create & start docker container running docker.io/fphammerle/onion-service:3.1.0-tor0.4.4.8r0-amd64

README.md

@@ -0,0 +1,17 @@
+# Ansible Role: Tor Onion Service
+
+## Required Variables
+
+```yaml
+onion_service_container_name: onion_service
+onion_service_virtual_port: 80
+onion_service_target: 1.2.3.4:8080
+onion_service_non_anonymous_single_hop_mode: 0 # or 1
+onion_service_network_name: webserver
+```
+
+## Optional Variables
+
+```
+onion_service_container_image: docker.io/fphammerle/onion-service@sha256:788c7a8065cea26d7a029449a49f7c41143a35513617b9ff8db8d67687e87c5b
+```

defaults/main.yml

@@ -0,0 +1,4 @@
+# https://github.com/fphammerle/docker-onion-service/tags
+# object 48c53ae15c2780b3ac97ac55a91748e947a55ead
+# tag docker/3.1.0-tor0.4.4.8r0-amd64
+onion_service_container_image: docker.io/fphammerle/onion-service@sha256:788c7a8065cea26d7a029449a49f7c41143a35513617b9ff8db8d67687e87c5b

tasks/main.yml

@@ -0,0 +1,32 @@
+- name: onion service container
+  docker_container:
+    name: '{{ onion_service_container_name }}'
+    image: '{{ onion_service_container_image }}'
+    env:
+      VIRTUAL_PORT: '{{ onion_service_virtual_port | string }}'
+      TARGET: '{{ onion_service_target }}'
+      NON_ANONYMOUS_SINGLE_HOP_MODE: "{{ onion_service_non_anonymous_single_hop_mode | string }}"
+    read_only: yes
+    mounts:
+    - type: volume
+      source: '{{ onion_service_container_name }}_data'
+      target: /var/lib/tor
+      read_only: false
+    - type: volume
+      source: '{{ onion_service_container_name }}_key'
+      target: /onion-service
+      read_only: false
+    - type: tmpfs
+      target: /tmp # torrc
+      # nosuid,nodev,noexec added by default
+      tmpfs_mode: '1777'
+      tmpfs_size: 4k
+    networks: [name: '{{ onion_service_network_name }}']
+    purge_networks: yes
+    cap_drop: [ALL]
+    security_opts: [no-new-privileges]
+    cpu_quota: 8000
+    cpu_period: 10000
+    memory: 128M
+    restart_policy: unless-stopped
+    state: started