# vi: set ft=ruby : # frozen_string_literal: true ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt' # Vagrant::DEFAULT_SERVER_URL.replace('https://vagrantcloud.com') Vagrant.require_version '>= 2.2.6' Vagrant.configure('2') do |config| config.vm.box = 'generic/alpine319' config.vm.box_version = '4.3.12' config.vm.box_check_update = false config.vm.hostname = 'virt-disposable' # ssh config.ssh.insert_key = true config.ssh.keep_alive = true config.ssh.keys_only = true # timeouts config.vm.boot_timeout = 300 config.vm.graceful_halt_timeout = 60 config.ssh.connect_timeout = 15 # shares # config.vm.synced_folder '.', '/vagrant', type: 'nfs', nfs_version: 4, nfs_udp: false, nfs_export: true config.vm.provider 'libvirt' do |libvirt| libvirt.storage_pool_name = 'ramdisk' libvirt.default_prefix = 'disposable-' libvirt.driver = 'kvm' libvirt.memory = '3076' libvirt.cpus = 6 libvirt.sound_type = nil libvirt.qemuargs value: '-nographic' libvirt.qemuargs value: '-nodefaults' libvirt.qemuargs value: '-no-user-config' libvirt.qemuargs value: '-serial' libvirt.qemuargs value: 'pty' libvirt.random model: 'random' end config.vm.provision 'update-upgrade', type: 'shell', name: 'update-upgrade', inline: <<-SHELL set -ex sudo apk update && sudo apk upgrade sudo apk add tor torsocks firefox-esr xauth font-dejavu wget openvpn unzip iptables bubblewrap apparmor ufw nfs-utils wget -q https://addons.mozilla.org/firefox/downloads/file/4228676/foxyproxy_standard-8.9.xpi mv foxyproxy_standard-8.9.xpi foxyproxy@eric.h.jung.xpi mkdir -p ~/.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ mv foxyproxy@eric.h.jung.xpi ~/.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ mkdir -p /vagrant && \ sudo mount -t nfs 192.168.121.1:/home/devi/share/nfs /vagrant SHELL config.vm.provision 'update-upgrade-privileged', type: 'shell', name: 'update-upgrade-privileged', privileged: true, inline: <<-SHELL set -ex sed -i 's/^#X11DisplayOffset .*/X11DisplayOffset 0/' /etc/ssh/sshd_config sed -i 's/^X11Forwarding .*/X11Forwarding yes/' /etc/ssh/sshd_config rc-service sshd restart #rc-update add tor default cp /vagrant/torrc /etc/tor/torrc rc-service tor start #rc-update add openvpn default mkdir -p /tmp/mullvad/ && \ cp /vagrant/mullvad_openvpn_linux_fi_hel.zip /tmp/mullvad/ && \ cd /tmp/mullvad && \ unzip mullvad_openvpn_linux_fi_hel.zip && \ mv mullvad_config_linux_fi_hel/mullvad_fi_hel.conf /etc/openvpn/openvpn.conf && \ mv mullvad_config_linux_fi_hel/mullvad_userpass.txt /etc/openvpn/ && \ mv mullvad_config_linux_fi_hel/mullvad_ca.crt /etc/openvpn/ && \ mv mullvad_config_linux_fi_hel/update-resolv-conf /etc/openvpn && \ chmod 755 /etc/openvpn/update-resolv-conf modprobe tun echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/ipv4.conf sysctl -p /etc/sysctl.d/ipv4.conf rc-service openvpn start || true sleep 1 cp /vagrant/bw_firefox /usr/bin/ SHELL config.vm.provision 'kill-switch', communicator_required: false, type: 'shell', name: 'kill-switch', privileged: true, inline: <<-SHELL # http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion/en/help/linux-openvpn-installation set -ex ufw --force reset ufw default deny incoming ufw default deny outgoing ufw allow in on tun0 ufw allow out on tun0 # enable libvirt bridge ufw allow in on eth0 from 192.168.121.1 ufw allow out on eth0 to 192.168.121.1 # server block ufw allow out on eth0 to 185.204.1.174 port 443 ufw allow in on eth0 from 185.204.1.174 port 443 ufw allow out on eth0 to 185.204.1.176 port 443 ufw allow in on eth0 from 185.204.1.176 port 443 ufw allow out on eth0 to 185.204.1.172 port 443 ufw allow in on eth0 from 185.204.1.172 port 443 ufw allow out on eth0 to 185.204.1.171 port 443 ufw allow in on eth0 from 185.204.1.171 port 443 ufw allow out on eth0 to 185.212.149.201 port 443 ufw allow in on eth0 from 185.212.149.201 port 443 ufw allow out on eth0 to 185.204.1.173 port 443 ufw allow in on eth0 from 185.204.1.173 port 443 ufw allow out on eth0 to 193.138.7.237 port 443 ufw allow in on eth0 from 193.138.7.237 port 443 ufw allow out on eth0 to 193.138.7.217 port 443 ufw allow in on eth0 from 193.138.7.217 port 443 ufw allow out on eth0 to 185.204.1.175 port 443 ufw allow in on eth0 from 185.204.1.175 port 443 echo y | ufw enable SHELL config.vm.provision 'mullvad-test', type: 'shell', name: 'test', privileged: false, inline: <<-SHELL set -ex curl --connect-timeout 10 https://am.i.mullvad.net/connected | grep -i "you\ are\ connected" SHELL end