SporeStack

Ephemeral-by-design, API-driven infrastructure

Tor Relay

Launches a FreeBSD Tor relay with IPv4 and IPv6. Look for the node in the [Tor Atlas](https://atlas.torproject.org/) a few hours after launching. There will be a Bitcoin address which you can fund for weekly auto renewal.

In your browser

Try it on launch.sporestack.com.

CLI

Launch with:
sporestack spawn --launch tor_relay

Startup script

#!/bin/sh

set -e

progress() {
	echo "$NAME: $*" > /dev/console
	echo "$NAME: $*"
}

# This runs at the top of cloud-init. We don't even have SSHD running without
# this.

export ASSUME_ALWAYS_YES=yes

export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
export HOME=/root

# Change from quarterly to latest, partly for tor 0.3.X
sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf

# This is so we can spawn other nodes if need be.
ssh-keygen -f /root/.ssh/id_rsa -t rsa -N ''

progress 'Starting FreeBSD upgrade'
freebsd-update fetch --not-running-from-cron
# install returns 1 if nothing was fetched.
freebsd-update install --not-running-from-cron || true

progress 'Starting pkg upgrade'
pkg upgrade

progress 'Starting pkg install'
pkg upgrade
pkg install tor py27-pip pwgen ca_root_nss

pip install walkingliberty==0.1.5 sporestack --process-dependency-links

chmod 700 /root

progress 'Reset root password for security reasons.'
pwgen -s 20 1 | pw user mod root -h 0 -s /bin/sh

# Set a random BIP32 password.
pwgen -s 20 > /root/bip32

# Get the address for it.
BTC_ADDRESS=$(walkingliberty address $(cat /root/bip32))

sysctl net.inet.ip.random_id=1
echo 'net.inet.ip.random_id=1' >> /etc/sysctl.conf

# May need to consider bandwidth allowances with the plan and how high the
# rate limit is. This is 2.6TiB theoretical max, but probably would be a little
# higher in one month.

## Not sure if this is necessary with the FreeBSD 11 image...

# IPv6 global address has to be specified manually.
# We also may not have it unless we probe for it explictly.

echo 'ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
rtsold_enable=YES
ipv6_activate_all_interfaces=YES
dumpdev="NO"
moused_enable="NO"
sendmail_enable="NONE"
ip6addrctl_policy="ipv6_prefer"' >> /etc/rc.conf

rtsold -fd1 vtnet0
IPV6="$(ifconfig vtnet0 | grep inet6 | grep -v 'inet6 fe80' | awk '{print $2}')"
# We should always have this, but don't break if we do.
if [ -n "$IPV6" ]; then
	echo "ORPort [$IPV6]:443" > /usr/local/etc/tor/torrc
fi
NICKNAME=SporeStack$(hostname | cut -d - -f 1)
echo "ORPort 443
Nickname $NICKNAME
RelayBandwidthRate 1024 KB
RelayBandwidthBurst 1024 KB
ContactInfo SporeStack.com hosted autonomous, self-renewing Tor relay. Keep me alive with Bitcoin: $BTC_ADDRESS
ExitPolicy reject *:*
ExitPolicy reject6 *:*" >> /usr/local/etc/tor/torrc


# Running tor as root, partly for port 443 use. Since this server hopefully
# only runs tor, it's safe to do.
echo 'ntpd_enable="YES"
tor_enable="YES"
tor_user="root"' >> /etc/rc.conf

chown 0:0 /var/db/tor

# /root/renew.sh
echo '#!/bin/sh

set -e

UUID=$(hostname | cut -d . -f 1)
DAYS=7
WALLET_COMMAND="walkingliberty send $(cat /root/bip32)"

BALANCE=$(walkingliberty balance $(cat /root/bip32))

echo Balance: $BALANCE

# If we have over 0.05 BTC, launch a 28 day server.
# If we have that much money we can continue down and also renew.
if [ $BALANCE -gt 5000000 ]; then
    echo Spawning new tor node
    sporestack spawn --days 28 --wallet_command="$WALLET_COMMAND" --launch tor_relay
fi

if [ $BALANCE -gt 0 ]; then
  if sporestack topup --uuid $UUID --days $DAYS --wallet_command="$WALLET_COMMAND"; then
    echo Topped up successfully
    EXPIRES=$(sporestack node_info $UUID --attribute end_of_life)
    RENEWAL=$(date -j -f %s $((EXPIRES - 86400)) +%Y%m%d%H%M)
    echo "sh /root/renew.sh" | at -t $RENEWAL
    exit 0
  fi
  # Try again in half an hour.
  echo topup failed.
  echo "sh /root/renew.sh" | at +30 minutes
  # set -e will kill this here. if node_info fails because it never topped up once.
  EXPIRES=$(sporestack node_info $UUID --attribute end_of_life)
  # If we have less than two hours left to live and we have not been able to renew,
  # donate to the Noisebridge exit node.
  if [ $((EXPIRES - $(date +%s))) -lt 7200 ]; then
    echo Donating to Noisebridge
    # 32,000 Satoshis is maybe a magic number for it to work and have room for TX fees.
    $WALLET_COMMAND 1PFH8NPWu2g6TdRQsirTPGpbnPBhkzQMvM $((BALANCE - 32000))
    exit 1
  fi
fi
echo Retrying in a half hour, kinda redundant code.
# Try again in half an hour.
echo "sh /root/renew.sh" | at +30 minutes

' > /root/renew.sh

# Try start renewal loop in 5 minutes.
echo "sh /root/renew.sh" | at +5 minutes

service ntpd start
service tor start

echo Send funds to: $BTC_ADDRESS



JSON source on Github

See other launch profiles