Add lightweight ad-blocking to the proxy #14

2025-04-21 00:27:08 +02:00 · 2016-07-30 22:58:24 +03:00 · 2016-07-30 22:58:24 +03:00 · 2648ccdc18
commit 2648ccdc18
parent 45b9bba5e1
4 changed files with 45 additions and 8 deletions
--- a/common.yml
+++ b/common.yml
@ -73,12 +73,14 @@
      - rsyslog
      - sendmail
      - unattended-upgrades
+      - privoxy
+      - iptables-persistent
      
  - name: Unattended-upgrades configured
    template: src=50unattended-upgrades.j2 dest=/etc/apt/apt.conf.d/50unattended-upgrades owner=root group=root mode=644

  - name: Periodic upgrades configured
-    template: src=10periodic.j2 dest=/etc/apt/apt.conf.d/10periodic owner=root group=root mode=644    
+    template: src=10periodic.j2 dest=/etc/apt/apt.conf.d/10periodic owner=root group=root mode=644
  
  handlers:
    - name: restart auditd
@ -88,9 +90,9 @@
      service: name=rsyslog state=restarted
      
    - name: restart ssh
-      service: name=ssh state=restarted     
+      service: name=ssh state=restarted
      
    - name: flush routing cache
      shell: echo 1 > /proc/sys/net/ipv4/route/flush     

-    
+    
--- a/config.cfg
+++ b/config.cfg
@ -13,10 +13,6 @@ easyrsa_reinit_existent: False
 server_name: example.com
 server_ip: "{{ ansible_ssh_host }}"

-# specify users that you need
-server_name: www.ivlis.me
-server_ip: "{{ ansible_ssh_host }}"
-
 users:
  - mr.smith
  - mrs.smith
--- a/features.yml
+++ b/features.yml
@ -0,0 +1,33 @@
+---
+
+- name: Other features
+  hosts: vpn-host
+  gather_facts: false
+  remote_user: root
+  vars_files:
+    - config.cfg    
+  
+  tasks:
+  - name: Loopback for services configured
+    template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
+    
+  - name: Loopback included into the network config
+    lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
+    
+  - name: Loopback is running
+    shell: ifdown lo:100 && ifup lo:100
+    
+  # Privoxy  
+  
+  - name: Privoxy configured
+    template: src=privoxy_config.j2 dest=/etc/privoxy/config
+    notify:
+      - restart privoxy
+      
+  - name: Privoxy enabled and started
+    service: name=privoxy state=started enabled=yes
+    
+  handlers:
+    - name: restart privoxy
+      service: name=privoxy state=restarted          
+    
--- a/vpn.yml
+++ b/vpn.yml
@ -25,10 +25,13 @@
    with_items:
      - apparmor
      - strongswan
+      - netfilter-persistent

  - name: Configure iptables so IPSec traffic can traverse the tunnel
    iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 jump=MASQUERADE
-
+    notify:
+    - save iptables
+    
  - name: Setup the ipsec.conf file from our template
    template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644
    notify:
@ -148,3 +151,6 @@

    - name: restart apparmor
      service: name=apparmor state=restarted
+      
+    - name: save iptables
+      command: service netfilter-persistent save