Add maxadvertised variable and more DirPort front pages availables and cleanup torrc template

12 files changed, 292 insertions, 161 deletions

diff --git a/host_vars/176.31.191.26 b/host_vars/176.31.191.26
index c90d88a..52a5da4 100644
--- a/host_vars/176.31.191.26
+++ b/host_vars/176.31.191.26
@@ -2,5 +2,6 @@ nickname: Casper03
 is_gardian: true
 bprate: '100 MB'
 bpburst: '120 MB'
+maxadvertised: '8 MBytes'
 is_ntpslave: true
 
diff --git a/host_vars/51.15.179.153 b/host_vars/51.15.179.153
index 8d0d147..6d7a18b 100644
--- a/host_vars/51.15.179.153
+++ b/host_vars/51.15.179.153
@@ -2,6 +2,7 @@ nickname: Casper04
 is_gardian: true
 bprate: '100 MB'
 bpburst: '120 MB'
+maxadvertised: '8 MBytes'
 outdoor: true
 is_ntpslave: true
 
diff --git a/host_vars/bpr7drsao5vozzr5.onion b/host_vars/bpr7drsao5vozzr5.onion
index 8d0d147..6d7a18b 100644
--- a/host_vars/bpr7drsao5vozzr5.onion
+++ b/host_vars/bpr7drsao5vozzr5.onion
@@ -2,6 +2,7 @@ nickname: Casper04
 is_gardian: true
 bprate: '100 MB'
 bpburst: '120 MB'
+maxadvertised: '8 MBytes'
 outdoor: true
 is_ntpslave: true
 
diff --git a/host_vars/gfuzfrkr6mg47ktw.onion b/host_vars/gfuzfrkr6mg47ktw.onion
index c90d88a..52a5da4 100644
--- a/host_vars/gfuzfrkr6mg47ktw.onion
+++ b/host_vars/gfuzfrkr6mg47ktw.onion
@@ -2,5 +2,6 @@ nickname: Casper03
 is_gardian: true
 bprate: '100 MB'
 bpburst: '120 MB'
+maxadvertised: '8 MBytes'
 is_ntpslave: true
 
diff --git a/host_vars/ns3.casperlefantom.net b/host_vars/ns3.casperlefantom.net
index c90d88a..52a5da4 100644
--- a/host_vars/ns3.casperlefantom.net
+++ b/host_vars/ns3.casperlefantom.net
@@ -2,5 +2,6 @@ nickname: Casper03
 is_gardian: true
 bprate: '100 MB'
 bpburst: '120 MB'
+maxadvertised: '8 MBytes'
 is_ntpslave: true
 
diff --git a/host_vars/ns4.casperlefantom.net b/host_vars/ns4.casperlefantom.net
index 8d0d147..6d7a18b 100644
--- a/host_vars/ns4.casperlefantom.net
+++ b/host_vars/ns4.casperlefantom.net
@@ -2,6 +2,7 @@ nickname: Casper04
 is_gardian: true
 bprate: '100 MB'
 bpburst: '120 MB'
+maxadvertised: '8 MBytes'
 outdoor: true
 is_ntpslave: true
 
diff --git a/roles/torrelay/files/index-fedora.html b/roles/torrelay/files/index-fedora.html
new file mode 100644
index 0000000..1b7ea03
--- /dev/null
+++ b/roles/torrelay/files/index-fedora.html
@@ -0,0 +1,132 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+	<head>
+		<title>Test Page for the Apache HTTP Server on Fedora</title>
+		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<style type="text/css">
+			/*<![CDATA[*/
+			body {
+				background-color: #fff;
+				color: #000;
+				font-size: 0.9em;
+				font-family: sans-serif,helvetica;
+				margin: 0;
+				padding: 0;
+			}
+			:link {
+				color: #c00;
+			}
+			:visited {
+				color: #c00;
+			}
+			a:hover {
+				color: #f50;
+			}
+			h1 {
+				text-align: center;
+				margin: 0;
+				padding: 0.6em 2em 0.4em;
+				background-color: #22437f;
+				color: #fff;
+				font-weight: normal;
+				font-size: 1.75em;
+				border-bottom: 2px solid #000;
+			}
+			h1 strong {
+				font-weight: bold;
+			}
+			h2 {
+				font-size: 1.1em;
+				font-weight: bold;
+			}
+			hr {
+				display: none;
+			}
+			.content {
+				padding: 1em 5em;
+			}
+			.content-columns {
+				/* Setting relative positioning allows for 
+				absolute positioning for sub-classes */
+				position: relative;
+				padding-top: 1em;
+			}
+			.content-column-left {
+				/* Value for IE/Win; will be overwritten for other browsers */
+				width: 47%;
+				padding-right: 3%;
+				float: left;
+				padding-bottom: 2em;
+			}
+			.content-column-left hr {
+				display: none;
+			}
+			.content-column-right {
+				/* Values for IE/Win; will be overwritten for other browsers */
+				width: 47%;
+				padding-left: 3%;
+				float: left;
+				padding-bottom: 2em;
+			}
+			.content-columns>.content-column-left, .content-columns>.content-column-right {
+				/* Non-IE/Win */
+			}
+			img {
+				border: 2px solid #fff;
+				padding: 2px;
+				margin: 2px;
+			}
+			a:hover img {
+				border: 2px solid #f50;
+			}
+			/*]]>*/
+		</style>
+	</head>
+
+	<body>
+		<h1>Fedora <strong>Test Page</strong></h1>
+
+		<div class="content">
+			<div class="content-middle">
+				<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.</p>
+			</div>
+			<hr />
+
+			<div class="content-columns">
+				<div class="content-column-left">
+					<h2>If you are a member of the general public:</h2>
+
+					<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>
+
+					<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
+
+					<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
+
+					<p>Fedora is a distribution of Linux, a popular computer operating system. It is commonly used by hosting companies because it is free, and includes free web server software. Many times, they do not set up their web server correctly, and it displays this "test page" instead of the expected website.</p>
+
+					<p>Accordingly, please keep these facts in mind:</p>
+					<ul>
+					<li>Neither the Fedora Project or Red Hat has any affiliation with any website or content hosted from this server (unless otherwise explicitly stated).</li>
+					<li>Neither the Fedora Project or Red Hat has "hacked" this webserver, this test page is an included component of Apache's httpd webserver software.</li>
+					</ul>
+
+					<p>For more information about Fedora, please visit the <a href="https://getfedora.org/">Fedora Project website</a>.</p>
+					<hr />
+				</div>
+
+				<div class="content-column-right">
+					<h2>If you are the website administrator:</h2>
+
+					<p>You may now add content to the directory <code>/var/www/html/</code>. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file <code>/etc/httpd/conf.d/welcome.conf</code>.</p>
+
+					<div class="logos">
+						<p>You are free to use the images below on Apache and Fedora powered HTTP servers. Thanks for using Apache and Fedora!</p>
+
+						<p><a href="https://httpd.apache.org/"><img src="/icons/apache_pb2.gif" alt="[ Powered by Apache ]"/></a> <a href="https://getfedora.org/"><img src="/icons/poweredby.png" alt="[ Powered by Fedora ]" width="88" height="31" /></a></p>
+					</div>
+				</div>
+			</div>
+		</div>
+	</body>
+</html>
diff --git a/roles/torrelay/files/index-it-works.html b/roles/torrelay/files/index-it-works.html
new file mode 100644
index 0000000..a316025
--- /dev/null
+++ b/roles/torrelay/files/index-it-works.html
@@ -0,0 +1,2 @@
+It works
+
diff --git a/roles/torrelay/files/tor-exit-notice.html b/roles/torrelay/files/tor-exit-notice.html
index a316025..4d103b5 100644
--- a/roles/torrelay/files/tor-exit-notice.html
+++ b/roles/torrelay/files/tor-exit-notice.html
@@ -1,2 +1,144 @@
-It works
+<?xml version="1.0"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<title>This is a Tor Exit Router</title>
 
+<!--
+
+This notice is intended to be placed on a virtual host for a domain that
+your Tor exit node IP reverse resolves to so that people who may be about
+to file an abuse complaint would check it first before bothering you or
+your ISP. Ex:
+http://tor-exit.yourdomain.org or http://tor-readme.yourdomain.org.
+
+This type of setup has proven very effective at reducing abuse complaints
+for exit node operators.
+
+There are a few places in this document that you may want to customize.
+They are marked with FIXME.
+
+-->
+
+</head>
+<body>
+
+<p style="text-align:center; font-size:xx-large; font-weight:bold">This is a
+Tor Exit Router</p>
+
+<p>
+Most likely you are accessing this website because you had some issue with
+the traffic coming from this IP. This router is part of the <a
+href="https://www.torproject.org/">Tor Anonymity Network</a>, which is
+dedicated to <a href="https://www.torproject.org/about/overview">providing
+privacy</a> to people who need it most: average computer users. This
+router IP should be generating no other traffic, unless it has been
+compromised.</p>
+
+
+<!-- FIXME: you should probably grab your own copy of how_tor_works_thumb.png
+     and serve it locally -->
+
+<p style="text-align:center">
+<a href="https://www.torproject.org/about/overview">
+<img src="https://www.torproject.org/images/how_tor_works_thumb.png" alt="How Tor works" style="border-style:none"/>
+</a></p>
+
+<p>
+Tor sees use by <a href="https://www.torproject.org/about/torusers">many
+important segments of the population</a>, including whistle blowers,
+journalists, Chinese dissidents skirting the Great Firewall and oppressive
+censorship, abuse victims, stalker targets, the US military, and law
+enforcement, just to name a few.  While Tor is not designed for malicious
+computer users, it is true that they can use the network for malicious ends.
+In reality however, the actual amount of <a
+href="https://www.torproject.org/docs/faq-abuse">abuse</a> is quite low. This
+is largely because criminals and hackers have significantly better access to
+privacy and anonymity than do the regular users whom they prey upon. Criminals
+can and do <a
+href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html">build,
+sell, and trade</a> far larger and <a
+href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html">more
+powerful networks</a> than Tor on a daily basis. Thus, in the mind of this
+operator, the social need for easily accessible censorship-resistant private,
+anonymous communication trumps the risk of unskilled bad actors, who are
+almost always more easily uncovered by traditional police work than by
+extensive monitoring and surveillance anyway.</p>
+
+<p>
+In terms of applicable law, the best way to understand Tor is to consider it a
+network of routers operating as common carriers, much like the Internet
+backbone. However, unlike the Internet backbone routers, Tor routers
+explicitly do not contain identifiable routing information about the source of
+a packet, and no single Tor node can determine both the origin and destination
+of a given transmission.</p>
+
+<p>
+As such, there is little the operator of this router can do to help you track
+the connection further. This router maintains no logs of any of the Tor
+traffic, so there is little that can be done to trace either legitimate or
+illegitimate traffic (or to filter one from the other).  Attempts to
+seize this router will accomplish nothing.</p>
+
+<!-- FIXME: US-Only section. Remove if you are a non-US operator -->
+<!--
+<p>
+Furthermore, this machine also serves as a carrier of email, which means that
+its contents are further protected under the ECPA. <a
+href="http://www.law.cornell.edu/uscode/text/18/2707">18
+USC 2707</a> explicitly allows for civil remedies ($1000/account
+<i><b>plus</b></i>  legal fees)
+in the event of a seizure executed without good faith or probable cause (it
+should be clear at this point that traffic with an originating IP address of
+FIXME_DNS_NAME should not constitute probable cause to seize the
+machine). Similar considerations exist for 1st amendment content on this
+machine.</p>
+-->
+<!-- FIXME: May or may not be US-only. Some non-US tor nodes have in
+     fact reported DMCA harassment... -->
+
+<p>
+If you are a representative of a company who feels that this router is being
+used to violate the DMCA, please be aware that this machine does not host or
+contain any illegal content. Also be aware that network infrastructure
+maintainers are not liable for the type of content that passes over their
+equipment, in accordance with <a
+href="http://www.law.cornell.edu/uscode/text/17/512">DMCA
+"safe harbor" provisions</a>. In other words, you will have just as much luck
+sending a takedown notice to the Internet backbone providers. Please consult
+<a href="https://www.torproject.org/eff/tor-dmca-response">EFF's prepared
+response</a> for more information on this matter.</p>
+
+<p>For more information, please consult the following documentation:</p>
+
+<ol>
+<li><a href="https://www.torproject.org/about/overview">Tor Overview</a></li>
+<li><a href="https://www.torproject.org/docs/faq-abuse">Tor Abuse FAQ</a></li>
+<li><a href="https://www.torproject.org/eff/tor-legal-faq">Tor Legal FAQ</a></li>
+</ol>
+
+<p>
+That being said, if you still have a complaint about the router,  you may
+email the <a href="mailto:hostmaster@casperlefantom.net?subject=Tor%20exit%20node">maintainer</a>. If
+complaints are related to a particular service that is being abused, I will
+consider removing that service from my exit policy, which would prevent my
+router from allowing that traffic to exit through it. I can only do this on an
+IP+destination port basis, however. Common P2P ports are
+already blocked.</p>
+
+<p>
+You also have the option of blocking this IP address and others on
+the Tor network if you so desire. The Tor project provides a <a
+href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a>
+to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a
+specified IP:port combination, and an official <a
+href="https://www.torproject.org/tordnsel/dist/">DNSRBL</a> is also available to
+determine if a given IP address is actually a Tor exit server. Please
+be considerate
+when using these options. It would be unfortunate to deny all Tor users access
+to your site indefinitely simply because of a few bad apples.</p>
+
+</body>
+</html>
diff --git a/roles/torrelay/files/tor-exit-notice_orig.html b/roles/torrelay/files/tor-exit-notice_orig.html
deleted file mode 100644
index 4d103b5..0000000
--- a/roles/torrelay/files/tor-exit-notice_orig.html
+++ /dev/null
@@ -1,144 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<title>This is a Tor Exit Router</title>
-
-<!--
-
-This notice is intended to be placed on a virtual host for a domain that
-your Tor exit node IP reverse resolves to so that people who may be about
-to file an abuse complaint would check it first before bothering you or
-your ISP. Ex:
-http://tor-exit.yourdomain.org or http://tor-readme.yourdomain.org.
-
-This type of setup has proven very effective at reducing abuse complaints
-for exit node operators.
-
-There are a few places in this document that you may want to customize.
-They are marked with FIXME.
-
--->
-
-</head>
-<body>
-
-<p style="text-align:center; font-size:xx-large; font-weight:bold">This is a
-Tor Exit Router</p>
-
-<p>
-Most likely you are accessing this website because you had some issue with
-the traffic coming from this IP. This router is part of the <a
-href="https://www.torproject.org/">Tor Anonymity Network</a>, which is
-dedicated to <a href="https://www.torproject.org/about/overview">providing
-privacy</a> to people who need it most: average computer users. This
-router IP should be generating no other traffic, unless it has been
-compromised.</p>
-
-
-<!-- FIXME: you should probably grab your own copy of how_tor_works_thumb.png
-     and serve it locally -->
-
-<p style="text-align:center">
-<a href="https://www.torproject.org/about/overview">
-<img src="https://www.torproject.org/images/how_tor_works_thumb.png" alt="How Tor works" style="border-style:none"/>
-</a></p>
-
-<p>
-Tor sees use by <a href="https://www.torproject.org/about/torusers">many
-important segments of the population</a>, including whistle blowers,
-journalists, Chinese dissidents skirting the Great Firewall and oppressive
-censorship, abuse victims, stalker targets, the US military, and law
-enforcement, just to name a few.  While Tor is not designed for malicious
-computer users, it is true that they can use the network for malicious ends.
-In reality however, the actual amount of <a
-href="https://www.torproject.org/docs/faq-abuse">abuse</a> is quite low. This
-is largely because criminals and hackers have significantly better access to
-privacy and anonymity than do the regular users whom they prey upon. Criminals
-can and do <a
-href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html">build,
-sell, and trade</a> far larger and <a
-href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html">more
-powerful networks</a> than Tor on a daily basis. Thus, in the mind of this
-operator, the social need for easily accessible censorship-resistant private,
-anonymous communication trumps the risk of unskilled bad actors, who are
-almost always more easily uncovered by traditional police work than by
-extensive monitoring and surveillance anyway.</p>
-
-<p>
-In terms of applicable law, the best way to understand Tor is to consider it a
-network of routers operating as common carriers, much like the Internet
-backbone. However, unlike the Internet backbone routers, Tor routers
-explicitly do not contain identifiable routing information about the source of
-a packet, and no single Tor node can determine both the origin and destination
-of a given transmission.</p>
-
-<p>
-As such, there is little the operator of this router can do to help you track
-the connection further. This router maintains no logs of any of the Tor
-traffic, so there is little that can be done to trace either legitimate or
-illegitimate traffic (or to filter one from the other).  Attempts to
-seize this router will accomplish nothing.</p>
-
-<!-- FIXME: US-Only section. Remove if you are a non-US operator -->
-<!--
-<p>
-Furthermore, this machine also serves as a carrier of email, which means that
-its contents are further protected under the ECPA. <a
-href="http://www.law.cornell.edu/uscode/text/18/2707">18
-USC 2707</a> explicitly allows for civil remedies ($1000/account
-<i><b>plus</b></i>  legal fees)
-in the event of a seizure executed without good faith or probable cause (it
-should be clear at this point that traffic with an originating IP address of
-FIXME_DNS_NAME should not constitute probable cause to seize the
-machine). Similar considerations exist for 1st amendment content on this
-machine.</p>
--->
-<!-- FIXME: May or may not be US-only. Some non-US tor nodes have in
-     fact reported DMCA harassment... -->
-
-<p>
-If you are a representative of a company who feels that this router is being
-used to violate the DMCA, please be aware that this machine does not host or
-contain any illegal content. Also be aware that network infrastructure
-maintainers are not liable for the type of content that passes over their
-equipment, in accordance with <a
-href="http://www.law.cornell.edu/uscode/text/17/512">DMCA
-"safe harbor" provisions</a>. In other words, you will have just as much luck
-sending a takedown notice to the Internet backbone providers. Please consult
-<a href="https://www.torproject.org/eff/tor-dmca-response">EFF's prepared
-response</a> for more information on this matter.</p>
-
-<p>For more information, please consult the following documentation:</p>
-
-<ol>
-<li><a href="https://www.torproject.org/about/overview">Tor Overview</a></li>
-<li><a href="https://www.torproject.org/docs/faq-abuse">Tor Abuse FAQ</a></li>
-<li><a href="https://www.torproject.org/eff/tor-legal-faq">Tor Legal FAQ</a></li>
-</ol>
-
-<p>
-That being said, if you still have a complaint about the router,  you may
-email the <a href="mailto:hostmaster@casperlefantom.net?subject=Tor%20exit%20node">maintainer</a>. If
-complaints are related to a particular service that is being abused, I will
-consider removing that service from my exit policy, which would prevent my
-router from allowing that traffic to exit through it. I can only do this on an
-IP+destination port basis, however. Common P2P ports are
-already blocked.</p>
-
-<p>
-You also have the option of blocking this IP address and others on
-the Tor network if you so desire. The Tor project provides a <a
-href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a>
-to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a
-specified IP:port combination, and an official <a
-href="https://www.torproject.org/tordnsel/dist/">DNSRBL</a> is also available to
-determine if a given IP address is actually a Tor exit server. Please
-be considerate
-when using these options. It would be unfortunate to deny all Tor users access
-to your site indefinitely simply because of a few bad apples.</p>
-
-</body>
-</html>
diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml
index f38781d..5b960e5 100644
--- a/roles/torrelay/tasks/main.yml
+++ b/roles/torrelay/tasks/main.yml
@@ -29,7 +29,7 @@
   file: path=/usr/local/share/tor state=directory
 
 - name: Installation de la page d'accueil html
-  copy: src=tor-exit-notice.html dest=/usr/local/share/tor/tor-exit-notice.html
+  copy: src=index-fedora.html dest=/usr/local/share/tor/tor-exit-notice.html
         mode=644
 
 - name: Configuration du service
diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2
index bb98fe9..7a3ea04 100644
--- a/roles/torrelay/templates/torrc.j2
+++ b/roles/torrelay/templates/torrc.j2
@@ -39,35 +39,28 @@ HiddenServicePort 80 127.0.0.1:4433
 
 {% if is_public is defined %}
 ORPort {{ orport }}
-
-{% if tor_address is defined %}
-Address {{ tor_address }}
-{% endif %}
-
-Nickname {{ nickname }}
-RelayBandwidthRate {{ bprate }}
-RelayBandwidthBurst {{ bpburst }}
-ContactInfo {{ contactinfo }}
 DirPort {{ dirport }}
-DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html
-
 {% endif %}
 
 
 {% if is_gardian is defined %}
 ORPort {{ pop3sport }}
+DirPort {{ pop3port }}
+{% endif %}
 
+
+{% if nickname is defined %}
 {% if tor_address is defined %}
 Address {{ tor_address }}
 {% endif %}
-
 Nickname {{ nickname }}
 RelayBandwidthRate {{ bprate }}
 RelayBandwidthBurst {{ bpburst }}
+{% if maxadvertised is defined %}
+MaxAdvertisedBandwidth {{ maxadvertised }}
+{% endif %}
 ContactInfo {{ contactinfo }}
-DirPort {{ pop3port }}
 DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html
-
 {% endif %}
 
 
@@ -76,7 +69,7 @@ MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %}
 
 {% if is_exit is defined %}
 ExitRelay 1
-{%endif %}
+{% endif %}
 
 
 {% if is_exit is not defined %}