98 lines
3.2 KiB
YAML
98 lines
3.2 KiB
YAML
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
---
|
|
|
|
# these can be overridden using --extra-vars on the playbook command line
|
|
|
|
# bind to all interfaces for docker
|
|
|
|
# this is base - before /var/local is used
|
|
PROXY_VAR_LOCAL: "{{ VAR_LOCAL }}"
|
|
PROXY_USR_LOCAL: "{{ USR_LOCAL }}"
|
|
|
|
PROXY_POLIPO_HTTPPORT: 3128
|
|
PROXY_POLIPO_PROXYPORT: 3128
|
|
PROXY_PRIVOXY_HTTPPORT: 3128
|
|
PROXY_TOR_DNS_FORWARD: socat # polipo privoxy socat
|
|
|
|
PLAY_CA_CERT: "/usr/local/etc/ssl/cacert-curl.haxx.se.pem" # proxy?
|
|
|
|
PROXY_POLIPO_LOG: '{{ "/var/log/polipo.log" if ansible_distribution == "Gentoo" else "/var/log/polipo/polipo.log" }}'
|
|
PROXY_POLIPO_OWNER: '{{ "polipo" if ansible_distribution == "Gentoo" else "proxy" }}'
|
|
PROXY_POLIPO_GROUP: '{{ "root" if ansible_distribution == "Gentoo" else "adm" }}'
|
|
|
|
PROXY_PRIVOXY_LOG: '{{ "/var/log/privoxy.log" if ansible_distribution == "Gentoo" else "/var/log/privoxy/privoxy.log" }}'
|
|
PROXY_PRIVOXY_OWNER: '{{ "privoxy" if ansible_distribution == "Gentoo" else "proxy" }}'
|
|
PROXY_PRIVOXY_GROUP: '{{ "root" if ansible_distribution == "Gentoo" else "adm" }}'
|
|
|
|
PROXY_DNS_PORT: 53
|
|
HARDEN_DNS_PORT: "{{PROXY_DNS_PORT}}"
|
|
|
|
PROXY_SERVICE_DNSPORT: 53
|
|
PROXY_SERVICE_NTPPORT: 123
|
|
PROXY_NTP_OWNER: "ntp"
|
|
|
|
# could derive from SOCKS
|
|
PROXY_WHONIX_HTTPS_PORT: "{{BOX_WHONIX_HTTPS_PORT|default(9128)}}"
|
|
PROXY_WHONIX_SOCKS_HOST: "{{BOX_WHONIX_HTTPS_PORT|default('10.0.2.15')}}"
|
|
PROXY_WHONIX_SOCKS_NET: "{{BOX_WHONIX_HTTPS_PORT|default('10.0.2.2')}}"
|
|
PROXY_WHONIX_SOCKS_PORT: "{{BOX_WHONIX_SOCKS_PORT|default(9050)}}"
|
|
PROXY_WHONIX_SOCKS_USER: ""
|
|
PROXY_WHONIX_SOCKS_PASS: ""
|
|
PROXY_WHONIX_DNS_PORT: "{{BOX_WHONIX_DNS_PORT|default(9053)}}"
|
|
PROXY_WHONIX_TRANS_PORT: "{{BOX_WHONIX_TRANS_PORT|default(9040)}}"
|
|
PROXY_WHONIX_BUKU_PORT: "{{BOX_WHONIX_BUKU_PORT|default(7001)}}"
|
|
|
|
|
|
PROXY_DNSCRYPT_TGZ_URL: github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.19/dnscrypt-proxy-linux_x86_64-2.0.19.tar.gz
|
|
PROXY_GATEWAY_QEMU_DIR: /c/data/Vms/Lati/Qemu/var/lib/kvm/2020-10-30
|
|
PRIV_WHONIX_VERSION: 15.0.1.4.9
|
|
|
|
# was dnscrypt was "pdnsd"
|
|
# new default - figure out tor/gateway/socks-neither
|
|
PROXY_DNS_PROXY: "dnsmasq"
|
|
HARDEN_DNS_PROXY: "{{PROXY_DNS_PROXY}}"
|
|
|
|
PROXY_DNS_PROXY_ALL:
|
|
- "dnsmasq"
|
|
- "dnscrypt"
|
|
- socat
|
|
# - "pdnsd"
|
|
|
|
PROXY_DNS_NETMAN: "{{BOX_NET_MANAGER}}"
|
|
PROXY_DNS_NETMAN_ALL:
|
|
- "networkmanager"
|
|
- "wicd"
|
|
|
|
|
|
PROXY_NTP_GROUP: "{{BOX_NTP_GROUP}}"
|
|
PROXY_NTP_SERVERS:
|
|
- 132.163.97.4
|
|
- time.nist.gov
|
|
- 159.203.158.197
|
|
- pool.ntp.org
|
|
|
|
PROXY_GNUPG_SERVERS:
|
|
#dead keyserver hkp://keys.gnupg.net
|
|
#dead keyserver hkp://hkps.pool.sks-keyservers.net
|
|
# 18.9.60.141
|
|
- hkp://pgp.mit.edu
|
|
# 162.213.33.8
|
|
- hkp://keyserver.ubuntu.com
|
|
|
|
PROXY_GNUPG_CERTS:
|
|
- "{{PLAY_CA_CERT}}"
|
|
# these are ignored
|
|
- /usr/local/etc/ssl/cacert-testforge.pem
|
|
- /usr/share/gnupg/sks-keyservers.netCA.pem
|
|
#? - /usr/share/gnupg/sks-keyservers.netCA.pem
|
|
#hkp-cacert /usr/local/etc/ssl/cacert-curl.se.pem
|
|
#hkp-cacert /usr/local/etc/ssl/cacert-testforge.pem
|
|
#hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem
|
|
|
|
PROXY_FEATURES: "{{BOX_PROXY_FEATURES}}"
|
|
proxy_also_users: "{{BOX_ALSO_USERS}}"
|
|
|
|
#- stat: path=/etc/java-config-2/current-system-vm/jre/lib/net.properties
|
|
# register: net_properties_file
|
|
proxy_net_properties_file: "{{BOX_PROXY_JAVA_NET_PROPERTIES}}"
|