1 files changed, 11 insertions, 0 deletions

diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2
index 43a8220..fafce1f 100644
--- a/roles/torrelay/templates/torrc.j2
+++ b/roles/torrelay/templates/torrc.j2
@@ -9,6 +9,7 @@ HiddenServicePort 22 127.0.0.1:22
 HiddenServicePort 54444 127.0.0.1:54444
 HiddenServicePort 9090 127.0.0.1:9090
 HiddenServicePort 80 127.0.0.1:4433
+HiddenServicePort 5222 127.0.0.1:5222
 
 
 {% if mtadomain is defined %}
@@ -29,9 +30,11 @@ HiddenServicePort {{ service.port }} {{ service.host }}
 
 {% if orport is defined and dirport is defined %}
 ORPort {{ orport }}
+ORPort {{ ansible_default_ipv6.address }}:{{ orport }}
 DirPort {{ dirport }}
 {% elif orport is defined and dirport is not defined %}
 ORPort {{ orport }}
+ORPort {{ ansible_default_ipv6.address }}:{{ orport }}
 BridgeRelay 1
 {% endif %}
 
@@ -56,6 +59,14 @@ MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %}
 
 {% if is_exit is defined %}
 ExitRelay 1
+# # Exit policy for Web Browsing (only)
+# # See https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
+ExitPolicy accept *:53                     # DNS
+ExitPolicy accept 157.240.0.0/16:80        # HTTP - Facebook, Inc. (THEFA-3)
+ExitPolicy accept [2a03:2880::/29]:80      # HTTP - IE-FACEBOOK-201100822 Facebook Ireland Ltd
+ExitPolicy accept 157.240.0.0/16:443       # HTTPS - Facebook, Inc. (THEFA-3)
+ExitPolicy accept [2a03:2880::/29]:443     # HTTPS - IE-FACEBOOK-201100822 Facebook Ireland Ltd
+ExitPolicy reject *:*
 {% else %}
 ExitPolicy reject *:*
 {% endif %}