123 lines
3.3 KiB
YAML
123 lines
3.3 KiB
YAML
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
|
|
---
|
|
|
|
# to be run on the guest our guest workstation by libvirt_qemu
|
|
|
|
- name: "proxy whonix_guest.yml"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "proxy whonix_guest.yml PROXY_FEATURES={{PROXY_FEATURES}}"
|
|
|
|
## Whonix Guest or libvirt nat
|
|
- block:
|
|
|
|
- name: "proxy whonix_guest"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "proxy whonix.yml HOST={{ansible_virtualization_role|replace('NA', 'host')}}"
|
|
|
|
- name: /etc/init.d/qemu-guest-agent
|
|
shell: |
|
|
# even systemd
|
|
[ -x /etc/init.d/qemu-guest-agent ] || exit 1
|
|
/etc/init.d/qemu-guest-agent status || /etc/init.d/qemu-guest-agent start
|
|
/etc/init.d/qemu-guest-agent status
|
|
|
|
- name: /dev/virtio-ports/org/qemu.guest_agent.0
|
|
shell: |
|
|
[ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]
|
|
|
|
when:
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'guest'"
|
|
- BOX_OS_FLAVOR|default('') in [ 'WhonixWorkstation', 'WhonixGateway', 'Gentoo']
|
|
|
|
- block:
|
|
|
|
- name: /etc/rc.local
|
|
shell: |
|
|
[ -f /etc/rc.local ] && exit 0
|
|
cp -p /usr/local/etc/local.d/Whonix-Gateway.local /etc/rc.local
|
|
|
|
- name: /etc/sysctl.d/80_whonix_gateway.conf
|
|
blockinfile:
|
|
dest: /etc/sysctl.d/80_whonix_gateway.conf
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
|
|
insertafter: "Type=oneshot"
|
|
mode: 0644
|
|
owner: "{{BOX_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
create: yes
|
|
block: |
|
|
LimitNOFILE=100000
|
|
RestartSec=600s
|
|
Restart=never
|
|
|
|
when:
|
|
- BOX_OS_FLAVOR|default('') == 'WhonixGateway'
|
|
|
|
- block:
|
|
|
|
- name: /etc/rc.local
|
|
shell: |
|
|
[ -f /etc/rc.local ] && exit 0
|
|
cp -p /usr/local/etc/local.d/Whonix-Workstation.local /etc/rc.local
|
|
|
|
- name: /etc/sysctl.d/80_whonix_gateway.conf
|
|
blockinfile:
|
|
dest: /etc/sysctl.d/80_whonix_gateway.conf
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
|
|
mode: 0644
|
|
owner: "{{BOX_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
create: yes
|
|
block: |
|
|
fs.file-max = 100000
|
|
|
|
when:
|
|
- BOX_OS_FLAVOR|default('') == 'WhonixWorkstation'
|
|
|
|
- block:
|
|
|
|
# #x1:12345:respawn:/sbin/agetty -J 38400 console linux /etc/inittab
|
|
- name: "/etc/inittab"
|
|
lineinfile:
|
|
dest: "/etc/inittab"
|
|
insertbefore: BOF
|
|
mode: 0755
|
|
owner: "{{BOX_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
create: yes
|
|
regexp: "^#x1:12345:respawn:/sbin/agetty"
|
|
line: "x1:12345:respawn:/sbin/agetty"
|
|
|
|
when:
|
|
proxy_vda_cmdline_fact|default(1) == 0
|
|
|
|
- block:
|
|
|
|
- name: /etc/X11/xorg.conf.d/80_qxl.conf
|
|
blockinfile:
|
|
dest: /etc/X11/xorg.conf.d/80_qxl.conf
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy whonix_guest.yml"
|
|
insertafter: "Type=oneshot"
|
|
mode: 0644
|
|
owner: "{{BOX_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
create: yes
|
|
block: |
|
|
Section "Device"
|
|
Identifier "qxl"
|
|
Driver "qxl"
|
|
Option "DPI" "96 x 96"
|
|
Option "ENABLE_IMAGE_CACHE" "True"
|
|
Option "ENABLE_FALLBACK_CACHE" "False"
|
|
Option "ENABLE_SURFACES" "False"
|
|
EndSection
|
|
|
|
|
|
when:
|
|
- BOX_OS_FLAVOR|default('') != 'WhonixWorkstation' # already done
|
|
- BOX_OS_FLAVOR|default('') != 'WhonixGateway' # already done
|
|
- ansible_virtualization_role|replace('NA', 'host') == 'guest'
|