cookbook 'tor-full', '= 0.1.1'
tor-full (3) Versions 0.1.1 Follow1
Installs/Configures tor
cookbook 'tor-full', '= 0.1.1', :supermarket
knife supermarket install tor-full
knife supermarket download tor-full
tor-full Cookbook
Installs and configures tor on a node
Requirements
Depends on tor package on debian or ubuntu and tor-core on centos and redhat
Attributes
####################################### # General config section ####################################### #The directory for keeping all the keys/etc default['tor']['DataDirectory'] = "/var/lib/tor" #The minimum log level to log. Possible values include debug, info, notice, warn, and err. default['tor']['MinLogLevel'] = "notice" #Where logs should be written. Valid values include a path to a file or "syslog" default['tor']['LogDestination'] = "/var/log/tor/log" #List of 'address:port' to open tor socks proxy on. Defaults to disabled #Example: ['127.0.0.1:9050'] opens socks proxy on 9050 accessible to only the local machine default['tor']['SocksPorts'] = [] ####################################### # Hidden Services config section ####################################### #Desc: hidden services tor should expose #Example: #default['tor']['hiddenServices'] = { # 'HIDDEN_SERVICE_NAME':{ # 'HiddenServiceDir' => '/var/lib/tor/some_service/', #default is /var/lib/tor/HIDDEN_SERVICE_NAME/ # 'HiddenServicePorts' => ['80 127.0.0.1:80'] #x y:z says to redirect requests on port x to the address y:z #} default['tor']['HiddenServices'] = {} ####################################### # Relay config section ####################################### #if true tor will act as a relay default['tor']['relay']['enabled'] = false #What port to advertise for incoming Tor connections default['tor']['relay']['ORPort'] = '9001' #The IP address or full DNS name for incoming connections to your relay. default['tor']['relay']['Address'] = nil #If you have multiple network interfaces, you can specify one for outgoing traffic to use default['tor']['relay']['OutboundBindAddress'] = nil #A handle for your relay, so people don't have to refer to it by key default['tor']['relay']['Nickname'] = "IDidntEditTheConfig" #Limit how much relayed traffic you will allow in kilobytes (not bits) default['tor']['relay']['RelayBandwidthRate'] = nil #Limit how much relayed traffic you will allow for bursts in kilobytes (not bits) default['tor']['relay']['RelayBandwidthBurst'] = nil #ContactInfo you can be reached at #Example: "0xFFFFFFFF Random Person nobody AT example dot com" default['tor']['relay']['ContactInfo'] = nil #Sets the exit node policy for tor defaults to no exit #Exampe: ['accept *:6660-6667','reject *:*'] # allow irc ports but no more default['tor']['relay']['ExitPolicy'] = ['reject *:*'] #Set to 1 to run a bridge relay default['tor']['relay']['BridgeRelay'] = 0 #Set to 0 to run a private bridge relay default['tor']['relay']['PublishServerDescriptor'] = 1 #If true tor relay will server as a directory mirror default['tor']['relay']['Directory'] = false #"address:port" from which to mirror directory information default['tor']['relay']['DirPort'] = "9030" #If you run more than one tor node add keyids for other tor nodes default['tor']['relay']['MyFamily'] = []
Recipes
tor-full::default
Installs Tor and enables Tor service. By default it will not open a socks proxy, offer a hidden service,
or act as a relay.
tor-full::relay
Installs Tor and configs Tor to be a relay. By default the relay will not be an exit or directory.
Make sure to read through the attributes section for relays above.
Examples
Open local socks port
The example role below opens a Tor socks proxy on port 9050 available to localhost only
name "torproxy" run_list("recipe[tor-full]") override_attributes( "tor" => { "SocksPorts" => ["127.0.0.1:9050"] } )
Hidden service on port 80
The example role below serves a website on port 80 as a hidden service.
name "torservice" run_list("recipe[tor-full]") override_attributes( "tor" => { "hiddenServices" => { "hidden_web_service" => { "HiddenServicePorts" => ["80 127.0.0.1:8080"] #requests on port 80 are redirected to localhost port 8080 } } } )
Note: The tor-full recipe will write the hidden service's hostname to the attribute node.tor.hiddenServices.HIDDEN_SERVICE_NAME.hostname after node convergence.
Tor Relay
The node config below sets up a Tor relay. The relay is a directory and an exit
for IRC (ports 6660 & 6667).
{
"run_list": [
"recipe[tor-full::relay]"
],
"tor": {
"relay": {
"Address":"tor.icyego.com",
"Nickname":"IcyEgo",
"RelayBandwidthRate":"1000",
"RelayBandwidthBurst":"1100",
"ContactInfo":"ContactInfo 0x04FAC2E9CC21424A Richard Klafter <rpklafter@yahoo.com>",
"Directory":true,
"ExitPolicy":["accept *:6660-6667","reject *:*"]
}
}
}
Note: you can make recipe[tor-full] behave like recipe[tor-full::relay] by
setting the attribute tor.relay.enabled = true.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
tor-full CHANGELOG
This file is used to list changes made in each version of the tor cookbook.
0.1.0
- Richard Klafter - Initial release of tor-full
Foodcritic Metric
0.1.1 failed this metric
FC019: Access node attributes in a consistent manner: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/recipes/default.rb:11
FC019: Access node attributes in a consistent manner: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/recipes/default.rb:23
FC031: Cookbook without metadata file: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/metadata.rb:1
FC045: Consider setting cookbook name in metadata: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/metadata.rb:1
0.1.1 failed this metric
FC019: Access node attributes in a consistent manner: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/recipes/default.rb:23
FC031: Cookbook without metadata file: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/metadata.rb:1
FC045: Consider setting cookbook name in metadata: /tmp/cook/1100ef253c220c48043fc4c7/tor-full/metadata.rb:1
