tormath1/README.md

## README.md

      
    Raw
  

              README.md
            
          
    The goal of this Gist is to run a Tor bridge from a Flatcar instance provisioned through Ignition - in this example,
it's deployed locally with QEMU but it can be extend elsewhere (with Terraform and so on.)
Requirements:

ct
qemu setup

Pull the latest stable release of Flatcar:
wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu.sh
wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu.sh.sig
wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu_image.img.bz2
wget https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu_image.img.bz2.sig
gpg --verify flatcar_production_qemu.sh.sig
gpg --verify flatcar_production_qemu_image.img.bz2.sig
bzip2 -dk flatcar_production_qemu_image.img.bz2
chmod +x flatcar_production_qemu.sh

Generate the Ignition configuration from the config.yml after adding the following values:

SSH key to log into the instance
NICKNAME
EMAIL

ct < config.yml > ignition.json

Run the instance:
./flatcar_production_qemu.sh -i ./ignition.json

And from another terminal, it's possible to SSH into it:
ssh core@127.0.0.1 -p 2222

Logs can be inspected with journalctl:
$ systemctl is-active obfs4.service
active
$ journalctl -f -u obfs4.service
...
Mar 10 09:15:51 localhost docker[1240]: Mar 10 09:15:51.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Mar 10 09:15:51 localhost docker[1240]: Mar 10 09:15:51.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Mar 10 09:15:51 localhost docker[1240]: Mar 10 09:15:51.000 [notice] Bootstrapped 100% (done): Done
...

Resources:

https://blog.torproject.org/run-a-bridge-campaign/
https://www.flatcar.org/docs/latest/installing/#writing-your-first-config-and-testing-it-locally-in-a-qemu-vm


## config.yml
---
systemd:
  units:
    - name: obfs4.service
      enabled: true
      contents: |
        [Unit]
        Description=obfs4 bridge

        [Service]
        Type=fork
        EnvironmentFile=/opt/tor-bridge
        ExecStartPre=-/usr/bin/docker stop tor-bridge
        ExecStartPre=-/usr/bin/docker rm tor-bridge
        ExecStartPre=/usr/bin/docker pull thetorproject/obfs4-bridge:latest
        ExecStart=/usr/bin/docker run \
          --name tor-bridge \
          -v "tor-datadir-${OR_PORT}-${PT_PORT}:/var/lib/tor" \
          --env-file /opt/tor-bridge \
          --publish "${OR_PORT}:${OR_PORT}" \
          --publish "${PT_PORT}:${PT_PORT}" \
          thetorproject/obfs4-bridge:latest

        [Install]
        WantedBy=multi-user.target
update:
  group:  "stable"
locksmith:
  reboot_strategy: "reboot"
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - <insert ssh pub key>
storage:
  files:
    - filesystem: "root"
      path: /opt/tor-bridge
      mode: 0644
      contents:
        inline: |
          OR_PORT=12800
          PT_PORT=12801
          EMAIL=<your email>
          NICKNAME=<your nickname>
	---
	systemd:
	units:
	- name: obfs4.service
	enabled: true
	contents: \|
	[Unit]
	Description=obfs4 bridge

	[Service]
	Type=fork
	EnvironmentFile=/opt/tor-bridge
	ExecStartPre=-/usr/bin/docker stop tor-bridge
	ExecStartPre=-/usr/bin/docker rm tor-bridge
	ExecStartPre=/usr/bin/docker pull thetorproject/obfs4-bridge:latest
	ExecStart=/usr/bin/docker run \
	--name tor-bridge \
	-v "tor-datadir-${OR_PORT}-${PT_PORT}:/var/lib/tor" \
	--env-file /opt/tor-bridge \
	--publish "${OR_PORT}:${OR_PORT}" \
	--publish "${PT_PORT}:${PT_PORT}" \
	thetorproject/obfs4-bridge:latest

	[Install]
	WantedBy=multi-user.target
	update:
	group: "stable"
	locksmith:
	reboot_strategy: "reboot"
	passwd:
	users:
	- name: core
	ssh_authorized_keys:
	- <insert ssh pub key>
	storage:
	files:
	- filesystem: "root"
	path: /opt/tor-bridge
	mode: 0644
	contents:
	inline: \|
	OR_PORT=12800
	PT_PORT=12801
	EMAIL=<your email>
	NICKNAME=<your nickname>