--- - hosts: net vars: file: - { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory } - { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory } apt: packages: - { package: "tor", state: present } - { package: "wireguard-tools", state: present } - { package: "wireguard", state: present } systemd: services: - { name: "tor@default", enabled: true, action: restarted } - { name: "wg-quick@wg0", enabled: true, action: restarted } firewall: - { port: "{{ wireguard.port }}", ipv: "v4", proto: "tcp" } - { port: "{{ wireguard.port }}", ipv: "v6", proto: "tcp" } tor: listen: socks: addr: "127.0.0.1" port: 9050 http: addr: "127.0.0.1" port: 7050 wireguard: interface: 'wg0' port: 51820 net: v4: addr: "172.22.12" range: serv: 24 clnt: 32 v6: addr: "fd86:ea04:1115:" range: serv: 120 clnt: 128 peers: - { bit: 2, pubkey: "Xb+ASR5NdnIB+dXWEA4H0V3d0LC0KocKeFeQDyqDqjk=" } - { bit: 3, pubkey: "kz9vLMnPtfka11n1EJpzHb4966ieJSo4BU1P2joHLXo=" } - { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" } - { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" } - { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" } roles: - file - apt - wireguard - tor - systemd - firewall