ansible-debian-tor is an Ansible playbook to bootstrap a debian 9 server to be used as tor node. It performs some basic configuration and basic hardening (first n minutes on an new server like) on the server and it installs and configures a tor node with tor monitoring tools nyx and theonionbox.
It's based on light forks of some great roles around, used as git submodules:
- ansible-role-unattended-upgrades
- geerlingguy nginx
- geerlingguy certbot
- ansible-relayor
- ansible-node-exporter
It configures by distinct roles:
- basic users
- ssh
- basic packages
- motd
- fail2ban
- mail for notifications
- unattended updates by unattended upgrades
- certbot to obtain a ssl certificate for the nginx serving the onionbox
- nginx to proxy theonionbox webapps
- tor to install and configure tor
- tor-mon to install and configure nyx and theonionbox
- node-exporter to install prometheus node exporter
- tor-exporter to install prometheus atx tor exporter
git clone https://github.com/lgaggini/ansible-debian-tor.git
git submodule init
git submodule update
The configuration is done by the group_vars/all file. Options are self-explanatory. Passwords can be setted by using Ansible Vault.
ansible-playbook -i hosts playbook.yml --tags {{ tag }}
Available tags are:
- user
- ssh
- packages
- motd
- fail2ban
- unattended-upgrades
- certbot
- nginx
- tor
- tor-mon
- node-exporter
- tor-exporter