Ansible for Snowflake proxies of the Tor network

Ansible role for the installation, configuration and operation of Snowflake proxies.

Background

Snowflake proxies are one of the systems that the Tor network has in place to address censorship. This type of bridge, currently under development, adds to the alternatives and anti-censorship efforts of Pluggable Transports (PTs) such as obfs4 and meek-azure. Bridges designed as access options for people where the Tor network is blocked.

Ansible role for Snowflake proxies

With this ansible role you can install, configure and operate snowflake proxies.

Features

  • Ubuntu Focal, Debian Buster, Debian Bullseye, ArchLinux, Fedora and FreeBSD support
  • Sytemd to manage the Snowflake service on GNU/Linux and rc script for FreeBSD
  • Support for Ansible 2.9 or higher

Role usage

Installing Ansible via pip

python -m pip install --user ansible

For other ansible installation methods: Installation Guide

Downloading the role from the Galaxy repository

ansible-galaxy install nvjacobo.snowflake

Creation of site.yml playbook

- hosts: snowflake
  roles:
      - nvjacobo.snowflake

Creation of the file inventory

[snowflake]
ip-address

Run playbook site.yml

ansible-playbook -i inventory site.yml -u root

Or with sudo 

ansible-playbook -i inventory site.yml -u nombre-de-user -b

Manage snowflake proxy with systemd on Ubuntu, Debian, Fedora, ArchLinux

ansible all -i inventory -a 'systemctl status snowflake-proxy' # status of service
ansible all -i inventory -a 'systemctl start snowflake-proxy' # start service
ansible all -i inventory -a 'systemctl stop snowflake-proxy' # stop service

Manage snowflake proxy with rc script on FreeBSD

ansible all -i inventory -a 'service snowflake status' # status of service
ansible all -i inventory -a 'service snowflake start' # start service
ansible all -i inventory -a 'service snowflake stop' # stop service

Upgrade

To upgrade to the latest available snowflake version it is necessary to run our playbook.

ansible-playbook -i inventario site.yml -u root

our with sudo

ansible-playbook -i inventario site.yml -u nombre-de-user -b

Recommendations

  • Enabling automatic security updates for the operating system
  • Configure exclusive SSH access with keys