diff --git a/roles/outbound-proxy/tasks/main.yml b/roles/outbound-proxy/tasks/main.yml
index 450a0341c04fcf1fc9d2082b3e147142b73dcb96..80421df68f73a17d1df6d99fb71af27224eff6b6 100644
--- a/roles/outbound-proxy/tasks/main.yml
+++ b/roles/outbound-proxy/tasks/main.yml
@@ -2,18 +2,35 @@
- set_fact:
smokescreen_config:
+ allow_missing_role: true
+ smokescreen_acl_config:
version: "v1"
services: "{{ outbound_proxy_services | default([]) }}"
default:
+ name: "default"
project: "default"
- policy: "{{ outbound_proxy_default_policy | default('open') }}"
+ action: "{{ outbound_proxy_default_policy | default('open') }}"
global_allow_list: "{{ outbound_proxy_global_allow_list | default([]) }}"
global_deny_list: "{{ outbound_proxy_global_deny_list | default([]) }}"
+- name: Create /etc/smokescreen
+ file:
+ path: "/etc/smokescreen"
+ state: directory
+ owner: root
+ group: docker-outbound-proxy
+ mode: "0750"
+
- name: Configure smokescreen
copy:
- dest: "/etc/smokescreen.yml"
- content: "{{ smokescreen_config | to_nice_yaml }}\n"
+ dest: "/etc/smokescreen/{{ item.dest }}"
+ content: "{{ item.content | to_nice_yaml }}\n"
owner: root
group: docker-outbound-proxy
+ mode: "0640"
notify: reload outbound-proxy
+ loop:
+ - dest: "config.yml"
+ content: "{{ smokescreen_config }}"
+ - dest: "acl.yml"
+ content: "{{ smokescreen_acl_config }}"
diff --git a/services.common.yml b/services.common.yml
index 1f15cfd568602446559632fdf3b3d0b08b16ddcd..541b7fa316ca02fdb78cfe30ad4f8825a37d0e31 100644
--- a/services.common.yml
+++ b/services.common.yml
@@ -362,10 +362,10 @@ outbound-proxy:
containers:
- name: http
image: registry.git.autistici.org/ai3/docker/smokescreen:master
- args: "--listen-port 2142 --egress-acl-file /etc/smokescreen.yml"
+ args: "--listen-port 2142 --config-file /etc/smokescreen/config.yml --egress-acl-file /etc/smokescreen/acl.yml"
port: 2142
volumes:
- - /etc/smokescreen.yml: /etc/smokescreen.yml
+ - /etc/smokescreen: /etc/smokescreen
ports:
- 2142