--- # Tasks file traefik/tor for the traefik role # Infrastructure # Ansible instructions to deploy the infrastructure # Copyright (C) 2019-2020 Christoph (Sheogorath) Kern # Copyright (C) 2020 Alexander Wellbrock # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . - name: Update default SELinux contexts tor community.general.sefcontext: target: '{{ item }}(/.*)?' setype: "container_file_t" selevel: "{{ traefik_tor_selinux_level | default(omit) }}" state: present with_items: - "{{ traefik_tor_data_location }}" - "{{ traefik_tor_config_location }}" when: - traefik_selinux_enabled become: true - name: Create install directory ansible.builtin.file: path: "{{ item }}" state: directory mode: '0700' owner: 'root' group: 'root' with_items: - "{{ traefik_tor_location }}" become: true - name: Create data directory ansible.builtin.file: path: "{{ item }}" state: directory mode: '0700' owner: '994' group: '994' setype: "container_file_t" selevel: "{{ traefik_tor_selinux_level | default(omit) }}" with_items: - "{{ traefik_tor_data_location }}" become: true - name: Create config directory ansible.builtin.file: path: "{{ item }}" state: directory setype: "container_file_t" selevel: "{{ traefik_tor_selinux_level | default(omit) }}" mode: '0750' owner: 'root' group: 'root' with_items: - "{{ traefik_tor_config_location }}" become: true - name: Setup tor config ansible.builtin.copy: src: traefik-tor.conf dest: "{{ traefik_tor_config_location }}/traefik.conf" setype: "container_file_t" selevel: "{{ traefik_tor_selinux_level | default(omit) }}" mode: '0644' owner: 'root' group: 'root' notify: Restart tor proxy become: true