Fix smokescreen configuration

99a23d00 · ale · 14d155b0 · 99a23d00 · 99a23d00
Commit 99a23d00 authored 2 years ago by ale
--- a/roles/outbound-proxy/tasks/main.yml
+++ b/roles/outbound-proxy/tasks/main.yml
@@ -2,18 +2,35 @@
 - set_fact:
    smokescreen_config:
+      allow_missing_role: true
+    smokescreen_acl_config:
      version: "v1"
      services: "{{ outbound_proxy_services | default([]) }}"
      default:
+        name: "default"
        project: "default"
-        policy: "{{ outbound_proxy_default_policy | default('open') }}"
+        action: "{{ outbound_proxy_default_policy | default('open') }}"
      global_allow_list: "{{ outbound_proxy_global_allow_list | default([]) }}"
      global_deny_list: "{{ outbound_proxy_global_deny_list | default([]) }}"
+- name: Create /etc/smokescreen
+  file:
+    path: "/etc/smokescreen"
+    state: directory
+    owner: root
+    group: docker-outbound-proxy
+    mode: "0750"
 - name: Configure smokescreen
  copy:
-    dest: "/etc/smokescreen.yml"
+    dest: "/etc/smokescreen/{{ item.dest }}"
-    content: "{{ smokescreen_config | to_nice_yaml }}\n"
+    content: "{{ item.content | to_nice_yaml }}\n"
    owner: root
    group: docker-outbound-proxy
+    mode: "0640"
  notify: reload outbound-proxy
+  loop:
+    - dest: "config.yml"
+      content: "{{ smokescreen_config }}"
+    - dest: "acl.yml"
+      content: "{{ smokescreen_acl_config }}"
--- a/services.common.yml
+++ b/services.common.yml
@@ -362,10 +362,10 @@ outbound-proxy:
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/docker/smokescreen:master
-      args: "--listen-port 2142 --egress-acl-file /etc/smokescreen.yml"
+      args: "--listen-port 2142 --config-file /etc/smokescreen/config.yml --egress-acl-file /etc/smokescreen/acl.yml"
      port: 2142
      volumes:
-        - /etc/smokescreen.yml: /etc/smokescreen.yml
+        - /etc/smokescreen: /etc/smokescreen
  ports:
    - 2142