From 99a23d00b650e86d4e9d735bc4571ff01ab17753 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 5 Dec 2022 20:01:23 +0000
Subject: [PATCH] Fix smokescreen configuration

---
 roles/outbound-proxy/tasks/main.yml | 23 ++++++++++++++++++++---
 services.common.yml                 |  4 ++--
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/roles/outbound-proxy/tasks/main.yml b/roles/outbound-proxy/tasks/main.yml
index 450a0341..80421df6 100644
--- a/roles/outbound-proxy/tasks/main.yml
+++ b/roles/outbound-proxy/tasks/main.yml
@@ -2,18 +2,35 @@
 
 - set_fact:
     smokescreen_config:
+      allow_missing_role: true
+    smokescreen_acl_config:
       version: "v1"
       services: "{{ outbound_proxy_services | default([]) }}"
       default:
+        name: "default"
         project: "default"
-        policy: "{{ outbound_proxy_default_policy | default('open') }}"
+        action: "{{ outbound_proxy_default_policy | default('open') }}"
       global_allow_list: "{{ outbound_proxy_global_allow_list | default([]) }}"
       global_deny_list: "{{ outbound_proxy_global_deny_list | default([]) }}"
 
+- name: Create /etc/smokescreen
+  file:
+    path: "/etc/smokescreen"
+    state: directory
+    owner: root
+    group: docker-outbound-proxy
+    mode: "0750"
+
 - name: Configure smokescreen
   copy:
-    dest: "/etc/smokescreen.yml"
-    content: "{{ smokescreen_config | to_nice_yaml }}\n"
+    dest: "/etc/smokescreen/{{ item.dest }}"
+    content: "{{ item.content | to_nice_yaml }}\n"
     owner: root
     group: docker-outbound-proxy
+    mode: "0640"
   notify: reload outbound-proxy
+  loop:
+    - dest: "config.yml"
+      content: "{{ smokescreen_config }}"
+    - dest: "acl.yml"
+      content: "{{ smokescreen_acl_config }}"
diff --git a/services.common.yml b/services.common.yml
index 1f15cfd5..541b7fa3 100644
--- a/services.common.yml
+++ b/services.common.yml
@@ -362,10 +362,10 @@ outbound-proxy:
   containers:
     - name: http
       image: registry.git.autistici.org/ai3/docker/smokescreen:master
-      args: "--listen-port 2142 --egress-acl-file /etc/smokescreen.yml"
+      args: "--listen-port 2142 --config-file /etc/smokescreen/config.yml --egress-acl-file /etc/smokescreen/acl.yml"
       port: 2142
       volumes:
-        - /etc/smokescreen.yml: /etc/smokescreen.yml
+        - /etc/smokescreen: /etc/smokescreen
   ports:
     - 2142
 
-- 
GitLab