Hi to all new ppl that may have joined after the sysadmin101 workshop.
I decided to share my setup here in case any newbies are interested and maybe somebody who is doing this for a while longer than me sees any flaws in my setup.
Feedback is always welcome!
I was tired of using the debian testing for running my node and decided to redo my node with arch because of the fast package updates and rolling release model.
Currently my setup consists of 3 servers:
Exit-Node:
Archlinux with tor, unbound and prometheus running, prometheus is a nice metric collection service that nicely collects the statics that tor exposes. It’s a VPS hosted at Terrahost in Norway for 20$ / month with 2 vCPU’s and 4GB Memory. Unbound only resolves requests from localhost, due to a high percentage of DNS timeouts in the past I decided to use this just as backup and resolve everything else via the dedicated DNS server.
Tor is set up to expose the metrics to localhost, where prometheus is running.
The actual prometheus metrics port is just allowed for 1 IP, thats the one my Dashboard server has.
The firewall is set up to allow every port that’s listed in my torrc, my non-default ssh port and the IP of my dashboard for the metrics port.
DNS:
Ubuntu 22.04 LTS (due to oracle clouds small selection of images) with unbound as DNS and prometheus. Hosted at Oracle Cloud via the free tier with 1 vCPU and 1GB Memory.
The firewall is open for DNS requests from my node ip, metrics requests from my dashboard IP and non-default ssh port.
Dashboard:
Ubuntu 22.04 LTS with unbound as DNS and prometheus. Hosted at Oracle Cloud via the free tier with 1 vCPU and 1GB Memory. There’s a Grafana dashboard and the Prometheus server running.
Again all ports blocked but ssh and http/https are open
Image of the Dashboard
My Node
https://metrics.torproject.org/rs.html#details/017342E197B8C575A5C5301CD008780DD7752863
My GPG Key
https://keyserver.ubuntu.com/pks/lookup?search=nyasaki.srv%40gmail.com&fingerprint=on&op=index
Hetzner started this shit.