I am setting up a couple #Tor relays and automating everything so it is reproducible. The host OS is #FreeBSD since that's the only BSD #DigitalOcean offers.
I've got existing automation which provisions a #ZNC via #Terraform / #Chef. ZNC runs inside #Docker. This all works great though Chef annoys me in some ways.
For the Tor boxen I'm considering two changes:
- Swap Docker for BSD jail
- Swap Chef for #Ansible or a straight shell script.
Thoughts?
@mkb it would probably be best to go with another provider altogether given Tor's target audience. Oversaturating a provider makes an easier target for adversaries.
@mkb I self-host my non-exit relay out of my home. I'm a fan of RootBSD for VPS hosting in general, though.
The other thing to take into account is the security of the operating environment for Tor. It would be best to run Tor on an OS that has exploit mitigations, like HardenedBSD or OpenBSD.
Tor's unique threat landscape and audience requires relay operators pay special attention to every aspect of security. People's lives are at stake.
@mkb Please don't use DO for Tor relays. The #Tor network is already saturated with relays running on DO, OVH, and Amazon. Please consider using a different hosting provider.