From a4953105ee3939c683351b9af1ed6e1f9b5f52e4 Mon Sep 17 00:00:00 2001
From: b0xxer <nothing.nowhere.com>
Date: Thu, 29 Feb 2024 07:04:32 -0600
Subject: [PATCH] basic tor implementation

---
 hosts                                         |  1 +
 roles/apps/tasks/tor.yml                      | 53 +++++++++++++++++++
 roles/apps/templates/tor/Containerfile.j2     | 18 +++++++
 roles/apps/templates/tor/build.sh.j2          |  3 ++
 .../apps/templates/tor/tor-node.container.j2  | 19 +++++++
 roles/apps/templates/tor/tor.repo.j2          |  7 +++
 6 files changed, 101 insertions(+)
 create mode 100644 roles/apps/tasks/tor.yml
 create mode 100644 roles/apps/templates/tor/Containerfile.j2
 create mode 100644 roles/apps/templates/tor/build.sh.j2
 create mode 100644 roles/apps/templates/tor/tor-node.container.j2
 create mode 100644 roles/apps/templates/tor/tor.repo.j2

diff --git a/hosts b/hosts
index e1edb7d..f7480a2 100644
--- a/hosts
+++ b/hosts
@@ -40,6 +40,7 @@ electrs_version=0.10.2
 rtl_version=0.15.0
 rtl_password=n0xb0x
 lnbits_version=0.12.1
+tor_version=1.0
 zerotier_network=
 #Update wariness - 1 = very reluctant to update, 0 = eager to update
 #timezone - which timezone update schedule is in
diff --git a/roles/apps/tasks/tor.yml b/roles/apps/tasks/tor.yml
new file mode 100644
index 0000000..38eaaba
--- /dev/null
+++ b/roles/apps/tasks/tor.yml
@@ -0,0 +1,53 @@
+---
+# tasks file for tor
+#
+
+- name: tor - Create ~/vol/tor
+  ansible.builtin.file:
+    path: ~/vol/tor/
+    state: directory
+  tags: [apps,tor]
+
+- name: tor - Make dir for tor Containers
+  ansible.builtin.file:
+    path: ~/containers/tor
+    state: directory
+  tags: [apps,tor]
+
+- name: tor - Copy Containerfile Template
+  ansible.builtin.template:
+    src: tor/Containerfile.j2
+    dest: ~/containers/tor/Containerfile
+  notify: rebuild_tor
+  tags: [apps,tor]
+
+- name: tor - Copy build script
+  ansible.builtin.template:
+    src: tor/build.sh.j2
+    dest: ~/containers/tor/build.sh
+    mode: '0700'
+  notify: rebuild_tor
+  tags: [apps,tor]
+
+- name: tor - Copy tor.repo
+  ansible.builtin.template:
+    src: tor/tor.repo.j2
+    dest: ~/containers/tor/tor.sh
+    mode: '0700'
+  notify: rebuild_tor
+  tags: [apps,tor]
+
+- name: tor - Copy tor-node.container file
+  ansible.builtin.template:
+    src: tor/tor-node.container.j2
+    dest: ~/containers/tor/tor-node.container
+  notify: reload_systemctl
+  tags: [apps,tor]
+
+- name: tor - Link tor-node.container to systemd location
+  ansible.builtin.file:
+    src: ~/containers/tor/tor-node.container
+    dest: ~/.config/containers/systemd/tor-node.container
+    state: link
+    force: true
+  tags: [apps,tor]
diff --git a/roles/apps/templates/tor/Containerfile.j2 b/roles/apps/templates/tor/Containerfile.j2
new file mode 100644
index 0000000..366ada5
--- /dev/null
+++ b/roles/apps/templates/tor/Containerfile.j2
@@ -0,0 +1,18 @@
+FROM docker.io/almalinux/9-init:latest
+
+COPY tor.repo /etc/yum.repos.d/tor.repo
+
+RUN dnf update -y \
+	&& dnf install -y epel-release \
+	&& dnf update -y \
+	&& dnf install -y tor privoxy \
+	&& systemctl enable tor \
+	&& systemctl enable privoxy \
+	&& echo "forward-socks5 / 127.0.0.1:9050 ." >> /etc/privoxy/config \
+	&& dnf clean all -y \
+	&& rm -fr /var/cache/* /tmp/*
+
+
+
+
+
diff --git a/roles/apps/templates/tor/build.sh.j2 b/roles/apps/templates/tor/build.sh.j2
new file mode 100644
index 0000000..33f66d0
--- /dev/null
+++ b/roles/apps/templates/tor/build.sh.j2
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+buildah bud -f Containerfile -t tor:{{tor_version}}
diff --git a/roles/apps/templates/tor/tor-node.container.j2 b/roles/apps/templates/tor/tor-node.container.j2
new file mode 100644
index 0000000..1991093
--- /dev/null
+++ b/roles/apps/templates/tor/tor-node.container.j2
@@ -0,0 +1,19 @@
+[Unit]
+Description=Tor Node
+Before=bitcoin-node
+
+[Container]
+Image={{ registry_url }}/tor:{{tor_version}}
+PodmanArgs=--pod bitcoin-pod
+
+[Service]
+# Restart service when sleep finishes
+Restart=always
+# Extend Timeout to allow time to pull the image
+TimeoutStartSec=900
+# ExecStartPre flag and other systemd commands can go here, see systemd.unit(5) man page.
+# ExecStartPre=/usr/share/mincontainer/setup.sh
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target
diff --git a/roles/apps/templates/tor/tor.repo.j2 b/roles/apps/templates/tor/tor.repo.j2
new file mode 100644
index 0000000..6a7ba00
--- /dev/null
+++ b/roles/apps/templates/tor/tor.repo.j2
@@ -0,0 +1,7 @@
+[tor]
+name=Tor for Enterprise Linux $releasever - $basearch
+baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
+enabled=1
+gpgcheck=1
+gpgkey=https://rpm.torproject.org/centos/public_gpg.key
+cost=100