Mirrors/spark
1
0
Fork 0
mirror of https://github.com/pigmonkey/spark.git synced 2026-01-23 02:24:09 +00:00
Code Issues Projects Releases Wiki Activity
1083 commits 3 branches 0 tags 5.5 MiB
Commit graph

13 commits

Author SHA1 Message Date
Pig Monkey
144226da8c unjail tor 
Some of the Firejail restrictions seem to conflict with the systemd
service hardening.
 2021-07-15 18:11:26 -07:00
Pig Monkey
2a013e1791 replace deprecated with_items on package tasks 
https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions
 2019-04-25 20:33:04 -07:00
Pig Monkey
fe2f2d88f5 simplify nmtrust configuration with includes 2018-11-17 23:19:47 -08:00
Pig Monkey
f3684a8279 update trusted_unit location in roles 2018-11-17 22:41:59 -08:00
Pig Monkey
5585ef9c7b move nmtrust to standalone role 2018-11-17 22:35:24 -08:00
Pig Monkey
8ffeaf17b5 use default firejail tor profile 
requires firejail >= 0.9.52

I haven't figured out why private-dev breaks tor.
 2017-12-26 16:40:45 -08:00
Pig Monkey
da7f2877f5 allow tor access to /dev 
Without this, Tor has started complaining about not being able to access
/dev/zero (despite Firejail making it available). Somebody should write
a real profile for this at some point...
 2016-12-07 15:58:38 -08:00
Pig Monkey
a09ac3b4f8 start tor jail as root, then drop 
An update at some point in the past week or two caused tor to break when
it was launched within Firejail as the tor user. Instead we launch the
jail as root and then have Tor drop privileges. I'm not sure why this is
necessary.
 2016-12-07 15:54:18 -08:00
Pig Monkey
948b2a3b9f only perform tor tasks when tor variable is defined 2016-08-18 20:41:28 -07:00
Pig Monkey
1db8763ca0 tor depends on the networkmanager role 
All the nmtrust scaffolding needs to exist before setting up tor.
 2016-08-12 19:08:07 -07:00
Pig Monkey
81898d6f02 hook tor into nmtrust 
Only running Tor on trusted networks seems a little strange. However, I
like having the system stop as many background network services as
possible when I connect to untrusted networks. This means that the
majority of traffic that I generate is due to explicit action taken by
the user, which makes me feel a bit more sneaky. If I'm on an untrusted
network and want to do something through tor, I'm happy to just
`systemctl start tor.service`.
 2016-08-10 21:03:06 -07:00
Pig Monkey
662785f282 accept exit code 1 for firejailed tor 
Firejail returns 1 when receiving a SIGINT, despite Tor exiting cleanly.
We'll accept that.
 2016-08-10 09:07:46 -07:00
Pig Monkey
98a8fcfe02 install tor 
This needs a firejail profile and a config option to specify when to
start the service.
 2016-07-29 21:00:02 -07:00