Service documentation
This documentation covers all services hosted at TPO.
Every service hosted at TPO should have a documentation page, either in this wiki, or elsewhere (but linked here). Services should ideally follow this template to ensure proper documentation.
Internal services
Those are services managed by TPA directly.
| Service | Purpose | URL | Maintainers | Documented | Auth |
|---|---|---|---|---|---|
| backup | Backups | N/A | TPA | 75% | N/A |
| cache | Web caching/accelerator/CDN | N/A | TPA | 90% | N/A |
| dns | domain name service | N/A | TPA | 10% | N/A |
| documentation | documentation (this wiki) | https://help.torproject.org/ | TPA | 10% | see GitLab |
| drbd | disk redundancy | N/A | TPA | 10% | N/A |
| forward @torproject.org emails | N/A | TPA | 0% | LDAP, Puppet | |
| ganeti | virtual machine hosting | N/A | TPA | 90% | no |
| grafana | metrics dashboard, pretty graphs | https://grafana.torproject.org | TPA, anarcat, hiro | 10% | Puppet |
| ipsec | VPN | N/A | TPA | 30% | Puppet |
| kvm | virtual machine hosting | N/A | TPA, weasel, anarcat | 20% | no |
| ldap | host and user directory | https://db.torproject.org | TPA | 90% | yes |
| logging | centralized logging | N/A | TPA | 10% | no |
| nagios | alerting | https://nagios.torproject.org | TPA | 5% | Puppet and on-server |
| openstack | virtual machine hosting | N/A | TPA | 30% | yes |
| postgresql | database service | N/A | TPA | 80% | no |
| prometheus | metrics collection and monitoring | https://prometheus.torproject.org/ | TPA, anarcat | 90% | no |
| puppet | configuration management | puppet.torproject.org |
TPA | 100% | yes |
| static-component | static site mirroring | N/A | TPA | 90% | LDAP |
| tls | X509 certificate management | N/A | TPA | 50% | no |
| wkd | OpenPGP certificates distribution | N/A | TPA | 10% | yes |
The Auth column documents whether the service should be audited for
access when a user is retired. If set to "LDAP", it means it should be
revoked to a LDAP group membership change. In the case of "Puppet",
it's because the user might have access through that as well.
It is estimated that, on average, 42% of the documentation above is complete. This does not include undocumented services, below.
Non-TPA services
The following table lists services run on torproject infrastructure. Corresponding onion services are listed on https://onion.torproject.org/.
Service admins are part of tor project sys admins team. For a rough description of what sys admin and services admin do, please have a look here.
The Service Admins maintain the following list of Tor Services.
| Service | Purpose | URL | Maintainers | Documented | Auth |
|---|---|---|---|---|---|
| BBB | Video and audio conference system | https://tor.meet.coop | gaba, gus | - | yes |
| blog | Weblog site | https://blog.torproject.org/ | hiro, anarcat, gus | 1% | yes |
| btcpayserver | BTCpayserver | https://btcpay.torproject.net/ | hiro, asn, sue | 90% | yes? |
| check | Web app to check if we're using tor | https://check.torproject.org | arlolra | 90% | LDAP |
| CRM | Donation management | GiantRabbit | 5% | yes | |
| collector | Collects Tor network data and makes it available | collector{1,2}.torproject.org | karsten, irl | ? | ? |
| debian archive | Debian package repository | https://deb.torproject.org | weasel | 20% | LDAP |
| gettor | email responder handing out packages | https://gettor.torproject.org | hiro, phw, cohosh | 10% | no |
| git | Source control system | https://git.torproject.org | ahf, hiro, irl, nickm, Sebastian, TPA? | 70% | yes |
| gitlab | Issue tracking, Wikis | https://gitlab.torproject.org/ | ahf, hiro | 90% | yes |
| irc | IRC bouncer and network | ircbouncer.torproject.org |
pastly | 90% | yes (ZNC and @groups on OFTC) |
| jenkins | continuous integration, autobuilding | https://jenkins.torproject.org | weasel | LDAP | |
| lists | Mailing lists | https://lists.torproject.org | atagar, qbi | 20% | yes |
| metrics | Network descriptor aggregator and network data visualizer | https://metrics.torproject.org | karsten | ? | ? |
| nextcloud | NextCloud | https://nc.torproject.net/ | anarcat, gaba, hiro, ln5 | 30% | yes |
| newsletter | Tor Newsletter | https://newsletter.torproject.org | gus | ? | LDAP |
| onionperf | Tor network performance measurements | ? | hiro, acute, ahf | ? | ? |
| ooni | Open Observatory of Network Interference | https://ooni.torproject.org | hellais | ? | no |
| schleuder | Encrypted mailing lists | dgoulet, hiro | 30% | yes | |
| rt | Email support | https://rt.torproject.org/ | gus, pili | 50% | yes |
| styleguide | Style Guide | https://styleguide.torproject.org | antonela | 1% | LDAP |
| support portal | Support portal | https://support.torproject.org | pili, gus | 30% | LDAP |
| survey | survey application | https://survey.torproject.org/ | hiro | 1% | yes |
| svn | Document storage | https://svn.torproject.org/ | unmaintained | 10% | yes |
| website | main website | https://www.torproject.org | hiro, gus | ? | LDAP |
The Auth column documents whether the service should be audited for
access when a user is retired. If set to "LDAP", it means it should be
revoked to a LDAP group membership change. In the case of "Puppet",
it's because the user might have access through that as well.
Every service listed here must have some documentation, ideally following the documentation template. As a courtesy, TPA allows teams to maintain their documentation in a single page here. If the documentation needs to expand beyond that, it should be moved to its own wiki, but still linked here.
There are more (undocumented) services, listed below. Of the 20
services listed above, 6 have an unknown state because the
documentation is external (marked with ?). Of the remaining 14
services, it is estimated that 38% of the documentation is complete.
Undocumented service list
WARNING: this is an import of an old Trac wiki page, and no documentation was found for those services. Ideally, each one of those services should have a documentation page, either here or in their team's wiki.
| Service | Purpose | URL | Maintainers | Auth |
|---|---|---|---|---|
| archive | package archive | https://archive.torproject.org/ | boklm | LDAP? |
| bridges | web application and email responder to learn bridge addresses | https://bridges.torproject.org/ | phw, cohosh | yes? |
| community | Community Portal | https://community.torproject.org | Gus | no |
| consensus-health | periodically checks the Tor network for consensus conflicts and other hiccups | https://consensus-health.torproject.org | tom | no? |
| dist | packages | https://dist.torproject.org | arma | LDAP? |
| DocTor | DirAuth health checks for the tor-consensus-health@ list | https://gitweb.torproject.org/doctor.git | GeKo | no |
| exonerator | website that tells you whether a given IP address was a Tor relay | https://exonerator.torproject.org/ | karsten | ? |
| extra | static web stuff referenced from the blog (create trac ticket for access) | https://extra.torproject.org | tpa | LDAP? |
| fpcentral.tbb | Website to analyze browser fingerprint | https://fpcentral.tbb.torproject.org/ | boklm | no? |
| media | ? | https://media.torproject.org | hiro | LDAP |
| metricsbot | Tor Network Status Bot (IRC, Twitter, Mastodon) | irl | ? | |
| onion | list of onion services run by the Tor project | https://onion.torproject.org | weasel | no |
| onionoo | web-based protocol to learn about currently running Tor relays and bridges | karsten, irl | ? | |
| people | content provided by Tor people | https://people.torproject.org | tpa | LDAP |
| research | website with stuff for researchers including tech reports | https://research.torproject.org | karsten | LDAP |
| rpm archive | RPM package repository | https://rpm.torproject.org | kushal | LDAP |
| stem | stem project website and tutorial | https://stem.torproject.org/ | atagar | LDAP? |
| tb-manual | Tor Browser User Manual | https://tb-manual.torproject.org/ | gus | LDAP? |
| testnet | Test network services | ? | dgoulet | ? |
| translation | Translation services | emmapeel | yes? |
The Auth column documents whether the service should be audited for
access when a user is retired. If set to "LDAP", it means it should be
revoked to a LDAP group membership change. In the case of "Puppet",
it's because the user might have access through that as well.
Research
Those services have not been implemented yet but are at the research phase.
| Service | Purpose | URL | Maintainers |
|---|---|---|---|
| submission | email submission | N/A | anarcat |
| status | status dashboard | N/A | anarcat |
Retired
Those services have been retired.
| Service | Purpose | URL | Maintainers | Fate |
|---|---|---|---|---|
| Atlas | Tor relay discover | https://atlas.torproject.org | irl | Replaced by metrics.tpo |
| Compass | AS/country network diversity | https://compass.torproject.org | karsten | ? |
| Globe | https://globe.torproject.org | Replaced by Atlas | ||
| Help.tpo | TPA docs and support helpdesk | https://help.torproject.org | tpa | Replaced by this GitLab wiki |
| oniongit | test GitLab instance | https://oniongit.eu | hiro | Eventually migrated to GitLab |
| pipeline | ? | https://pipeline.torproject.org | ? | |
| Prodromus | Web chat for support team | https://support.torproject.org | phoul, lunar, helix | ? |
| Trac | Issues, wiki | https://trac.torproject.org | hiro | Migrated to GitLab, archived |
| XMPP | Chat/messaging | dgoulet | Abandoned for lack of users |
Documentation assesment
- Internal: 20 services, 42% complete
- External: 20 services, 14 documented, of which 38% are complete complete, 6 unknown
- Undocumented: 23 services
- Total: 20% of the documentation completed as of 2020-09-30