Skip to content

Home

Jump to bottom Edit New page
nusenu edited this page Nov 7, 2021 · 10 revisions

What parts of my tor relay configuration/operation does this ansible role cover?

tldr: everything is taken care of ;)

Tor (Repo and) Package Installation

  • Linux
    • APT: enables torproject.org's repository and installs the repo signing key
  • OpenBSD:
    • package installation via pkg_add
    • takes care of sysctl/kern.maxfiles and login.conf/openfiles-max
  • FreeBSD:
    • installs the tor package (via pkg)
    • take care of kern.ipc.somaxconn + kern.ipc.nmbclusters

Tor Instance Creation

  • (offline+online) key generation (on the ansible host)
  • transfers RSA and online Ed25519 keys to the relay
  • creates multiple tor instances on a single server (default: 2 per available IP address, configurable)
  • creates a system user per tor instance (every instance is run with a distinct system user)
  • generates torrc files
    • automatic MyFamily configuration
    • ContactInfo configurable
    • automatically detects/enables IPv6 support

Startup Configuration

  • enable all tor instances to start at boot
  • Linux: systemd multi-instance service file (tor@.service)
  • OpenBSD: rcctl - linking the default rc script once per tor instance
  • FreeBSD: /etc/rc.local

Easy Key Renewal

  • easy key renewal

ansible-playbook yourplaybook.yml -t renewkey

Add a custom footer
Add a custom sidebar
Clone this wiki locally