ansible-playbook.yml 885 B

1234567891011121314151617181920212223242526272829
  1. - hosts: [some-host]
  2. become: true
  3. tasks:
  4. - docker_container:
  5. name: onion_service
  6. # object c0108f3399291deb03e22c550c09c502935c7f6b
  7. # tag docker/3.0.0-tor0.4.3.5-amd64
  8. image: docker.io/fphammerle/onion-service@sha256:4eff7f17a8d78ba4117a6dc64a120ff46cbbe7702595b37d8bafe9c8492c59df
  9. env:
  10. VIRTUAL_PORT: '80'
  11. TARGET: 1.2.3.4:8080
  12. #NON_ANONYMOUS_SINGLE_HOP_MODE: '1'
  13. volumes:
  14. - onion_service_data:/var/lib/tor
  15. - onion_service_key:/onion-service
  16. mounts:
  17. - type: tmpfs
  18. target: /tmp # torrc
  19. # nosuid,nodev,noexec added by default
  20. tmpfs_mode: '1777'
  21. tmpfs_size: 4k
  22. read_only: yes
  23. cap_drop: [ALL]
  24. security_opts: [no-new-privileges]
  25. cpu_quota: 5000
  26. cpu_period: 10000
  27. memory: 128M
  28. restart_policy: unless-stopped
  29. state: started