Hey all,
Sorry for the delay in responding -- comments inline.
Fabio Pietrosanti - lists wrote:
I would suggest to add a Tor2web policy that, looking at X-Tor2web: HTTP header, enable or disable access to the Blog trough he internet:
What is your reasoning for disabling access via tor2web?
You may also consider adding support for Ahmia directory index
This seems reasonable =) Added as a task.
Nicolas Vigier wrote:
So I am thinking that an other way to do it could be to write a few ansible modules (or modules for your favorite configuration management tool) for the various tasks currently done by the script (installing nginx, installing a blog software, setup a hidden service, configure the firewall, etc ...), or take existing modules if they do what is needed.
I've been considering creating ansible modules to make it easier to deploy for some people. An organization reached out who wants to offer it in-house as some kind of enterprise service, which has reignited the discussion.
Then write a GUI program that will ask some questions, and when you click on the "setup" button generate an ansible variables file containing the answers to those questions (variables which are used by the ansible modules), and run ansible to apply the changes on the system.
Lots of people would like a GUI, which would make it much easier to deploy, but I always recommend that people segregate their hidden services (and websites) from their personal machine. I might be slowly changing my mind on GUIs for a number of reasons. It's still not a good idea to run on one's personal machine if there is a large risk associated with being personally linked to running a particular hidden service (eg, Muslims in Myanmar should host in a VM or a dedicated machine). But this may be a case where more users would be better served by having a gui than the fairly mild risk of someone running a service on their personal machine.
And a GUI would be great for people who want to run a hidden service using Tails. =)
Patrick Schleizer wrote:
I think it's non-ideal to modify config files using cat/sed/echo. That breaks sooner or later. And if later settings are supposed to be changed in the same file, things get messy. Some suggestions...
It would be better to put the config files into (debian) packages.
While this is true for popcon, this is not possible for most config files being edited. The most critical edits require the onionsite address, which of course has to be generated by each user on their own.
It's possible for debian and ubuntu packages to list package conflicts, which would be much better than rolling up custom packages that only exist to remove another.
Please consider to set timezone to UTC. Perhaps use the timezone-utc [2] package?
Tor requires an accurate clock to work properly.
You're sure you're not inventing a new linux distribution here? :)
Quite sure ;-) There's a real risk in trying to be everything to everyone. Not only does everything have to be created and documented, but maintained long-term. Bash scripts are straightforward for these tasks, as is ansible, VMs much less so, and GUIs very difficult.
best, Griffin