Created
August 4, 2014 20:20
-
-
Save david415/0d799847cf4cde2ce7bb to your computer and use it in GitHub Desktop.
Tahoe-LAFS Cryptoparty workshop!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Crypto party Tahoe-LAFS Onion Grid Workshop | |
| or "How you and your friends can setup an onion | |
| grid for file sharing and file storage." | |
| Note: This guide is written with the assumption that the user's local workstation | |
| runs Tails with a persistent encrypted volume AND | |
| the remote Tahoe-LAFS storage servers run Debian Wheezy Linux. | |
| The plot: | |
| --------- | |
| Each participant will: | |
| 1. configure a Tahoe-LAFS storage node that listens to a Tor hidden service | |
| onion address. One or more of these storage nodes will also act as Tahoe introducer nodes | |
| 2. configure a local Tahoe-LAFS client with the appropriate grid connection information | |
| 3. create a Tahoe alias, let's call it OnionGroupShare and backs up a small amount of data as proof of concept | |
| At this point the group leader can demonstrate file/directory sharing. | |
| She creates a mutable directory on the Tahoe-LAFS onion grid and shares the ReadWrite cryptographic capability | |
| with all of the onion grid users via authenticated crypto protocols such as OTR, Pond and PGP. | |
| tahoe create-alias OnionGroupShare | |
| tahoe list-aliases | |
| Users simply put this capability into their .tahoe/private/aliases file and then they can read and write to | |
| that mutable Tahoe-LAFS directory. | |
| tahoe ls OnionGroupShare: | |
| cp OnionGroupShare:someFile . | |
| ... | |
| The details: | |
| ------------ | |
| 1. use Ansible to automate Tahoe storage node configuration | |
| 1a. setup basic Ansible working directory hierarchy | |
| mkdir -p /home/amnesia/Persistent/projects/ansible-base/roles | |
| mkdir -p /home/amnesia/Persistent/projects/ansible-base/host_vars | |
| cd ~/Persistent/projects/ansible-base/roles | |
| git clone git+https://github.com/david415/ansible-tahoe-lafs.git | |
| git clone git+https://github.com/david415/ansible-tor.git | |
| cd .. | |
| 1b. install Ansible in a python virtual env | |
| 3 easy steps: | |
| step 1: | |
| get the latest stable python virtualenv and cryptographically verify it. | |
| save it to: ~/Persistent/virtualenv-x.xx.x/ | |
| step 2: | |
| create a virtual env to run ansible: | |
| Persistent/virtualenv-x.xx.x/virtualenv.py --system-site-packages Persistent/virtenv-ansible | |
| New python executable in Persistent/virtenv-ansible/bin/python | |
| Installing setuptools, pip...done. | |
| amnesia@amnesia:~$ | |
| step 3: | |
| activate the virtual env and install ansible and dependencies: | |
| . ~/Persistent/virtenv-ansible/bin/activate | |
| sudo apt-get install build-essential python-dev | |
| pip install ecdsa markupsafe paramiko PyYAML Jinja2 httplib2 | |
| pip install ansible | |
| 1c. use my Tahoe-LAFS Tails playbook to configure your Tails system: | |
| cd /home/amnesia/Persistent/projects/ansible-base/roles | |
| git clone https://github.com/david415/ansible-tahoe-lafs.git | |
| cd ansible-tahoe-lafs | |
| cp playbook-examples/tails_oniongrid_client.yml /home/amnesia/Persistent/projects/ansible-base/ | |
| cd ~/Persistent/projects/ansible-base | |
| echo 'localhost' > localhost-inventory | |
| At this point you should edit the tails_oniongrid_client.yml file and make sure | |
| it has appropriate Tahoe-LAFS grid connection information. Once you verify that then | |
| you can build and configure a local Tahoe-LAFS client with this single command: | |
| ansible-playbook -i localhost-inventory tails_oniongrid_client.yml --ask-sudo-pass | |
| 1d. use my onionGridStorage playbook to configure your remove storage node(s) | |
| Firstly, create an Ansible inventory file at this location: | |
| /home/amnesia/Persistent/projects/ansible-base/onion-storage-inventory | |
| You may want to use Ansible to configure two storage servers. | |
| The file contents will look something like this: | |
| [onion-storage] | |
| xxx.xxx.xxx.xxx | |
| yyy.yyy.yyy.yyy | |
| Create two files in the "host_vars" directory called | |
| xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy... You can set the | |
| Tahoe storage server nickname in these files. Here's an example file contents: | |
| tahoe_nickname: EntropicOnionStorageNode | |
| Configure a playbook for your Onion grid storage servers: | |
| cp roles/ansible-tahoe-lafs/playbook-examples/oniongrid-storage-nodes.yml . | |
| edit oniongrid-storage-nodes.yml to contain appropriate settings such as the introducer FURL for your onion grid. | |
| Configure your servers... Run the playbook: | |
| ansible-playbook -i onion-storage-inventory oniongrid-storage-nodes.yml -u human | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment