hmm it's written in bash. that would not have been my first choice to express this type of software. why bash?
i like ansible's agent-less design (no SPOF server with ambient authority) however it's restrictive yaml really lacks expressiveness and writing ansible modules in addition to yaml seems like a waste of time. however there is some excellent ansible tor stuff written for use by relay operators; meaning that it doesn't have nearly all the features that your thing has... but should be good enough for most relay operators: https://github.com/nusenu/ansible-relayor i think in the future if i had to automate this sort of thing I'd use bcfg2 in non-SPOF mode (that is, without a centralized server). On Thu, Jan 21, 2016 at 12:26 AM, Michael <strangerthanbl...@gmail.com> wrote: > Coderman, most welcome. > > To answer your question on port binding; that's a bit tricky, and depends on > what types of Tor nodes are chosen. Oh and the most up to date documentation > for variables and script arguments can be found in the [ ~/variables/ > blank_torinstall_vars.sh ] file, I'll have to rename it and/or split it up by > package name latter (much like the default variables files) as well as do > more edits to ensure that it nulls all variables on exit. > - for bridge torrc files this is assigned within the `case` statement and > only if "public" subtype was selected; sets to port "0" by default to keep > public out of your bridge's socks. I'll have to read up a little more on > security issues/mitigation for bridge nodes in relation to socks port. More > than likely the "privet" bridge option will be making use of Polipo so I'll > be sure to at least add a bridge socks port option soon. > - for client torrc files this is assigned within the `for` loop starting at > port 10010 on line 11 for SocksPort, ie [ SocksPort 100${_tor_count}0 ] and > counting up to the number given via [-C=4] command which also maybe assigned > with [ _connection_count =4 ] within a configuration file passed with [ > -vf=some_config.sh ] command. This same value is also used by Privoxy so I'll > have to write a few sanity checks and edits before adding a client socks port > prefix option. For [ SocksBindAddress ] and listen and accept policies I'll > be adding two new options [ -TSBA ] and [ -TSLA ] for binding and listening > and then use some scripted logic for acceptance lines... oh well that wasn't > to hard :-D next code push now includes these last two options. > - for exit torrc files this like public bridges is set to "0" as well as > setting the socks acceptance policy to reject by default. Note next code push > will now include variable [ ${_tor_dir_port:-9030} ] set by [ -TDP=9030 ] for > assigning torrc's DirPort. Additionally I've added some checks for binding to > the external and local IP:Port or Port alone (makes Tor guess) for config > lines like [ OutboundBindAddress ], and the [ -TOP=9001 ] or [ > ${_tor_or_port:-9001} ] has been corrected for assigning the ORPort. I still > have to add a `for` loop for IPv4/v6 [ ExitPolicy accept ... ] to allow for > adding more ports than just the restrictive policy list currently coded for. > - for hidden service torrc files socks ports and addresses have not even been > set yet but it may be best to disable it completely. > > If you happen to know which versions are incompatible with Tor port binding > configuration or where I can find this info I can add another set of checks > based on Tor version where needed. > > Thanks for taking the dive into the code Coderman, more eyes are defiantly > better when dealing with this many lines of configurations. > > On January 20, 2016 3:54:43 AM PST, coderman <coder...@gmail.com> wrote: >>On 1/19/16, Michael <strangerthanbl...@gmail.com> wrote: >>> Salutations Tor, >>> >>> I've something special to share with you all; regardless of if you're >>a node >>> operator, hidden service provider, client or completely new to Tor >>> installation and configurations... in short... a script pack aimed to >>> install and configure the previously listed node types and then a >>little >>> more. >>> https://github.com/S0AndS0/Perinoid_Linux_Project >> >>interesting; thank you! >> >> >>> ... Feel free to ask questions, >> >>i did not see a way for general preferance of control socket, socks >>socket, etc, over IP:Port in configs. this would be useful, but also >>need graceful fallback as older Tor versions do not support socket >>type for some services... [codespelunking continues] >> >> >>best regards, > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
