# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-

---

# to be run on the guest our guest workstation by libvirt_qemu

- name: "proxy whonix_guest.yml"
  debug:
    verbosity: 1
    msg: "proxy whonix_guest.yml PROXY_FEATURES={{PROXY_FEATURES}}"

## Whonix Guest or libvirt nat
- block:

  - name: "proxy whonix_guest"
    debug:
      verbosity: 1
      msg: "proxy whonix.yml HOST={{ansible_virtualization_role|replace('NA', 'host')}}"

  - name: /etc/init.d/qemu-guest-agent
    shell: |
      # even systemd
      [ -x /etc/init.d/qemu-guest-agent ] || exit 1
      /etc/init.d/qemu-guest-agent status || /etc/init.d/qemu-guest-agent start
      /etc/init.d/qemu-guest-agent status

  - name: /dev/virtio-ports/org/qemu.guest_agent.0
    shell: |
      [ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]

  when:
    - "ansible_virtualization_role|replace('NA', 'host') == 'guest'"
    - BOX_OS_FLAVOR|default('') in [ 'WhonixWorkstation', 'WhonixGateway', 'Gentoo']

- block:

  - name: /etc/rc.local
    shell: |
      [ -f /etc/rc.local ] && exit 0
      cp -p /usr/local/etc/local.d/Whonix-Gateway.local /etc/rc.local

  - name: /etc/sysctl.d/80_whonix_gateway.conf
    blockinfile:
      dest: /etc/sysctl.d/80_whonix_gateway.conf
      marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
      insertafter: "Type=oneshot"
      mode: 0644
      owner: "{{BOX_ROOT_USER}}"
      group: "{{BOX_ROOT_GROUP}}"
      create: yes
      block: |
        LimitNOFILE=100000
        RestartSec=600s
        Restart=never

  when:
    - BOX_OS_FLAVOR|default('') == 'WhonixGateway'

- block:

  - name: /etc/rc.local
    shell: |
      [ -f /etc/rc.local ] && exit 0
      cp -p /usr/local/etc/local.d/Whonix-Workstation.local /etc/rc.local

  - name: /etc/sysctl.d/80_whonix_gateway.conf
    blockinfile:
      dest: /etc/sysctl.d/80_whonix_gateway.conf
      marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
      mode: 0644
      owner: "{{BOX_ROOT_USER}}"
      group: "{{BOX_ROOT_GROUP}}"
      create: yes
      block: |
        fs.file-max = 100000

  when:
    - BOX_OS_FLAVOR|default('') == 'WhonixWorkstation'

- block:

  # #x1:12345:respawn:/sbin/agetty -J 38400 console linux /etc/inittab
  - name: "/etc/inittab"
    lineinfile:
      dest: "/etc/inittab"
      insertbefore: BOF
      mode:  0755
      owner: "{{BOX_ROOT_USER}}"
      group: "{{BOX_ROOT_GROUP}}"
      create: yes
      regexp: "^#x1:12345:respawn:/sbin/agetty"
      line: "x1:12345:respawn:/sbin/agetty"

  when:
      proxy_vda_cmdline_fact|default(1) == 0

- block:

  - name: /etc/X11/xorg.conf.d/80_qxl.conf
    blockinfile:
      dest: /etc/X11/xorg.conf.d/80_qxl.conf
      marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
      insertafter: "Type=oneshot"
      mode: 0644
      owner: "{{BOX_ROOT_USER}}"
      group: "{{BOX_ROOT_GROUP}}"
      create: yes
      block: |
        Section "Device"
            Identifier "qxl"
            Driver "qxl"
            Option "DPI" "96 x 96"
            Option "ENABLE_IMAGE_CACHE" "True"
            Option "ENABLE_FALLBACK_CACHE" "False"
            Option "ENABLE_SURFACES" "False"
        EndSection


  when:
    - BOX_OS_FLAVOR|default('') != 'WhonixWorkstation' # already done
    - BOX_OS_FLAVOR|default('') != 'WhonixGateway' # already done
    - ansible_virtualization_role|replace('NA', 'host') == 'guest'