[tor-relays] Debian relay Puppet module
Moritz Bartl
moritz at torservers.net
Mon Jun 16 02:40:59 UTC 2014
Hi Alexander,
On 06/15/2014 01:31 PM, Alexander Fortin wrote:
> This is the work-in-progress version of the module I’m currently using to manage my relay:
> https://github.com/shaftoe/puppet-tor/tree/fixes
Thank you for this. I've come across several Puppet and Ansible recipes
for Tor over time, but sadly have not found time to properly review or
even use them for our own servers yet.
https://github.com/shaftoe/puppet-tor/blob/fixes/manifests/apt.pp
key => '886DDD89'
You should never rely on short key IDs for anything. They can be forged
within minutes. When you look at
https://www.torproject.org/docs/debian.html.en , it fetches the key
using the short key ID, but only imports a key that matches the whole
fingerprint.
I found keys.gnupg.net to be unreliable sometimes, it would be good to
have some fallback options.
Tor generates key material, the default location is /var/lib/tor. I
always wondered if it was possible to pregenerate the necessary files
locally, and then push them to the relays, where /var/lib/tor is on a
ramdisk.
Personally, I think it would be great to not only have puppet modules
spread out somewhere across the Internet, but a full-fledged
guide/wizard that makes it easy for people to locally configure relays
without knowing anything about Tor configuration options. In my dream
world, it would not only support Debian: Right now, most of the Tor
network runs on Debian, which is not ideal. We need more *BSD and
Solaris! And FreeDOS! :)
--
Moritz Bartl
https://www.torservers.net/
More information about the tor-relays
mailing list