl openssl -progress-meter alt-svc adns ftp http2 imap -ipv6 pop3 smtp ssh ssl tftp zstd -samba -sslv3 -threads -winssl -nss # -curl_ssl_gnutls -curl_ssl_mbedtls -curl_ssl_nss curl_ssl_openssl -curl_ssl_rustls
|
||||
|
||||
- name: "/etc/portage/package.use/2023-01-01_world.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2023-01-01_world.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy curl"
|
||||
block: |
|
||||
net-misc/curl static-libs
|
||||
|
||||
- name: "/etc/portage/package.use/2017-01-01_libguestfs.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2017-01-01_libguestfs.txt
|
||||
|
|
@ -21,22 +29,6 @@
|
|||
block: |
|
||||
app-arch/unzip natspec
|
||||
|
||||
- name: "/etc/portage/package.use/2020-00_ipv6.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2020-00_ipv6.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy nmap"
|
||||
block: |
|
||||
net-analyzer/nmap -ipv6
|
||||
|
||||
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2021-00_verify-sig.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy nmap"
|
||||
block: |
|
||||
net-analyzer/nmap verify-sig
|
||||
|
||||
- name: "/etc/portage/package.use/2019-02_rkhunter.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2019-02_rkhunter.txt
|
||||
|
|
@ -53,3 +45,51 @@
|
|||
block: |
|
||||
sys-process/lsof -ipv6
|
||||
|
||||
- name: "/etc/portage/package.use/2020-01_sqlite.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2020-01_sqlite.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy eix"
|
||||
block: |
|
||||
app-portage/eix sqlite
|
||||
|
||||
- name: "/etc/portage/package.use/2020-00_ipv6.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2020-00_ipv6.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy socat"
|
||||
block: |
|
||||
net-misc/socat -ipv6
|
||||
|
||||
- name: "/etc/portage/package.use/2020-00_ipv6.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2020-00_ipv6.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy privoxy"
|
||||
block: |
|
||||
net-proxy/privoxy -ipv6
|
||||
|
||||
- name: "/etc/portage/package.use/2021-07_privoxy.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2021-07_privoxy.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy privoxy"
|
||||
block: |
|
||||
net-proxy/privoxy brotli whitelists -mbedtls openssl zlib external-filters
|
||||
|
||||
- name: "/etc/portage/package.use/2020-00_ipv6.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2020-00_ipv6.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy nmap"
|
||||
block: |
|
||||
net-analyzer/nmap -ipv6
|
||||
|
||||
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
|
||||
blockinfile:
|
||||
dest: /etc/portage/package.use/2021-00_verify-sig.txt
|
||||
create: true
|
||||
marker: "# {mark} Ansible Managed Block proxy nmap"
|
||||
block: |
|
||||
net-analyzer/nmap verify-sig
|
||||
|
||||
|
|
|
|||
|
|
@ -67,11 +67,22 @@
|
|||
nameserver 127.0.0.1
|
||||
when:
|
||||
- PROXY_DNS_PROXY in ['dnscrypt', 'dnsmasq', 'socat']
|
||||
|
||||
- PROXY_MODE in ['tor', 'selektor', 'whonix']
|
||||
# stop dhclient from overwriting resolv.conf
|
||||
# with scripts in /lib/dhcpcd/dhcpcd-hooks/
|
||||
# FixMe: /etc/dhcp/dhcp-client.conf?
|
||||
|
||||
- name: "/etc/resolv.conf"
|
||||
blockinfile:
|
||||
dest: /etc/resolv.conf
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy"
|
||||
create: yes
|
||||
block: |
|
||||
nameserver 10.0.2.2
|
||||
when:
|
||||
- PROXY_MODE in ['nat']
|
||||
- "'{{BOX_NBD_OVERLAY_BR}}' == 'virbr1'"
|
||||
|
||||
# dnscrypt is not a system service
|
||||
- name: "service disable not {{PROXY_DNS_PROXY}}"
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -86,6 +86,8 @@
|
|||
umask 0027
|
||||
echo "INFO: proxy_log_hourly"
|
||||
cd {{USR_LOCAL}}/bin
|
||||
export MODE={{PROXY_MODE}}
|
||||
. proxy_export.bash
|
||||
[ -x proxy_hourly.bash ] || exit 0
|
||||
bash proxy_hourly.bash
|
||||
register: proxy_log_hourly
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@
|
|||
/usr/local/sbin/base_patch_from_diff.bash *
|
||||
|
||||
when:
|
||||
- true or ansible_distribution == 'Gentoo'
|
||||
- false and ansible_distribution == 'Gentoo'
|
||||
|
||||
- name: install proxy pips 2
|
||||
changed_when: false
|
||||
|
|
@ -168,7 +168,6 @@
|
|||
environment: "{{ shell_proxy_env }}"
|
||||
shell: |
|
||||
umask 0002
|
||||
#? usr_local_python.bash
|
||||
[ ! -f usr_local_proxy.bash ] && exit 1
|
||||
bash usr_local_python.bash \
|
||||
{{ 'check' if ansible_check_mode }}
|
||||
|
|
@ -248,17 +247,6 @@
|
|||
loop_control:
|
||||
loop_var: LOOP_USER
|
||||
|
||||
- name: "/usr/local/etc/testforge/testforge.ini BOF"
|
||||
lineinfile:
|
||||
dest: "/usr/local/etc/testforge/testforge.ini"
|
||||
insertbefore: BOF
|
||||
mode: 0755
|
||||
owner: "{{BOX_ROOT_USER}}"
|
||||
group: "{{BOX_ROOT_GROUP}}"
|
||||
create: yes
|
||||
regexp: "# -.- mode: sh; tab-width: 0; coding: utf-8-unix -.-"
|
||||
line: "# -*- mode: sh; tab-width: 0; coding: utf-8-unix -*-"
|
||||
|
||||
- name: /usr/local/etc/testforge/testforge.ini proxy
|
||||
blockinfile:
|
||||
dest: /usr/local/etc/testforge/testforge.ini
|
||||
|
|
@ -306,6 +294,25 @@
|
|||
- true or CORP_NTLM_PROXY|default('') != ''
|
||||
notify: update facts
|
||||
|
||||
- block:
|
||||
|
||||
- name: external
|
||||
delegate_to: localhost
|
||||
shell: |
|
||||
grep ' external$' /etc/hosts | sed -e 's/ .*//'
|
||||
register: external_out
|
||||
check_mode: false
|
||||
|
||||
- name: BASE_EXTERNAL_IP
|
||||
set_fact:
|
||||
BASE_EXTERNAL_IP: "{{external_out.stdout}}"
|
||||
when: external_out.rc|default(1) == 0
|
||||
check_mode: false
|
||||
|
||||
when:
|
||||
- "ansible_virtualization_role|replace('NA', 'host') == 'guest'"
|
||||
- BOX_OS_FLAVOR|default('') in [ 'WhonixWorkstation', 'WhonixGateway', 'Gentoo']
|
||||
|
||||
- name: "include dns.yml tasks"
|
||||
include_tasks: "dns.yml"
|
||||
when:
|
||||
|
|
|
|||
|
|
@ -147,4 +147,4 @@
|
|||
check_mode: false
|
||||
rescue:
|
||||
- debug:
|
||||
msg: "WARN: error including proxy_export.txt"
|
||||
msg: "WARN: RESCUE error including proxy_export.txt"
|
||||
|
|
|
|||
|
|
@ -40,44 +40,11 @@
|
|||
|
||||
- block:
|
||||
|
||||
# dont change the environment for everyone with env.d/70proxy
|
||||
# manually include tor.sh
|
||||
- name: "/usr/local/share/scripts/box_proxy_tor.bash no_proxy /bin/sh"
|
||||
lineinfile:
|
||||
path: "{{ item.dest|expanduser }}/box_proxy_tor.bash"
|
||||
create: yes
|
||||
owner: "{{ item.owner }}"
|
||||
mode: "{{ item.mode }}"
|
||||
insertafter: BOF
|
||||
line: "#!/bin/sh"
|
||||
regexp: "#./bin/sh"
|
||||
with_items:
|
||||
- dest: "~{{LOOP_USER}}/bin"
|
||||
owner: "{{ LOOP_USER }}"
|
||||
mode: "0755"
|
||||
|
||||
# unused?
|
||||
- name: ~/bin/box_proxy_tor.bash no_proxy
|
||||
blockinfile:
|
||||
dest: "{{ item.dest|expanduser }}/box_proxy_tor.bash"
|
||||
create: yes
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy noproxy"
|
||||
insertafter: "#./bin/sh"
|
||||
mode: "{{ item.mode }}"
|
||||
block: |
|
||||
[ -f {{BASE_SCRIPT_DIR}}/box_proxy_tor.bash ] && . {{BASE_SCRIPT_DIR}}/box_proxy_tor.bash
|
||||
[ -n "$no_proxy" ] && export no_proxy=$no_proxy || export no_proxy={{ NO_PROXY }}
|
||||
when:
|
||||
- "LOOP_USER != 'portage'"
|
||||
with_items:
|
||||
- dest: "~{{LOOP_USER}}/bin"
|
||||
owner: "{{ LOOP_USER }}"
|
||||
mode: "0755"
|
||||
|
||||
- name: /etc/dirmngr/dirmngr.conf
|
||||
shell: |
|
||||
[ -e "/etc/dirmngr/dirmngr.conf" ] || exit 0
|
||||
[ -e "{{ item|expanduser }}" ] && exit 0
|
||||
[ -d "`dirname {{ item|expanduser }}`" ] || exit 0
|
||||
ln -s "/etc/dirmngr/dirmngr.conf" "{{ item|expanduser }}"
|
||||
with_items:
|
||||
- "~{{LOOP_USER}}/.gpg/dirmngr.conf"
|
||||
|
|
|
|||
|
|
@ -28,19 +28,6 @@
|
|||
shell: |
|
||||
[ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]
|
||||
|
||||
- name: external
|
||||
delegate_to: localhost
|
||||
shell: |
|
||||
grep ' external$' /etc/hosts | sed -e 's/ .*//'
|
||||
register: external_out
|
||||
check_mode: false
|
||||
|
||||
- name: BASE_EXTERNAL_IP
|
||||
set_fact:
|
||||
BASE_EXTERNAL_IP: "{{external_out.stdout}}"
|
||||
when: external_out.rc|default(1) == 0
|
||||
check_mode: false
|
||||
|
||||
when:
|
||||
- "ansible_virtualization_role|replace('NA', 'host') == 'guest'"
|
||||
- BOX_OS_FLAVOR|default('') in [ 'WhonixWorkstation', 'WhonixGateway', 'Gentoo']
|
||||
|
|
|
|||
|
|
@ -233,7 +233,7 @@
|
|||
- name: /usr/local/src/secbrowser.bash
|
||||
shell: |
|
||||
[ -f /usr/local/src/secbrowser.bash ] && exit 0
|
||||
/local/src/secbrowser.bash
|
||||
/usr/local/local/src/secbrowser.bash
|
||||
when:
|
||||
- BOX_OS_FLAVOR|default('') == 'KickSecure'
|
||||
when:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue