From 432cc36ef8643985783730db867072779ce3818e Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Mon, 2 Nov 2020 16:15:47 -0600 Subject: [PATCH] Updating DarkNet role --- roles/DarkNet/README.md | 27 +++++++++++++++++++++++++++ roles/DarkNet/tasks/main.yml | 33 ++++++++++++++++++++++++++------- 2 files changed, 53 insertions(+), 7 deletions(-) create mode 100644 roles/DarkNet/README.md diff --git a/roles/DarkNet/README.md b/roles/DarkNet/README.md new file mode 100644 index 0000000..d640890 --- /dev/null +++ b/roles/DarkNet/README.md @@ -0,0 +1,27 @@ +The DarkNet VM is the privacy protection of the AniNIX. The AniNIX does not believe in security by obscurity or in censorship; as such, everyone should have a voice. VPN access is an assurance to content despite censorship and obfuscation for cases where free speech would normally come with some form of repercussions, despite the UN standards for human rights. + +# Etymology +The DarkNet is named for an anonymous network whose access is controlled only by the admins and whose usage is known only to them. It's entirely closed and anonymous. + +# Capacity and Components +A basic VM to provide DarkNet functionality in an AniNIX replica only needs the following resources: +* [ShadowArch](/AniNIX/ShadowArch) +* 1 core +* 1024M of RAM +* Virtualized NIC +* 150G of storage for any [AniNIX/WolfPack](/AniNIX/WolfPack) downloads, preferably on a unique physical harddrive that can be pulled and drilled + +# Hosted Services +The DarkNet uses a small package list. It uses a couple services to achieve its goals. First, it uses [NordVPN](http://nordvpn.com/) to protect all traffic -- very simply, all one has to do to connect to the VPN is to run `nordvpn connect` and provide your login credentials to the service. We also use TOR for further anonymity -- torsocks and tor-browser-en provide functionality to cover that. + +We recommend whitelisting your replica's subnet so that NordVPN doesn't see local traffic and services like log aggregation and administration can happen without exposing access across the VPN. +``` +nordvpn whitelist add subnet $subnet/$cidr +``` + +## Abilities +* Encrypted storage by default to a passphrase known only to admins. +* Tor proxy service, integrated with both text lynx and GUI tor-browser-en browsers. + * Lynx is aliased to "torsocks lynx" globally +* Anonymous VPN via NordVPN + diff --git a/roles/DarkNet/tasks/main.yml b/roles/DarkNet/tasks/main.yml index e7e29da..111073c 100644 --- a/roles/DarkNet/tasks/main.yml +++ b/roles/DarkNet/tasks/main.yml @@ -1,9 +1,28 @@ --- - - name: DarkNet packages - become: yes - package: - name: - - WolfPack - - deluge - - nordvpn-bin + - name: DarkNet packages + become: yes + package: + name: + - deluge + - deluge-gtk + - openvpn + - nordvpn-bin + - tor + - torsocks + - tor-browser-en + + - name: "Enable daemons" + become: yes + service: + name: "{{ item }}" + state: started + enabled: yes + loop: + - tor + - nordvpnd + - deluged + + - debug: + msg: "Remember to use the nordvpn-bin command to set up your account." +