-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi David,
thanks for your quick feedback.
Would you mind telling me which 2 features are critical for your use-case and why?
- - automatic instance deployment (and all the dependencies that comes with that, like ORListenAddress - without it tor0 would block tor2 from starting since they are binding on the same port)
- - automatic MyFamily management this is just too annoying to manage manually
- - the directory layout change is more cosmetic but your current way (everything in /etc) is rather unusual and as an example would require custom logrotate configuration that wouldn't be required otherwise
Can you share your ansible-tor playbook?
Since everything tor process specific is handled in ansible-tor, my playbook will mainly just references the role.
I'd like for this ansible role to be useful to relay operators like yourself... so I'm very interested in learning about how you'd like to use it.
- From the examples I assumed you are probably not using it mainly for relays, is that correct?
Why do you think the ORPorts should default to 80 and 443?
It is assumed that these well known ports are less likely blocked by outbound firewalls and therefore more useful for clients than on some highports. Once dirport support is added, I would use 80 as dirport.
For an example of common ORPorts see https://atlas.torproject.org/#search/contact:torservers
..but since it is very easy to modify the defaults, I've no strong feeling what is actually defined in default/main.yml.
One could also add some auto detection to see if the ports are already in use..
I think your auto tor instance deployment feature should be an optional feature that is off by default.
Yes that is fine, configuration changes are easy enough.
If using configure_apt_single.yml then the torrc is in fact owned by root... and tor will then drop prives. The other way tor is deployed with this role is using the configure_tor_instance.yml... and i suppose the individual torrc files could be owned as root as long as they are readable by the tor user. But does this matter? What are the implications?
On a default install they are owned by root, I just reverted the change from owner=tor_user to owner=root to restore defaults. Implication.. tor_user will not be able to rewrite/manipulate its own configuration.
I'd be much more likely to merge your patches if they were one feature per patch... instead of this monolithic patch with many features.
Yes, that is what I expected, but then I thought that the two main changes code wise (autoconfig + directory structure) are dependent on each other anyway. Merging autoconfig without the directory restructuring (or vice versa) wouldn't be much fun since these modifications always touch overlapping areas. If you want to add it as additional option, including it as a separate yml in tasks/main.yml + separate torrc is also a possibility - but probably not the nicest way (duplicate code, multiple torrc's).
Furthermore... I hate centralized media and all but github sure would make patch submission and review easier.
Yes, I'm considering it if this becomes something reoccurring.
thanks, Nusenu