Hi Alexander,
On 06/15/2014 01:31 PM, Alexander Fortin wrote:
This is the work-in-progress version of the module I’m currently using to manage my relay: https://github.com/shaftoe/puppet-tor/tree/fixes
Thank you for this. I've come across several Puppet and Ansible recipes for Tor over time, but sadly have not found time to properly review or even use them for our own servers yet.
https://github.com/shaftoe/puppet-tor/blob/fixes/manifests/apt.pp key => '886DDD89'
You should never rely on short key IDs for anything. They can be forged within minutes. When you look at https://www.torproject.org/docs/debian.html.en , it fetches the key using the short key ID, but only imports a key that matches the whole fingerprint.
I found keys.gnupg.net to be unreliable sometimes, it would be good to have some fallback options.
Tor generates key material, the default location is /var/lib/tor. I always wondered if it was possible to pregenerate the necessary files locally, and then push them to the relays, where /var/lib/tor is on a ramdisk.
Personally, I think it would be great to not only have puppet modules spread out somewhere across the Internet, but a full-fledged guide/wizard that makes it easy for people to locally configure relays without knowing anything about Tor configuration options. In my dream world, it would not only support Debian: Right now, most of the Tor network runs on Debian, which is not ideal. We need more *BSD and Solaris! And FreeDOS! :)