-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Hi,

relayor is an ansible [1] role for tor relay operators.

relayor makes use of tor's "OfflineMasterKey" feature [2] to help protect your ed25519 master keys by not exposing it to the relay at all. Since that requires regular key renewals (default: every 30 days, configurable) this role aims to make this step easy by reducing it to a single command.

https://github.com/nusenu/ansible-relayor

Main benefits for a tor relay operator ======================================

* security: ed25519 master keys are kept offline * easy key renewal with a single command * security: every tor instance is run with a distinct user * automatically makes use of IPv6 IPs (if available) * automatic MyFamily management * automatic multi-instance setup (configurable)

Supported Platforms ===================

* FreeBSD * Debian 8 * CentOS 7 * Ubuntu 15.10 * Fedora 23 * OpenBSD (starting with OpenBSD's next release: 5.9)

Installation ============

relayor is available via galaxy:

ansible-galaxy install nusenu.relayor

https://galaxy.ansible.com/nusenu/relayor/

Documentation ==============

https://github.com/nusenu/ansible-relayor/blob/master/README.md https://github.com/nusenu/ansible-relayor/wiki

playbook examples: https://github.com/nusenu/ansible-relayor/wiki/relayor-playbook-examples

migration steps https://github.com/nusenu/ansible-relayor/wiki/Migration-Steps

git tags are signed with:

pub 4096R/4D705DE9 2016-02-11 Key fingerprint = A7B5 DB91 CE04 C9E0 BE66 446B 8CBE 52BD 4D70 5DE9 uid ansible-relayor signing key (https://github.com/nusenu/ansible-relayor)

feedback is appreciated.

regards, nusenu

[1] https://docs.ansible.com/ansible/intro_getting_started.html [2] https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/Offli neKeys