mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

tor: bridge statt relay (#246)

Browse source 
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#246
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2021-11-18 16:02:53 +01:00
parent 521de93de7
commit 09720c1bb6
9 changed files with 134 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
group_vars/tor.yml
View file

@ -8,8 +8,8 @@
tor_control_socket: 0
tor_contact_info: webmaster(at)mgrote(dot)net
tor_control_port: 9051
tor_bandwidth_rate: 350 MBits
tor_bandwidth_burst: 350 MBits
tor_mode: bridge
tor_bridge_port: 5555
### oefenweb.ufw
ufw_rules:
- rule: allow
@ -27,6 +27,11 @@
protocol: tcp
comment: 'tor'
from_ip: 0.0.0.0/0
- rule: allow
to_port: "{{ tor_bridge_port }}"
protocol: tcp
comment: 'tor'
from_ip: 0.0.0.0/0
### geerlingguy.munin-node
munin_node_bind_port: "4949"
munin_node_allowed_cidrs: [0.0.0.0/0]

2
roles/mgrote.tor-node/README.md
View file

@ -1,7 +1,7 @@
## mgrote.tor-node
### Beschreibung
Setzt ein tor-relay auf.
Setzt ein tor-relay ODER eine [tor-bridge](https://community.torproject.org/relay/setup/bridge/debian-ubuntu/) auf.
ORPort muss in Firewall freigeschaltet sein.
Es muss eine Portfreigabe im Router existieren.

2
roles/mgrote.tor-node/defaults/main.yml
View file

@ -11,3 +11,5 @@
# tor_my_family: name
# tor_bandwidth_rate:
# tor_bandwidth_burst:
tor_mode: relay # OR bridge
tor_bridge_port: 5555

34
roles/mgrote.tor-node/tasks/bridge.yml Normal file
View file

@ -0,0 +1,34 @@
---
- name: install dependencies
become: yes
ansible.builtin.package:
name: apt-transport-https
state: present
- name: add tor repo key
ansible.builtin.apt_key:
url: https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
state: present
- name: add tor repo
ansible.builtin.apt_repository:
repo: deb https://deb.torproject.org/torproject.org {{ ansible_distribution_release }} main
state: present
filename: tor
- name: install tor packages
become: yes
ansible.builtin.package:
name:
- tor
- deb.torproject.org-keyring
- obfs4proxy
state: present
notify: restart tor
- name: templating torrc
become: yes
ansible.builtin.template:
src: "bridge_torrc"
dest: "/etc/tor/torrc"
notify: restart tor

39
roles/mgrote.tor-node/tasks/main.yml
View file

@ -1,33 +1,10 @@
---
- name: install dependencies
become: yes
ansible.builtin.package:
name: apt-transport-https
state: present
- name: include bridge tasks
include_tasks: bridge.yml
when:
- tor_mode == 'bridge'
- name: add tor repo key
ansible.builtin.apt_key:
url: https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
state: present
- name: add tor repo
ansible.builtin.apt_repository:
repo: deb https://deb.torproject.org/torproject.org {{ ansible_distribution_release }} main
state: present
filename: tor
- name: install tor packages
become: yes
ansible.builtin.package:
name:
- tor
- deb.torproject.org-keyring
state: present
notify: restart tor
- name: templating torrc
become: yes
ansible.builtin.template:
src: "torrc"
dest: "/etc/tor/torrc"
notify: restart tor
- name: include relay tasks
include_tasks: relay.yml
when:
- tor_mode == 'relay'

33
roles/mgrote.tor-node/tasks/relay.yml Normal file
View file

@ -0,0 +1,33 @@
---
- name: install dependencies
become: yes
ansible.builtin.package:
name: apt-transport-https
state: present
- name: add tor repo key
ansible.builtin.apt_key:
url: https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
state: present
- name: add tor repo
ansible.builtin.apt_repository:
repo: deb https://deb.torproject.org/torproject.org {{ ansible_distribution_release }} main
state: present
filename: tor
- name: install tor packages
become: yes
ansible.builtin.package:
name:
- tor
- deb.torproject.org-keyring
state: present
notify: restart tor
- name: templating torrc
become: yes
ansible.builtin.template:
src: "relay_torrc"
dest: "/etc/tor/torrc"
notify: restart tor

26
roles/mgrote.tor-node/templates/bridge_torrc Normal file
View file

@ -0,0 +1,26 @@
{{ file_header | default () }}
Nickname {{ tor_relay_name }}
ContactInfo {{ tor_contact_info }}
ORPort {{ tor_or_port }}
ExitRelay 0
SocksPort {{ tor_socks_port }}
BridgeRelay 1
ExtORPort auto
Log notice syslog
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:{{ tor_bridge_port }}
ExitPolicy reject *:*
CookieAuthentication 1
{% if tor_bandwidth_rate is defined %}
BandwidthRate {{ tor_bandwidth_rate }}
{% endif %}
{% if tor_bandwidth_burst is defined %}
BandwidthBurst {{ tor_bandwidth_burst }}
{% endif %}
{% if tor_my_family is defined %}
MyFamily {{ tor_my_family }}
{% endif %}

23
roles/mgrote.tor-node/templates/relay_torrc Normal file
View file

@ -0,0 +1,23 @@
{{ file_header | default () }}
Nickname {{ tor_relay_name }}
ORPort {{ tor_or_port }}
ExitRelay 0
SocksPort {{ tor_socks_port }}
ControlSocket {{ tor_control_socket }}
ContactInfo {{ tor_contact_info }}
ControlPort {{ tor_control_port }}
CookieAuthentication 1
ExitPolicy reject *:*
{% if tor_bandwidth_rate is defined %}
BandwidthRate {{ tor_bandwidth_rate }}
{% endif %}
{% if tor_bandwidth_burst is defined %}
BandwidthBurst {{ tor_bandwidth_burst }}
{% endif %}
{% if tor_my_family is defined %}
MyFamily {{ tor_my_family }}
{% endif %}

23
roles/mgrote.tor-node/templates/torrc
View file

@ -1,23 +0,0 @@
{{ file_header | default () }}
Nickname {{ tor_relay_name }}
ORPort {{ tor_or_port }}
ExitRelay 0
SocksPort {{ tor_socks_port }}
ControlSocket {{ tor_control_socket }}
ContactInfo {{ tor_contact_info }}
ControlPort {{ tor_control_port }}
CookieAuthentication 1
ExitPolicy reject *:*
{% if tor_bandwidth_rate is defined %}
BandwidthRate {{ tor_bandwidth_rate }}
{% endif %}
{% if tor_bandwidth_burst is defined %}
BandwidthBurst {{ tor_bandwidth_burst }}
{% endif %}
{% if tor_my_family is defined %}
MyFamily {{ tor_my_family }}
{% endif %}