-
Notifications
You must be signed in to change notification settings - Fork 42
relayor playbook examples
(documentation for relayor version > 21.1.0, unreleased)
relayor protects your Ed25519 master keys by using tor's OfflineMasterKey feature (master keys are not exposed to the relay). Ed25519 online keys are valid for 30 days by default. Within 30 days after starting the relay the key has to be renewed, otherwise tor will shutdown. If you'd like to use a longer renewal interval set your preferred interval (i.e. 90 days):
---
- hosts: relays
vars:
tor_config:
SigningKeyLifetime: "90 days"
roles:
- nusenu.relayor
That is easy, just run your ansible playbook again. If you want to speedup playbook runs that just renew your keys, you can limiting it to the renewkey tag (assuming that all your instances are running):
ansible-playbook yourplaybook.yml -t renewkey
---
- hosts: relays
vars:
tor_ContactInfo: "foo@exmple.com PGP: 0x123123123"
roles:
- nusenu.relayor
If you want your instances to be named after the server's hostname on which they are running you can achieve that with:
---
- hosts: relays
vars:
tor_nickname: "{{ ansible_hostname }}"
roles:
- nusenu.relayor
relayor creates non-exit relays by default, becoming an exit relay is easy with tor_ExitRelay:
---
- hosts: relays
vars:
tor_ExitRelay: True
roles:
- nusenu.relayor
If you are an exit relay but do not specify an exit policy we use the reduced exit policy by default (copied from the torproject wiki).
If you are not happy with the reduced exit policy you can specify your own using tor_ExitPolicy:
---
- hosts: relays
vars:
tor_ExitRelay: True
tor_ExitPolicy: "reject *:25,accept *:*"
roles:
- nusenu.relayor
If you want to choose your own OrPort/DirPorts (defaults: instance 1: ORPort 9000, DirPort 9001, instance 2: ORPort 9100, DirPort 9101):
---
- hosts: relays
vars:
tor_ports:
- { orport: 123, dirport: 12345}
- { orport: 444, dirport: 23456}
roles:
- nusenu.relayor
relayor creates and starts two instances by default.
If you want to run just one instance on your entire server this can easily be achieved by setting tor_ports:
---
- hosts: relays
vars:
tor_ports:
- { orport: 443, dirport: 9000}
roles:
- nusenu.relayor
relayor enables tor's DirPort by default, if you want to disable it set it to 0.
---
- hosts: relays
vars:
tor_ports:
- { orport: 443, dirport: 0}
- { orport: 80, dirport: 0}
roles:
- nusenu.relayor