On Mon, Jun 16, 2014 at 4:40 AM, Moritz Bartl <mor...@torservers.net> wrote: > Thank you for this. I've come across several Puppet and Ansible recipes > for Tor over time, but sadly have not found time to properly review or > even use them for our own servers yet.
Thank you for the feedback. I'm new in the Tor land but I think a well crafted CM module could definitely help the adoption, so I'm happy to see there's some discussion here. > https://github.com/shaftoe/puppet-tor/blob/fixes/manifests/apt.pp > key => '886DDD89' > > You should never rely on short key IDs for anything. They can be forged > within minutes. When you look at > https://www.torproject.org/docs/debian.html.en , it fetches the key > using the short key ID, but only imports a key that matches the whole > fingerprint. Ok > I found keys.gnupg.net to be unreliable sometimes, it would be good to > have some fallback options. Maybe add this fallback options to https://www.torproject.org/docs/debian.html.en too? > Tor generates key material, the default location is /var/lib/tor. I > always wondered if it was possible to pregenerate the necessary files > locally, and then push them to the relays, where /var/lib/tor is on a > ramdisk. I've been told on #tor that the secret_id key is more to be thought as a 'state' more then as a configuration, and if a Tor relay has to be moved on a different server, it's best practice to just start a new one from fresh. Or better said, there's no actual need of keeping a fingerprint consistent. > Personally, I think it would be great to not only have puppet modules > spread out somewhere across the Internet, but a full-fledged > guide/wizard that makes it easy for people to locally configure relays > without knowing anything about Tor configuration options. In my dream > world, it would not only support Debian: Right now, most of the Tor > network runs on Debian, which is not ideal. We need more *BSD and > Solaris! And FreeDOS! :) Yeah, I share the dream too :) It should be as easy as include 'tor' to install a relay with the most common configurations default (in my case, a non exit relay), regardless of the platform. -- http://about.me/alexanderfortin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays