ansible-anon-relay/deploy_exit.yml at main · enuno/ansible-anon-relay · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Exit Relay Deployment Playbook
# Deploys exit Anon relays - WARNING: Your IP will be visible to destination sites!
- name: Deploy Exit Anon Relay
  hosts: exit_relays
  become: yes
  gather_facts: yes
  pre_tasks:
    - name: Display exit relay legal warning
      debug:
        msg: |
          ===========================================
          EXIT RELAY DEPLOYMENT
          ===========================================
          WARNING: Your IP will be visible to destination sites!

          Host: {{ inventory_hostname }}
          Nickname: {{ anon_relay_nickname | default('MyExitRelay') }}
          Contact: {{ anon_relay_contact | default('abuse@example.com') }}
          ORPort: {{ anon_relay_or_port | default(9001) }}
          DirPort: {{ anon_relay_dir_port | default(80) }}

          Legal acknowledgment required: {{ anon_exit_legal_acknowledged | default(false) }}
          ===========================================
      tags:
        - always
        - info
        - warning
    - name: Assert legal acknowledgment
      assert:
        that:
          - anon_exit_legal_acknowledged | default(false) == true
      fail_msg: |
        Legal acknowledgment is REQUIRED for exit relays!

        Set anon_exit_legal_acknowledged: true in your configuration
        after reviewing the legal implications and risks.

        This is a safety measure to ensure you understand the
        responsibilities of running an exit relay.
      success_msg: "Legal acknowledgment confirmed for exit relay deployment"
      tags:
        - always
        - legal
    - name: Run preflight checks
      include_role:
        name: preflight_checks
      tags:
        - preflight
        - checks
  roles:
    - role: docker_setup
      tags:
        - docker
        - setup
    - role: anon_relay_base
      tags:
        - anon
        - base
    - role: anon_relay_exit
      tags:
        - anon
        - exit
    - role: anon_relay_monitor
      when: anon_monitoring_enabled | default(true)
      tags:
        - monitoring
        - nyx
  post_tasks:
    - name: Run health checks
      include_role:
        name: health_checks
      tags:
        - health
        - checks
    - name: Display exit relay information
      debug:
        msg: |
          ===========================================
          EXIT RELAY DEPLOYED
          ===========================================
          Host: {{ inventory_hostname }}
          Nickname: {{ anon_relay_nickname | default('MyExitRelay') }}
          ORPort: {{ anon_relay_or_port | default(9001) }}
          DirPort: {{ anon_relay_dir_port | default(80) }}
          Status: Running

          ⚠️  WARNING: Your IP will be visible to destination sites!

          Exit Notice: http://{{ ansible_default_ipv4.address }}/
          Abuse Contact: {{ anon_exit_notice_email | default('abuse@example.com') }}

          You are responsible for all traffic exiting through this relay.
          ===========================================
      tags:
        - always
        - info