Fix smokescreen configuration

roles/outbound-proxy/tasks/main.yml

@@ -2,18 +2,35 @@
 
 - set_fact:
     smokescreen_config:
+      allow_missing_role: true
+    smokescreen_acl_config:
       version: "v1"
       services: "{{ outbound_proxy_services | default([]) }}"
       default:
+        name: "default"
         project: "default"
-        policy: "{{ outbound_proxy_default_policy | default('open') }}"
+        action: "{{ outbound_proxy_default_policy | default('open') }}"
       global_allow_list: "{{ outbound_proxy_global_allow_list | default([]) }}"
       global_deny_list: "{{ outbound_proxy_global_deny_list | default([]) }}"
 
+- name: Create /etc/smokescreen
+  file:
+    path: "/etc/smokescreen"
+    state: directory
+    owner: root
+    group: docker-outbound-proxy
+    mode: "0750"
+
 - name: Configure smokescreen
   copy:
-    dest: "/etc/smokescreen.yml"
-    content: "{{ smokescreen_config | to_nice_yaml }}\n"
+    dest: "/etc/smokescreen/{{ item.dest }}"
+    content: "{{ item.content | to_nice_yaml }}\n"
     owner: root
     group: docker-outbound-proxy
+    mode: "0640"
   notify: reload outbound-proxy
+  loop:
+    - dest: "config.yml"
+      content: "{{ smokescreen_config }}"
+    - dest: "acl.yml"
+      content: "{{ smokescreen_acl_config }}"

services.common.yml

@@ -344,10 +344,10 @@ outbound-proxy:
   containers:
     - name: http
       image: registry.git.autistici.org/ai3/docker/smokescreen:master
-      args: "--listen-port 2142 --egress-acl-file /etc/smokescreen.yml"
+      args: "--listen-port 2142 --config-file /etc/smokescreen/config.yml --egress-acl-file /etc/smokescreen/acl.yml"
       port: 2142
       volumes:
-        - /etc/smokescreen.yml: /etc/smokescreen.yml
+        - /etc/smokescreen: /etc/smokescreen
   ports:
     - 2142