-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
relayor is an ansible [1] role for tor relay operators. relayor makes use of tor's "OfflineMasterKey" feature [2] to help protect your ed25519 master keys by not exposing it to the relay at all. Since that requires regular key renewals (default: every 30 days, configurable) this role aims to make this step easy by reducing it to a single command. https://github.com/nusenu/ansible-relayor Main benefits for a tor relay operator ====================================== * security: ed25519 master keys are kept offline * easy key renewal with a single command * security: every tor instance is run with a distinct user * automatically makes use of IPv6 IPs (if available) * automatic MyFamily management * automatic multi-instance setup (configurable) Supported Platforms =================== * FreeBSD * Debian 8 * CentOS 7 * Ubuntu 15.10 * Fedora 23 * OpenBSD (starting with OpenBSD's next release: 5.9) Installation ============ relayor is available via galaxy: ansible-galaxy install nusenu.relayor https://galaxy.ansible.com/nusenu/relayor/ Documentation ============== https://github.com/nusenu/ansible-relayor/blob/master/README.md https://github.com/nusenu/ansible-relayor/wiki playbook examples: https://github.com/nusenu/ansible-relayor/wiki/relayor-playbook-examples migration steps https://github.com/nusenu/ansible-relayor/wiki/Migration-Steps git tags are signed with: pub 4096R/4D705DE9 2016-02-11 Key fingerprint = A7B5 DB91 CE04 C9E0 BE66 446B 8CBE 52BD 4D70 5DE9 uid ansible-relayor signing key (https://github.com/nusenu/ansible-relayor) feedback is appreciated. regards, nusenu [1] https://docs.ansible.com/ansible/intro_getting_started.html [2] https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/Offli neKeys -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWv3qoAAoJEFv7XvVCELh0H9IP/i7rRh3zrGRiru4uSOjZKUtB Fni5jqCxS29V2GKNIXt075M/osd/ZEcTeBPieHvsfQn1t1Ju4e2HwIt9yjENNycM Hg2VDkJt2wRxIg7hOHihGRqqxY7f85FLOpj4y11EskZMKFosOWJ8DrfBCGxYgLLf vVbPEyS454Kj3ezX5BXQsmMAm97tCWeMLwG1BBLnkA+ift0A+/SHU85vYYLGUdPw htZfxe83+WteziNhm8qOVw0sYlJwU8GAghFGeK/y1oPAUb0SjK9D2UHvldM6YNs8 +9359V2kHLMdqWZawellxxnbMNxjpEoHUlMDLpvmuN/S/MtBOkRGeST8bwVM1kRM NHWn3NfmoKDt1NVBqTHY8RfmG+ODr9AXzyP9q9khNlN+R72r60kPgX8+vGR06g9j 7oFi5t+0SlWK+vExEyl+bLTA74ps3GBpk+w9zM2rhX9hms3pn5AAEDzHANY6YxB7 YCpvd/cpykQFQKo6fvmuk0Igdy91rvVPh21eV2boD8qTQ2eVazNj5NLju+9gpUiW oRBN44v23KBXx+lgGb3FeNbSuzlh63MgQ6W9l7A985mfjyo0Xzw71NT5EjbC0eyM t0rdKY2byjUNOFNzb1emYVeujVIpyZqbyU/9opQGPWo7gDtDm4LwZLLBE/fD01ej F0rvBB9VpGIEp+hrWit+ =+F/t -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
