пре 4 година · 69d55e779d
--- a/README.md
+++ b/README.md
@@ -0,0 +1,17 @@
 
															+# Ansible Role: Tor Onion Service
														
 
															+
														
 
															+## Required Variables
														
 
															+
														
 
															+```yaml
														
 
															+onion_service_container_name: onion_service
														
 
															+onion_service_virtual_port: 80
														
 
															+onion_service_target: 1.2.3.4:8080
														
 
															+onion_service_non_anonymous_single_hop_mode: 0 # or 1
														
 
															+onion_service_network_name: webserver
														
 
															+```
														
 
															+
														
 
															+## Optional Variables
														
 
															+
														
 
															+```
														
 
															+onion_service_container_image: docker.io/fphammerle/onion-service@sha256:788c7a8065cea26d7a029449a49f7c41143a35513617b9ff8db8d67687e87c5b
														
 
															+```
														
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
 
															+# https://github.com/fphammerle/docker-onion-service/tags
														
 
															+# object 48c53ae15c2780b3ac97ac55a91748e947a55ead
														
 
															+# tag docker/3.1.0-tor0.4.4.8r0-amd64
														
 
															+onion_service_container_image: docker.io/fphammerle/onion-service@sha256:788c7a8065cea26d7a029449a49f7c41143a35513617b9ff8db8d67687e87c5b
														
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,32 @@
 
															+- name: onion service container
														
 
															+  docker_container:
														
 
															+    name: '{{ onion_service_container_name }}'
														
 
															+    image: '{{ onion_service_container_image }}'
														
 
															+    env:
														
 
															+      VIRTUAL_PORT: '{{ onion_service_virtual_port | string }}'
														
 
															+      TARGET: '{{ onion_service_target }}'
														
 
															+      NON_ANONYMOUS_SINGLE_HOP_MODE: "{{ onion_service_non_anonymous_single_hop_mode | string }}"
														
 
															+    read_only: yes
														
 
															+    mounts:
														
 
															+    - type: volume
														
 
															+      source: '{{ onion_service_container_name }}_data'
														
 
															+      target: /var/lib/tor
														
 
															+      read_only: false
														
 
															+    - type: volume
														
 
															+      source: '{{ onion_service_container_name }}_key'
														
 
															+      target: /onion-service
														
 
															+      read_only: false
														
 
															+    - type: tmpfs
														
 
															+      target: /tmp # torrc
														
 
															+      # nosuid,nodev,noexec added by default
														
 
															+      tmpfs_mode: '1777'
														
 
															+      tmpfs_size: 4k
														
 
															+    networks: [name: '{{ onion_service_network_name }}']
														
 
															+    purge_networks: yes
														
 
															+    cap_drop: [ALL]
														
 
															+    security_opts: [no-new-privileges]
														
 
															+    cpu_quota: 8000
														
 
															+    cpu_period: 10000
														
 
															+    memory: 128M
														
 
															+    restart_policy: unless-stopped
														
 
															+    state: started