Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
14 lines (13 sloc) 5.2 KB
{
"cloudinit": null,
"days": 28,
"dcid": null,
"description": "Launches a FreeBSD Tor relay with IPv4 and IPv6. Look for the node in the [Tor Atlas](https://atlas.torproject.org/) a few hours after launching. There will be a Bitcoin address which you can fund for weekly auto renewal.",
"flavor": null,
"human_name": "Tor Relay",
"name": "tor_relay",
"mimetype": "text/plain",
"osid": 230,
"postlaunch": null,
"startupscript": "#!/bin/sh\n\nset -e\n\nprogress() {\n echo \"$NAME: $*\" > /dev/console\n echo \"$NAME: $*\"\n}\n\n# This runs at the top of cloud-init. We don't even have SSHD running without\n# this.\n\nexport ASSUME_ALWAYS_YES=yes\n\nexport PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin\nexport HOME=/root\n\n# Change from quarterly to latest, partly for tor 0.3.X\nsed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf\n\n# This is so we can spawn other nodes if need be.\nssh-keygen -f /root/.ssh/id_rsa -t rsa -N ''\n\nprogress 'Starting FreeBSD upgrade'\nfreebsd-update fetch --not-running-from-cron\n# install returns 1 if nothing was fetched.\nfreebsd-update install --not-running-from-cron || true\n\nprogress 'Starting pkg upgrade'\npkg upgrade\n\nprogress 'Starting pkg install'\npkg upgrade\npkg install tor py36-pip pwgen ca_root_nss git autoconf libtool automake gmake\n\ncd /root\ngit clone https://github.com/bitcoin-core/secp256k1\n\ncd secp256k1\n\n./autogen.sh\n./configure --disable-dependency-tracking --enable-module-ecdh --enable-experimental --enable-module-recovery --disable-jni --enable-benchmark=no\n\ngmake\ngmake install\n\necho '[build_ext]\ninclude_dirs=/usr/local/include\nlibrary_dirs=/usr/local/lib' > ~/.pydistutils.cfg\n\n\npip-3.6 install walkingliberty sporestack\n\nchmod 700 /root\n\nprogress 'Reset root password for security reasons.'\npwgen -s 20 1 | pw user mod root -h 0 -s /bin/sh\n\n# Set a random BIP32 password.\npwgen -s 20 > /root/bip32\n\n# Get the address for it.\nBTC_ADDRESS=$(walkingliberty address $(cat /root/bip32))\n\nsysctl net.inet.ip.random_id=1\necho 'net.inet.ip.random_id=1' >> /etc/sysctl.conf\n\n# May need to consider bandwidth allowances with the plan and how high the\n# rate limit is. This is 2.6TiB theoretical max, but probably would be a little\n# higher in one month.\n\n## Not sure if this is necessary with the FreeBSD 11 image...\n\n# IPv6 global address has to be specified manually.\n# We also may not have it unless we probe for it explictly.\n\necho 'ifconfig_vtnet0_ipv6=\"inet6 accept_rtadv\"\nrtsold_enable=YES\nipv6_activate_all_interfaces=YES\ndumpdev=\"NO\"\nmoused_enable=\"NO\"\nsendmail_enable=\"NONE\"\nip6addrctl_policy=\"ipv6_prefer\"' >> /etc/rc.conf\n\nrtsold -fd1 vtnet0\nIPV6=\"$(ifconfig vtnet0 | grep inet6 | grep -v 'inet6 fe80' | awk '{print $2}')\"\n# We should always have this, but don't break if we do.\nif [ -n \"$IPV6\" ]; then\n echo \"ORPort [$IPV6]:443\" > /usr/local/etc/tor/torrc\nfi\nNICKNAME=$(pwgen -s 12 1)\necho \"ORPort 443\nNickname $NICKNAME\nRelayBandwidthRate 1024 KB\nRelayBandwidthBurst 1024 KB\nContactInfo SporeStack.com hosted autonomous, self-renewing Tor relay. Keep me alive with Bitcoin: $BTC_ADDRESS\nExitPolicy reject *:*\nExitPolicy reject6 *:*\" >> /usr/local/etc/tor/torrc\n\n\n# Running tor as root, partly for port 443 use. Since this server hopefully\n# only runs tor, it's safe to do.\necho 'ntpd_enable=\"YES\"\ntor_enable=\"YES\"\ntor_user=\"root\"' >> /etc/rc.conf\n\nchown 0:0 /var/db/tor\n\n# /root/renew.sh\necho '#!/bin/sh\n\nset -e\n\nUUID=$(hostname | cut -d . -f 1)\nDAYS=7\nWALLET_COMMAND=\"walkingliberty send $(cat /root/bip32)\"\n\nBALANCE=$(walkingliberty balance $(cat /root/bip32))\n\necho Balance: $BALANCE\n\n# If we have over 0.05 BTC, launch a 28 day server.\n# If we have that much money we can continue down and also renew.\nif [ $BALANCE -gt 5000000 ]; then\n echo Spawning new tor node\n sporestack spawn --days 28 --wallet_command=\"$WALLET_COMMAND\" --launch tor_relay\nfi\n\nif [ $BALANCE -gt 0 ]; then\n if sporestack topup --uuid $UUID --days $DAYS --wallet_command=\"$WALLET_COMMAND\"; then\n echo Topped up successfully\n EXPIRES=$(sporestack node_info $UUID --attribute end_of_life)\n RENEWAL=$(date -j -f %s $((EXPIRES - 86400)) +%Y%m%d%H%M)\n echo \"sh /root/renew.sh\" | at -t $RENEWAL\n exit 0\n fi\n # Try again in half an hour.\n echo topup failed.\n echo \"sh /root/renew.sh\" | at +30 minutes\n # set -e will kill this here. if node_info fails because it never topped up once.\n EXPIRES=$(sporestack node_info $UUID --attribute end_of_life)\n # If we have less than two hours left to live and we have not been able to renew,\n # donate to the Noisebridge exit node.\n if [ $((EXPIRES - $(date +%s))) -lt 7200 ]; then\n echo Donating to Noisebridge\n # 32,000 Satoshis is maybe a magic number for it to work and have room for TX fees.\n $WALLET_COMMAND 1PFH8NPWu2g6TdRQsirTPGpbnPBhkzQMvM $((BALANCE - 32000))\n exit 1\n fi\nfi\necho Retrying in a half hour, kinda redundant code.\n# Try again in half an hour.\necho \"sh /root/renew.sh\" | at +30 minutes\n\n' > /root/renew.sh\n\n# Try start renewal loop in 5 minutes.\necho \"sh /root/renew.sh\" | at +5 minutes\n\nservice ntpd start\nservice tor start\n\necho Send funds to: $BTC_ADDRESS\n"
}