proxy_role/tasks/Devuan.yml
2024-01-06 03:08:22 +00:00

138 lines
4.4 KiB
YAML

# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: Including proxy Devuan.yml"
debug:
verbosity: 1
msg: "DEBUG: Including proxy Devuan.yml BASE_ARE_CONNECTED={{BASE_ARE_CONNECTED}}"
# Perf h4x: Force dpkg to not to call sync() after package extraction, turn off
# the apt-cache (not needed in a container) and disable translation fetching...
- name: "/etc/dpkg/dpkg.cfg.d/02-force-unsafe-io"
blockinfile:
dest: /etc/dpkg/dpkg.cfg.d/02-force-unsafe-io
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
block: |
force-unsafe-io
- name: "/etc/apt/apt.conf.d/no-cache"
blockinfile:
dest: /etc/apt/apt.conf.d/no-redirect
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
block: |
# https://lists.debian.org/debian-security-announce/2019/msg00010.html
Acquire::http::AllowRedirect=false update;
Acquire::http::AllowRedirect=false upgrade;
- name: "/etc/apt/apt.conf.d/no-cache"
blockinfile:
dest: /etc/apt/apt.conf.d/no-cache
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
block: |
Acquire::http {No-Cache=True;};
when:
- ansible_virtualization_role|replace('NA', 'host') == 'guest'
- name: "/etc/apt/apt.conf.d/no-cache"
blockinfile:
dest: /etc/apt/apt.conf.d/no-cache
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
block: |
Acquire::http {No-Cache=False;};
when:
- ansible_virtualization_role|replace('NA', 'host') != 'guest'
- name: "/etc/apt/apt.conf.d/no-lang"
blockinfile:
dest: /etc/apt/apt.conf.d/no-lang
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
block: |
Acquire::Languages "none";
- name: disable /etc/apt/apt.conf.d/50unattended-upgrades
shell: |
[ -f /etc/apt/apt.conf.d/50unattended-upgrades ] || exit 0
grep -q '^[^/]' /etc/apt/apt.conf.d/50unattended-upgrades || exit 0
sed -e 's@^\([^/]\)@//\1@' -i /etc/apt/apt.conf.d/50unattended-upgrades
exit 0
- name: /etc/apt/apt.conf.d/70insecure.conf
blockinfile:
dest: /etc/apt/apt.conf.d/70insecure.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Devuan.yml"
block: |
Acquire::AllowInsecureRepositories false;
- name: install proxy_debs_inst packages
environment:
- "RUNLEVEL": 1
apt:
force_apt_get: true
name: "{{ item }}"
state: latest
update_cache: no
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- item != '' and item != []
- not ansible_check_mode
- BASE_ARE_CONNECTED|default('') != ''
with_items:
- "{{proxy_debs_inst}}"
- "{{ proxy_libvirt_debs_inst if BOX_WHONIX_PROXY_HOST != '' else [] }}"
- "{{ proxy_qemu_guest_debs_inst if PROXY_MODE in ['gateway','ws', 'vda'] else [] }}"
- "{{ proxy_gateway_debs_inst if BOX_OS_FLAVOR in ['WhonixGateway'] else [] }}"
- "{{ proxy_xfce_debs_inst if BOX_OS_FLAVOR in ['KickSecure', 'WhonixWorkstation'] else [] }}"
- name: install cntlm packages
environment:
- "RUNLEVEL": 1
apt:
force_apt_get: true
name: "cntlm"
state: latest
update_cache: no
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- false
- not ansible_check_mode
- BASE_ARE_CONNECTED|default('') != ''
- name: "/etc/default/console-setup"
lineinfile:
dest: /etc/default/console-setup
create: yes
regexp: "^#* *{{item.name}}.*"
line: '{{ item.name }}="{{ item.val }}"'
state: present
with_items:
- { name: CODESET, val: "Uni2" }
- { name: FONTFACE, val: "TerminusBold" }
- { name: FONTSIZE, val: "28x14" }
- name: /etc/apt/apt.conf.d/70testforge.conf
blockinfile:
dest: /etc/apt/apt.conf.d/70testforge.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy Debian_post.yml"
block: |
APT::Install-Recommends false;
APT::Install-Suggests false;
#APT::AutoRemove::RecommendsImportant false;
#APT::AutoRemove::SuggestsImportant false;
APT::Periodic::Enable 0;
- name: //usr/share/tor/tor-service-defaults-torrc
shell: |
[ -f /usr/share/tor/tor-service-defaults-torrc ] &&
[ -h /usr/share/tor/tor-service-defaults-torrc ] && return 0
[ -f /usr/share/tor/tor-service-defaults-torrc ] || return 0
mv /usr/share/tor/tor-service-defaults-torrc \
/usr/share/tor/tor-service-defaults-torrc.bak
ln -s /etc/tor/torrc-defaults /usr/share/tor/tor-service-defaults-torrc