responding inline
Would you mind telling me which 2 features are critical for your use-case and why?
- automatic instance deployment (and all the dependencies that comes
with that, like ORListenAddress - without it tor0 would block tor2 from starting since they are binding on the same port)
- automatic MyFamily management this is just too annoying to manage manually
OK. I'd like for this feature to co-exist with the current configure_tor_instance.yml... because other entities are currently using that... including Mozilla.
- the directory layout change is more cosmetic but your current way
(everything in /etc) is rather unusual and as an example would require custom logrotate configuration that wouldn't be required otherwise
OK... I don't have a strong opinion... and I think the parent directory for all this should be configuration via a role variable so that the user can specify.
I'd like for this ansible role to be useful to relay operators like yourself... so I'm very interested in learning about how you'd like to use it.
- From the examples I assumed you are probably not using it mainly for
relays, is that correct?
Yes that is correct. I operate many Tor hidden services. However I initially created this Ansible role to help Moritz of torservers.net and those people that may be working for him; therefore pull requests and feedback helps; for instance Moritz specified several features it should have... and an engineer working for Mozilla chatted with me about the features they needed; then he sent me a pull request on github.
One could also add some auto detection to see if the ports are already in use..
I think the sys admin should just know what they are doing; and should know which ports are available.
If using configure_apt_single.yml then the torrc is in fact owned by root... and tor will then drop prives. The other way tor is deployed with this role is using the configure_tor_instance.yml... and i suppose the individual torrc files could be owned as root as long as they are readable by the tor user. But does this matter? What are the implications?
On a default install they are owned by root, I just reverted the change from owner=tor_user to owner=root to restore defaults. Implication.. tor_user will not be able to rewrite/manipulate its own configuration.
Yes I agree.
I'd be much more likely to merge your patches if they were one feature per patch... instead of this monolithic patch with many features.
Yes, that is what I expected, but then I thought that the two main changes code wise (autoconfig + directory structure) are dependent on each other anyway. Merging autoconfig without the directory restructuring (or vice versa) wouldn't be much fun since these modifications always touch overlapping areas. If you want to add it as additional option, including it as a separate yml in tasks/main.yml + separate torrc is also a possibility - but probably not the nicest way (duplicate code, multiple torrc's).
OK... I agree with you... but let's make this a seperate yml task file; your use is quite different than most of the entities currently using this ansible role. So let's add these as a new task file instead of modifying the existing task file.