-
Notifications
You must be signed in to change notification settings - Fork 42
Home
nusenu edited this page Feb 13, 2016
·
10 revisions
tldr: everything is taken care of ;)
- Linux
- APT: enables torproject.org's repository and installs the repo signing key
- RPM: enables EPEL on CentOS
- CentOS/Fedora: takes care of SELinux configuration (enable 'tor_can_network_relay' boolean)
- OpenBSD:
- package installation via pkg_add (expects you to have the snapshot repository enabled in /etc/pkg.conf - until OpenBSD 5.9 is released)
- takes care of sysctl/kern.maxfiles and login.conf/openfiles-max
- FreeBSD:
- installs the tor package (via pkg)
- take care of kern.ipc.somaxconn + kern.ipc.nmbclusters
- (offline+online) key generation (on the ansible host)
- transfers RSA and online Ed25519 keys to the relay
- creates multiple tor instances on a single server (default: 2 per available IP address, configurable)
- creates a system user per tor instance (every instance is run with a distinct system user)
- generates torrc files
- automatic MyFamily configuration
- ContactInfo configurable
- automatically detects/enables IPv6 support
- enable all tor instances to start at boot
- Linux: systemd multi-instance service file ([email protected])
- OpenBSD: rcctl - linking the default rc script once per tor instance
- FreeBSD: /etc/rc.local
- easy Ed25519 key renewal
ansible-playbook yourplaybook.yml -t renewkey