Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • tpa-rfc-80-merge-tor-and-tails-support-policies
  • puppet-merge-costs
  • rfc-77-improv
  • tails-merge-admin-mailing-lists
  • mkdocs
  • new-blog-doc
7 results
Blame Permalink
service.md 22.42 KiB

Service documentation

This documentation covers all services hosted at TPO.

Every service hosted at TPO should have a documentation page, either in this wiki, or elsewhere (but linked here). Services should ideally follow this template to ensure proper documentation.

Internal services

Those are services managed by TPA directly.

Service Purpose URL Maintainers Documented Auth
backup Backups N/A TPA 75% N/A
dns domain name service N/A TPA 10% N/A
documentation documentation (this wiki) https://help.torproject.org/ TPA 10% see GitLab
drbd disk redundancy N/A TPA 10% N/A
email forward @torproject.org emails N/A TPA 0% LDAP, Puppet
ganeti virtual machine hosting N/A TPA 90% no
grafana metrics dashboard, pretty graphs https://grafana.torproject.org TPA, anarcat 10% Puppet
ipsec VPN N/A TPA 30% Puppet
kvm virtual machine hosting N/A TPA, weasel, anarcat 20% no
ldap host and user directory https://db.torproject.org TPA 90% yes
logging centralized logging N/A TPA 10% no
nagios alerting https://nagios.torproject.org TPA 5% Puppet and on-server
openstack virtual machine hosting N/A TPA 30% yes
postgresql database service N/A TPA 80% no
prometheus metrics collection and monitoring https://prometheus.torproject.org/ TPA, anarcat 90% no
puppet configuration management puppet.torproject.org TPA 100% yes
static-component static site mirroring N/A TPA 90% LDAP
submission email submission N/A anarcat 100% LDAP
static-shim static site / GitLab shim N/A TPA no
status status dashboard N/A anarcat
tls X509 certificate management N/A TPA 50% no
wkd OpenPGP certificates distribution N/A TPA 10% yes

The Auth column documents whether the service should be audited for access when a user is retired. If set to "LDAP", it means it should be revoked to a LDAP group membership change. In the case of "Puppet", it's because the user might have access through that as well.

It is estimated that, on average, 42% of the documentation above is complete. This does not include undocumented services, below.

Non-TPA services

The following table lists services run on torproject infrastructure. Corresponding onion services are listed on https://onion.torproject.org/.

Service admins are part of tor project sys admins team. For a rough description of what sys admin and services admin do, please have a look here.

The Service Admins maintain the following list of Tor Services.

Service Purpose URL Maintainers Documented Auth
BBB Video and audio conference system https://tor.meet.coop gaba, gus - yes (see policy)
blog Weblog site https://blog.torproject.org/ lavamind, gus 90% yes
bridgedb web app and email responder to learn bridge addresses https://bridges.torproject.org/ cohosh, meskio 20% no
bridgestrap service to tests bridges https://bridges.torproject.org/status cohosh, meskio 20% no
btcpayserver BTCpayserver https://btcpay.torproject.net/ asn, sue 90% yes?
check Web app to check if we're using tor https://check.torproject.org arlolra 90% LDAP
CRM Donation management https://crm.torproject.org openflows 5% yes
collector Collects Tor network data and makes it available collector{1,2}.torproject.org irl ? ?
dangerzone Sanitize untrusted documents N/A anarcat, kez 100% LDAP, Nextcloud
debian archive Debian package repository https://deb.torproject.org weasel 20% LDAP
forum Tor Project community forums https://forum.torproject.net lavamind, hiro, gus, duncan 50% yes
gettor email responder handing out packages https://gettor.torproject.org cohosh, meskio 10% no
git Source control system https://git.torproject.org ahf, nickm, Sebastian, TPA 70% yes
gitlab Issue tracking, Wikis https://gitlab.torproject.org/ ahf, anarcat, gaba 90% yes
irc IRC bouncer and network ircbouncer.torproject.org pastly 90% yes (ZNC and @groups on OFTC)
lists Mailing lists https://lists.torproject.org atagar, qbi 20% yes
metrics Network descriptor aggregator and visualizer https://metrics.torproject.org irl ? ?
moat Distributes bridges over domain fronting cohosh ? no
nextcloud NextCloud https://nc.torproject.net/ anarcat, gaba, ln5 30% yes
newsletter Tor Newsletter https://newsletter.torproject.org gus ? LDAP
onionperf Tor network performance measurements ? hiro, acute, ahf ? ?
ooni Open Observatory of Network Interference https://ooni.torproject.org hellais ? no
schleuder Encrypted mailing lists anarcat, dgoulet 30% yes
rdsys Distribution system for circumvention proxies N/A cohosh, meskio 20% no
rt Email support https://rt.torproject.org/ gus, gaba, lavamind 50% yes
snowflake Pluggable Transport using WebRTC https://snowflake.torproject.org/ cohosh, meskio 20% no
styleguide Style Guide https://styleguide.torproject.org antonela 1% LDAP
support portal Support portal https://support.torproject.org gus 30% LDAP
survey survey application https://survey.torproject.org/ gaba 1% yes
svn Document storage https://svn.torproject.org/ unmaintained 10% yes
website main website https://www.torproject.org gus ? LDAP

The Auth column documents whether the service should be audited for access when a user is retired. If set to "LDAP", it means it should be revoked to a LDAP group membership change. In the case of "Puppet", it's because the user might have access through that as well.

Every service listed here must have some documentation, ideally following the documentation template. As a courtesy, TPA allows teams to maintain their documentation in a single page here. If the documentation needs to expand beyond that, it should be moved to its own wiki, but still linked here.

There are more (undocumented) services, listed below. Of the 20 services listed above, 6 have an unknown state because the documentation is external (marked with ?). Of the remaining 14 services, it is estimated that 38% of the documentation is complete.

Undocumented service list

WARNING: this is an import of an old Trac wiki page, and no documentation was found for those services. Ideally, each one of those services should have a documentation page, either here or in their team's wiki.

Service Purpose URL Maintainers Auth
archive package archive https://archive.torproject.org/ boklm LDAP?
community Community Portal https://community.torproject.org Gus no
consensus-health periodically checks the Tor network for consensus conflicts and other hiccups https://consensus-health.torproject.org tom no?
dist packages https://dist.torproject.org arma LDAP?
DocTor DirAuth health checks for the tor-consensus-health@ list https://gitweb.torproject.org/doctor.git GeKo no
exonerator website that tells you whether a given IP address was a Tor relay https://exonerator.torproject.org/ irl ?
extra static web stuff referenced from the blog (create trac ticket for access) https://extra.torproject.org tpa LDAP?
media ? https://media.torproject.org LDAP
metricsbot Tor Network Status Bot (IRC, Twitter, Mastodon) irl ?
onion list of onion services run by the Tor project https://onion.torproject.org weasel no
onionoo web-based protocol to learn about currently running Tor relays and bridges irl ?
people content provided by Tor people https://people.torproject.org tpa LDAP
research website with stuff for researchers including tech reports https://research.torproject.org arma LDAP
rpm archive RPM package repository https://rpm.torproject.org kushal LDAP
stem stem project website and tutorial https://stem.torproject.org/ atagar LDAP?
tb-manual Tor Browser User Manual https://tb-manual.torproject.org/ gus LDAP?
testnet Test network services ? dgoulet ?
translation Translation services emmapeel yes?

The Auth column documents whether the service should be audited for access when a user is retired. If set to "LDAP", it means it should be revoked to a LDAP group membership change. In the case of "Puppet", it's because the user might have access through that as well.

Research

Those services have not been implemented yet but are at the research phase.

Service Purpose URL Maintainers
N/A

Retired

Those services have been retired.

Service Purpose URL Maintainers Fate
Atlas Tor relay discover https://atlas.torproject.org irl Replaced by metrics.tpo
cache Web caching/accelerator/CDN N/A TPA Cached site (blog) migrated to TPO infra
Compass AS/country network diversity https://compass.torproject.org karsten ?
fpcentral.tbb browser fingerprint analysi https://fpcentral.tbb.torproject.org boklm Abandoned for better alternatives
Globe https://globe.torproject.org Replaced by Atlas
Help.tpo TPA docs and support helpdesk https://help.torproject.org tpa Replaced by this GitLab wiki
jenkins continuous integration, autobuilding https://jenkins.torproject.org weasel Replaced with GitLab CI
oniongit test GitLab instance https://oniongit.eu hiro Eventually migrated to GitLab
pipeline ? https://pipeline.torproject.org ?
Prodromus Web chat for support team https://support.torproject.org phoul, lunar, helix ?
Trac Issues, wiki https://trac.torproject.org hiro Migrated to GitLab, archived
XMPP Chat/messaging dgoulet Abandoned for lack of users

Documentation assessment

  • Internal: 20 services, 42% complete
  • External: 20 services, 14 documented, of which 38% are complete complete, 6 unknown
  • Undocumented: 23 services
  • Total: 20% of the documentation completed as of 2020-09-30