138 lines
4.4 KiB
YAML
138 lines
4.4 KiB
YAML
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
---
|
|
|
|
- name: "DEBUG: Including proxy Devuan.yml"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "DEBUG: Including proxy Devuan.yml BASE_ARE_CONNECTED={{BASE_ARE_CONNECTED}}"
|
|
|
|
# Perf h4x: Force dpkg to not to call sync() after package extraction, turn off
|
|
# the apt-cache (not needed in a container) and disable translation fetching...
|
|
- name: "/etc/dpkg/dpkg.cfg.d/02-force-unsafe-io"
|
|
blockinfile:
|
|
dest: /etc/dpkg/dpkg.cfg.d/02-force-unsafe-io
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
|
|
block: |
|
|
force-unsafe-io
|
|
|
|
- name: "/etc/apt/apt.conf.d/no-cache"
|
|
blockinfile:
|
|
dest: /etc/apt/apt.conf.d/no-redirect
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
|
|
block: |
|
|
# https://lists.debian.org/debian-security-announce/2019/msg00010.html
|
|
Acquire::http::AllowRedirect=false update;
|
|
Acquire::http::AllowRedirect=false upgrade;
|
|
|
|
- name: "/etc/apt/apt.conf.d/no-cache"
|
|
blockinfile:
|
|
dest: /etc/apt/apt.conf.d/no-cache
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
|
|
block: |
|
|
Acquire::http {No-Cache=True;};
|
|
when:
|
|
- ansible_virtualization_role|replace('NA', 'host') == 'guest'
|
|
|
|
- name: "/etc/apt/apt.conf.d/no-cache"
|
|
blockinfile:
|
|
dest: /etc/apt/apt.conf.d/no-cache
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
|
|
block: |
|
|
Acquire::http {No-Cache=False;};
|
|
when:
|
|
- ansible_virtualization_role|replace('NA', 'host') != 'guest'
|
|
|
|
- name: "/etc/apt/apt.conf.d/no-lang"
|
|
blockinfile:
|
|
dest: /etc/apt/apt.conf.d/no-lang
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
|
|
block: |
|
|
Acquire::Languages "none";
|
|
|
|
- name: disable /etc/apt/apt.conf.d/50unattended-upgrades
|
|
shell: |
|
|
[ -f /etc/apt/apt.conf.d/50unattended-upgrades ] || exit 0
|
|
grep -q '^[^/]' /etc/apt/apt.conf.d/50unattended-upgrades || exit 0
|
|
sed -e 's@^\([^/]\)@//\1@' -i /etc/apt/apt.conf.d/50unattended-upgrades
|
|
exit 0
|
|
|
|
- name: /etc/apt/apt.conf.d/70insecure.conf
|
|
blockinfile:
|
|
dest: /etc/apt/apt.conf.d/70insecure.conf
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
|
|
block: |
|
|
Acquire::AllowInsecureRepositories false;
|
|
|
|
- name: install proxy_debs_inst packages
|
|
environment:
|
|
- "RUNLEVEL": 1
|
|
apt:
|
|
force_apt_get: true
|
|
name: "{{ item }}"
|
|
state: latest
|
|
update_cache: no
|
|
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
|
|
when:
|
|
- item != '' and item != []
|
|
- not ansible_check_mode
|
|
- BASE_ARE_CONNECTED|default('') != ''
|
|
with_items:
|
|
- "{{proxy_debs_inst}}"
|
|
- "{{ proxy_libvirt_debs_inst if BOX_WHONIX_PROXY_HOST != '' else [] }}"
|
|
- "{{ proxy_qemu_guest_debs_inst if PROXY_MODE in ['gateway','ws', 'vda'] else [] }}"
|
|
- "{{ proxy_gateway_debs_inst if BOX_OS_FLAVOR in ['WhonixGateway'] else [] }}"
|
|
- "{{ proxy_xfce_debs_inst if BOX_OS_FLAVOR in ['KickSecure', 'WhonixWorkstation'] else [] }}"
|
|
|
|
- name: install cntlm packages
|
|
environment:
|
|
- "RUNLEVEL": 1
|
|
apt:
|
|
force_apt_get: true
|
|
name: "cntlm"
|
|
state: latest
|
|
update_cache: no
|
|
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
|
|
when:
|
|
- false
|
|
- not ansible_check_mode
|
|
- BASE_ARE_CONNECTED|default('') != ''
|
|
|
|
- name: "/etc/default/console-setup"
|
|
lineinfile:
|
|
dest: /etc/default/console-setup
|
|
create: yes
|
|
regexp: "^#* *{{item.name}}.*"
|
|
line: '{{ item.name }}="{{ item.val }}"'
|
|
state: present
|
|
with_items:
|
|
- { name: CODESET, val: "Uni2" }
|
|
- { name: FONTFACE, val: "TerminusBold" }
|
|
- { name: FONTSIZE, val: "28x14" }
|
|
|
|
- name: /etc/apt/apt.conf.d/70testforge.conf
|
|
blockinfile:
|
|
dest: /etc/apt/apt.conf.d/70testforge.conf
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Debian_post.yml"
|
|
block: |
|
|
APT::Install-Recommends false;
|
|
APT::Install-Suggests false;
|
|
#APT::AutoRemove::RecommendsImportant false;
|
|
#APT::AutoRemove::SuggestsImportant false;
|
|
APT::Periodic::Enable 0;
|
|
|
|
- name: //usr/share/tor/tor-service-defaults-torrc
|
|
shell: |
|
|
[ -f /usr/share/tor/tor-service-defaults-torrc ] &&
|
|
[ -h /usr/share/tor/tor-service-defaults-torrc ] && return 0
|
|
[ -f /usr/share/tor/tor-service-defaults-torrc ] || return 0
|
|
mv /usr/share/tor/tor-service-defaults-torrc \
|
|
/usr/share/tor/tor-service-defaults-torrc.bak
|
|
ln -s /etc/tor/torrc-defaults /usr/share/tor/tor-service-defaults-torrc
|