- hosts: [some-host]
  become: true
  tasks:
  - docker_network:
      name: tor_proxy_network
      driver_options:
        com.docker.network.bridge.name: tor
  - docker_container:
      name: tor_proxy
      # 1.0.0-tor0.4.1.6-amd64
      image: fphammerle/tor-proxy@sha256:ad55d07b1b21c35fa044dc3e1ea6c7d8494f39eb89491ddad35c245340f7cd4b
      networks:
      - name: tor_proxy_network
      purge_networks: yes
      ports:
      - '127.0.0.1:9050:9050/tcp'
      - '127.0.0.1:53:53/udp'
      restart_policy: unless-stopped
      memory: 128M
  - iptables:
      action: append
      table: filter
      chain: OUTPUT
      out_interface: '!lo'
      jump: REJECT
      reject_with: icmp-admin-prohibited