[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] relayor 0.1.0-alpha released

To: Tor Relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] relayor 0.1.0-alpha released
From: nusenu <nusenu@xxxxxxxxxxxxxxx>
Date: Sat, 13 Feb 2016 18:49:15 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 13 Feb 2016 13:49:47 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1455389370; bh=4t6hrtfO1QOzPHz+F8hAleG8RZ3cleUG8QNvCaw2JSI=; h=From:Subject:To:Date:From; b=QkOMEMQg9QVBhOybTFQd2pPrwHNGVhIAVpFBtoVsc+9+M0XsiQUorv6AaxzHoK6+G IDRJdY7a7Aqup8MH0SoNIZosz3O+48wbkTRQOahJx6uvxS6Ap0qNrtr+7zGnZcQSn5 9Ayz/Pn1dGJj9cUGIp5e15JOOIYAb0XtLYpwiIGo=
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1455389360; bh=4t6hrtfO1QOzPHz+F8hAleG8RZ3cleUG8QNvCaw2JSI=; h=From:Subject:To:Date:From; b=HUt1Exc0fYIzMZhzPz5p1w5fZQLVMW5eOPASS+6uKtlzqRDNKGRceKQBAsTNqKMZH KRDfL4RwNBMSGiUI/sWSRx/EKbojF0SiOznECZGbC3wSjXcAekETVY7mTDBXpkZmvT ZKrXwmDB03WYPQe5gaIfPXVAQEoeMploe0EkKrSA=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

relayor is an ansible [1] role for tor relay operators.

relayor makes use of tor's "OfflineMasterKey" feature [2] to help
protect your ed25519 master keys by not exposing it to the relay at
all. Since that requires regular key renewals (default: every 30 days,
configurable) this role aims to make this step easy by reducing it to
a single command.

https://github.com/nusenu/ansible-relayor


Main benefits for a tor relay operator
======================================

* security: ed25519 master keys are kept offline
* easy key renewal with a single command
* security: every tor instance is run with a distinct user
* automatically makes use of IPv6 IPs (if available)
* automatic MyFamily management
* automatic multi-instance setup (configurable)


Supported Platforms
===================

* FreeBSD
* Debian 8
* CentOS 7
* Ubuntu 15.10
* Fedora 23
* OpenBSD (starting with OpenBSD's next release: 5.9)

Installation
============

relayor is available via galaxy:

ansible-galaxy install nusenu.relayor

https://galaxy.ansible.com/nusenu/relayor/

Documentation
==============

https://github.com/nusenu/ansible-relayor/blob/master/README.md
https://github.com/nusenu/ansible-relayor/wiki

playbook examples:
https://github.com/nusenu/ansible-relayor/wiki/relayor-playbook-examples

migration steps
https://github.com/nusenu/ansible-relayor/wiki/Migration-Steps



git tags are signed with:

pub   4096R/4D705DE9 2016-02-11
    Key fingerprint = A7B5 DB91 CE04 C9E0 BE66  446B 8CBE 52BD 4D70 5DE9
uid ansible-relayor signing key
(https://github.com/nusenu/ansible-relayor)

feedback is appreciated.

regards,
nusenu


[1] https://docs.ansible.com/ansible/intro_getting_started.html
[2]
https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/Offli
neKeys

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWv3qoAAoJEFv7XvVCELh0H9IP/i7rRh3zrGRiru4uSOjZKUtB
Fni5jqCxS29V2GKNIXt075M/osd/ZEcTeBPieHvsfQn1t1Ju4e2HwIt9yjENNycM
Hg2VDkJt2wRxIg7hOHihGRqqxY7f85FLOpj4y11EskZMKFosOWJ8DrfBCGxYgLLf
vVbPEyS454Kj3ezX5BXQsmMAm97tCWeMLwG1BBLnkA+ift0A+/SHU85vYYLGUdPw
htZfxe83+WteziNhm8qOVw0sYlJwU8GAghFGeK/y1oPAUb0SjK9D2UHvldM6YNs8
+9359V2kHLMdqWZawellxxnbMNxjpEoHUlMDLpvmuN/S/MtBOkRGeST8bwVM1kRM
NHWn3NfmoKDt1NVBqTHY8RfmG+ODr9AXzyP9q9khNlN+R72r60kPgX8+vGR06g9j
7oFi5t+0SlWK+vExEyl+bLTA74ps3GBpk+w9zM2rhX9hms3pn5AAEDzHANY6YxB7
YCpvd/cpykQFQKo6fvmuk0Igdy91rvVPh21eV2boD8qTQ2eVazNj5NLju+9gpUiW
oRBN44v23KBXx+lgGb3FeNbSuzlh63MgQ6W9l7A985mfjyo0Xzw71NT5EjbC0eyM
t0rdKY2byjUNOFNzb1emYVeujVIpyZqbyU/9opQGPWo7gDtDm4LwZLLBE/fD01ej
F0rvBB9VpGIEp+hrWit+
=+F/t
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Issues with offline master key functionality
Next by Author: Re: [tor-relays] Relays with misconfigured MyFamily (declared vs. effective)
Previous by thread: Re: [tor-relays] Re-Install Tor on raspberry, keep torrc and fingerprint
Next by thread: [tor-relays] TOR service wont start with ORPort enabled
Index(es):
- Author
- Thread