This is my preferred way of provisioning and locking down a new CentOS 7 VPS
ansible-galaxy install -r requirements.yml
- Install Tor
- Configure SELinux
- Configure firewalld
- Create torrc config
Run the 'appservers' playbook against a specific host
ansible-playbook appservers.yml --ask-become-pass --limit HOST
Run the 'tor-conf' task to rebuild the torrc files for every tor relay
ansible-playbook tor-relays.yml --ask-become-pass --tags tor-conf
2-clause BSD