Skip to content

relayor playbook examples

nusenu edited this page Nov 7, 2021 · 12 revisions

(documentation for relayor version > 21.1.0, unreleased)

Setting your custom key lifetime

relayor protects your Ed25519 master keys by using tor's OfflineMasterKey feature (master keys are not exposed to the relay). Ed25519 online keys are valid for 30 days by default. Within 30 days after starting the relay the key has to be renewed, otherwise tor will shutdown. If you'd like to use a longer renewal interval set your preferred interval (i.e. 90 days):

---

- hosts: relays
  vars:
    tor_config:
      SigningKeyLifetime: "90 days"
  roles:
   - nusenu.relayor

How do I renew my keys?

That is easy, just run your ansible playbook again. If you want to speedup playbook runs that just renew your keys, you can limiting it to the renewkey tag (assuming that all your instances are running):

ansible-playbook yourplaybook.yml -t renewkey

Setting the ContactInfo

---

- hosts: relays
  vars:
    tor_ContactInfo: "foo@exmple.com PGP: 0x123123123"
  roles:
   - nusenu.relayor

Setting the Nickname

If you want your instances to be named after the server's hostname on which they are running you can achieve that with:

---

- hosts: relays
  vars:
    tor_nickname: "{{ ansible_hostname }}"
  roles:
   - nusenu.relayor

Exit Relay

relayor creates non-exit relays by default, becoming an exit relay is easy with tor_ExitRelay:

---

- hosts: relays
  vars:
    tor_ExitRelay: True
  roles:
   - nusenu.relayor

If you are an exit relay but do not specify an exit policy we use the reduced exit policy by default (copied from the torproject wiki).

Custom Exit Policy

If you are not happy with the reduced exit policy you can specify your own using tor_ExitPolicy:

---

- hosts: relays
  vars:
    tor_ExitRelay: True
    tor_ExitPolicy: "reject *:25,accept *:*"
  roles:
   - nusenu.relayor

Custom OrPort/DirPort

If you want to choose your own OrPort/DirPorts (defaults: instance 1: ORPort 9000, DirPort 9001, instance 2: ORPort 9100, DirPort 9101):

---

- hosts: relays
  vars:
    tor_ports:
     - { orport: 123, dirport: 12345}
     - { orport: 444, dirport: 23456}
  roles:
   - nusenu.relayor

Single Instance per Server

relayor creates and starts two instances by default.

If you want to run just one instance on your entire server this can easily be achieved by setting tor_ports:

---

- hosts: relays
  vars:
    tor_ports:
     - { orport: 443, dirport: 9000}
  roles:
   - nusenu.relayor

Disable DirPort

relayor enables tor's DirPort by default, if you want to disable it set it to 0.

---

- hosts: relays
  vars:
    tor_ports:
     - { orport: 443, dirport: 0}
     - { orport: 80, dirport: 0}
  roles:
   - nusenu.relayor