Service documentation
This documentation covers all services hosted at TPO.
Every service hosted at TPO should have a documentation page, either in this wiki, or elsewhere (but linked here). Services should ideally follow this template to ensure proper documentation. Corresponding onion services are listed on https://onion.torproject.org/.
Supported services
Those are services managed and supported by TPA directly.
| Service | Purpose | URL | Maintainers | Documented | Auth |
|---|---|---|---|---|---|
| backup | Backups | N/A | TPA | 75% | N/A |
| blog | Weblog site | https://blog.torproject.org/ | TPA gus | 90% | GitLab |
| btcpayserver | BTCpayserver | https://btcpay.torproject.org/ | TPA sue | 90% | yes |
| CDN | content-distribution network | varies | TPA | 80% | yes |
| ci | Continuous Integration testing | N/A | TPA | 90% | yes |
| CRM | Donation management | https://crm.torproject.org | symbiotic TPA | 5% | yes |
| debian archive | Debian package repository | https://deb.torproject.org | TPA weasel | 20% | LDAP |
| dns | domain name service | N/A | TPA | 10% | N/A |
| dockerhub-mirror | Docker Hub pull-through cache | https://dockerhub-mirror.torproject.org | TPA | 100% | N/A (read-only mirror of upstream service) |
| documentation | documentation (this wiki) | https://help.torproject.org/ | TPA | 10% | see GitLab |
| donate | donation site AKA donate-neo | donate.torproject.org | TPA lavamind | 30% | N/A |
| @torproject.org emails services | N/A | TPA | 0% | LDAP Puppet | |
| forum | Tor Project community forums | https://forum.torproject.net | TPA hiro gus duncan | 50% | yes |
| ganeti | virtual machine hosting | N/A | TPA | 90% | no |
| gitlab | Issues, wikis, source code | https://gitlab.torproject.org/ | TPA ahf gaba | 90% | yes |
| grafana | metrics dashboard | https://grafana.torproject.org | TPA anarcat | 10% | Puppet |
| ipsec | VPN | N/A | TPA | 30% | Puppet |
| irc | IRC bouncer and network | ircbouncer.torproject.org | TPA pastly | 90% | yes (ZNC and @groups on OFTC) |
| ldap | host and user directory | https://db.torproject.org | TPA | 90% | yes |
| lists | Mailing lists | https://lists.torproject.org | TPA arma atagar qbi | 20% | yes |
| logging | centralized logging | N/A | TPA | 10% | no |
| newsletter | Tor Newsletter | https://newsletter.torproject.org | TPA gus | ? | LDAP |
| onion | Tor's onion services | https://onion.torproject.org/ | TPA rhatto | 0% | no |
| object-storage | S3-like object storage | N/A | TPA | 100% | access keys |
| openstack | virtual machine hosting | N/A | TPA | 30% | yes |
| password-manager | password management | N/A | TPA | 30% | Git |
| postgresql | database service | N/A | TPA | 80% | no |
| prometheus | metrics collection and monitoring | https://prometheus.torproject.org | TPA | 90% | no |
| puppet | configuration management | puppet.torproject.org | TPA | 100% | yes |
| rt | Email support with Request Tracker | https://rt.torproject.org/ | TPA gus gaba | 50% | yes |
| schleuder | Encrypted mailing lists | TPA | 30% | yes | |
| static-component | static site mirroring | N/A | TPA | 90% | LDAP |
| static-shim | static site / GitLab shim | N/A | TPA | no | |
| status | status dashboard | N/A | TPA anarcat | 100% | no |
| support portal | Support portal | https://support.torproject.org | TPA gus | 30% | LDAP |
| survey | survey application | https://survey.torproject.org/ | TPA lavamind | 50% | yes |
| svn | Document storage | https://svn.torproject.org/ | unmaintained | 10% | yes |
| tls | X509 certificate management | N/A | TPA | 50% | no |
| website | main website | https://www.torproject.org | TPA gus | ? | LDAP |
| wkd | OpenPGP certificates distribution | N/A | TPA | 10% | yes |
The Auth column documents whether the service should be audited for
access when a user is retired. If set to "LDAP", it means it should be
revoked to a LDAP group membership change. In the case of "Puppet",
it's because the user might have access through that as well.
It is estimated that, on average, 42% of the documentation above is complete. This does not include undocumented services, below.
Tails services
The services below were inherited by TPA with the Tails merge but their processes and infra have not been merged yet. For more information, see:
| Service | Purpose | URL | Maintainers | Documented | Auth |
|---|---|---|---|---|---|
| t/apt-repositories | Repository of Debian packages | https://deb.tails.net, https://tagged.snapshots.deb.tails.net, https://time-based.snapshots.deb.tails.net | TPA | ? | no |
| t/backups | Survive disasters | TPA | ? | ||
| t/bittorrent | Distribution of Tails images | TPA | ? | ||
| t/dns | Resolve domain names | TPA | ? | ||
| t/git-annex | Storage of large files | TPA | ? | yes | |
| t/gitlab-runners | Continuous integration | TPA | ? | ||
| t/gitlab | Issue tracker and wiki | https://gitlab.tails.boum.org/ | TPA | ? | yes |
| t/gitolite | Git repositories with ACL via SSH | ssh://git.tails.net:3004 | TPA | ? | yes |
| t/icinga2 | Monitoring | https://icingaweb2.tails.boum.org/ | TPA | ? | RBAC |
| t/jenkins | Continuous integration | https://jenkins.tails.boum.org/ | TPA | ? | RBAC |
| t/mail | MTA and Schleuder | TPA | ? | ||
| t/mirror-pool | Distribute Tails | https://download.tails.net/tails/?mirrorstats | TPA | ? | no |
| t/puppet-server | Configuration management | TPA | ? | ||
| t/rsync | Distribute Tails | rsync://rsync.tails.net/amnesia-archive | TPA | ? | no |
| t/vpn | Secure connection between servers | TPA | ? | ||
| t/weblate | Translation of the documentation | https://translate.tails.net | TPA | ? | yes |
| t/website | Contact info, blog and documentation | https://tails.net/ | TPA | ? | no |
| t/whisperback | Bug reporting | TPA | ? | no |
Unsupported services
The services below run on infrastructure managed and supported by TPA but are themselves deployed, maintained and supported by their corresponding Service admins.
| Service | Purpose | URL | Maintainers | Documented | Auth |
|---|---|---|---|---|---|
| anon_ticket | Anonymous ticket lobby for GitLab | https://anonticket.torproject.org/ | ahf juga | 10% | no |
| apps team builders | build Tor Browser and related | N/A | morgan | 10% | LDAP |
| BBB | Video and audio conference system | https://bbb.torproject.net | gaba gus | - | yes (see policy) |
| bridgedb | web app and email responder to learn bridge addresses | https://bridges.torproject.org/ | cohosh meskio | 20% | no |
| bridgestrap | service to tests bridges | https://bridges.torproject.org/status | cohosh meskio | 20% | no |
| check | Web app to check if we're using tor | https://check.torproject.org | arlolra | 90% | LDAP |
| collector | Collects Tor network data and makes it available | collector{1,2}.torproject.org | hiro | ? | ? |
| gettor | email responder handing out packages | https://gettor.torproject.org | cohosh meskio | 10% | no |
| matrix | IRC replacement | https://matrix.org | micah anarcat | 10% | yes |
| metrics | Network descriptor aggregator and visualizer | https://metrics.torproject.org | hiro | ? | ? |
| moat | Distributes bridges over domain fronting | cohosh | ? | no | |
| nextcloud | NextCloud | https://nc.torproject.net/ | anarcat gaba | 30% | yes |
| onionperf | Tor network performance measurements | ? | hiro acute ahf | ? | ? |
| ooni | Open Observatory of Network Interference | https://ooni.torproject.org | hellais | ? | no |
| rdsys | Distribution system for circumvention proxies | N/A | cohosh meskio | 20% | no |
| snowflake | Pluggable Transport using WebRTC | https://snowflake.torproject.org/ | cohosh meskio | 20% | no |
| styleguide | Style Guide | https://styleguide.torproject.org | antonela | 1% | LDAP |
| vault | Secrets storage | https://vault.torproject.org/ | micah | 10% | yes |
| weather | Relay health monitoring | https://weather.torproject.org/ | sarthikg gk | ? | yes |
The Auth column documents whether the service should be audited for
access when a user is retired. If set to "LDAP", it means it should be
revoked to a LDAP group membership change. In the case of "Puppet",
it's because the user might have access through that as well.
Every service listed here must have some documentation, ideally following the documentation template. As a courtesy, TPA allows teams to maintain their documentation in a single page here. If the documentation needs to expand beyond that, it should be moved to its own wiki, but still linked here.
There are more (undocumented) services, listed below. Of the 20
services listed above, 6 have an unknown state because the
documentation is external (marked with ?). Of the remaining 14
services, it is estimated that 38% of the documentation is complete.
Undocumented service list
WARNING: this is an import of an old Trac wiki page, and no documentation was found for those services. Ideally, each one of those services should have a documentation page, either here or in their team's wiki.
| Service | Purpose | URL | Maintainers | Auth |
|---|---|---|---|---|
| archive | package archive | https://archive.torproject.org/ | boklm | LDAP? |
| community | Community Portal | https://community.torproject.org | Gus | no |
| consensus-health | periodically checks the Tor network for consensus conflicts and other hiccups | https://consensus-health.torproject.org | tom | no? |
| dist | packages | https://dist.torproject.org | arma | LDAP? |
| DocTor | DirAuth health checks for the tor-consensus-health@ list | https://gitweb.torproject.org/doctor.git | GeKo | no |
| exonerator | website that tells you whether a given IP address was a Tor relay | https://exonerator.torproject.org/ | hiro | ? |
| extra | static web stuff referenced from the blog (create trac ticket for access) | https://extra.torproject.org | tpa | LDAP? |
| media | ? | https://media.torproject.org | LDAP | |
| onion | list of onion services run by the Tor project | https://onion.torproject.org | weasel | no |
| onionoo | web-based protocol to learn about currently running Tor relays and bridges | hiro | ? | |
| people | content provided by Tor people | https://people.torproject.org | tpa | LDAP |
| research | website with stuff for researchers including tech reports | https://research.torproject.org | arma | LDAP |
| rpm archive | RPM package repository | https://rpm.torproject.org | kushal | LDAP |
| stem | stem project website and tutorial | https://stem.torproject.org/ | atagar | LDAP? |
| tb-manual | Tor Browser User Manual | https://tb-manual.torproject.org/ | gus | LDAP? |
| testnet | Test network services | ? | dgoulet | ? |
The Auth column documents whether the service should be audited for
access when a user is retired. If set to "LDAP", it means it should be
revoked to a LDAP group membership change. In the case of "Puppet",
it's because the user might have access through that as well.
Research
Those services have not been implemented yet but are at the research phase.
| Service | Purpose | URL | Maintainers |
|---|---|---|---|
| N/A |
Retired
Those services have been retired.
| Service | Purpose | URL | Maintainers | Fate |
|---|---|---|---|---|
| Atlas | Tor relay discover | https://atlas.torproject.org | irl | Replaced by metrics.tpo |
| cache | Web caching/accelerator/CDN | N/A | TPA | Cached site (blog) migrated to TPO infra |
| Compass | AS/country network diversity | https://compass.torproject.org | karsten | ? |
| fpcentral.tbb | browser fingerprint analysi | https://fpcentral.tbb.torproject.org | boklm | Abandoned for better alternatives |
| dangerzone | Sanitize untrusted documents | N/A | TPA | Outsourced |
| gitolite | Source control system | https://git.torproject.org | ahf, nickm, Sebastian | Replaced by GitLab |
| Globe | https://globe.torproject.org | Replaced by Atlas | ||
| Help.tpo | TPA docs and support helpdesk | https://help.torproject.org | tpa | Replaced by this GitLab wiki |
| jenkins | continuous integration, autobuilding | https://jenkins.torproject.org | weasel | Replaced with GitLab CI |
| kvm | virtual machine hosting | N/A | weasel | Replaced by Ganeti |
| nagios | alerting | https://nagios.torproject.org | TPA | Replaced by Prometheus |
| oniongit | test GitLab instance | https://oniongit.eu | hiro | Eventually migrated to GitLab |
| pipeline | ? | https://pipeline.torproject.org | ? | |
| Prodromus | Web chat for support team | https://support.torproject.org | phoul, lunar, helix | ? |
| Trac | Issues, wiki | https://trac.torproject.org | hiro | Migrated to GitLab, archived |
| translation | Transfifex bridge | majus.torproject.org | emmapeel | Replaced with Weblate |
| Tails XMPP | User support and development channel | Tails Sysadmins | Moved to Matrix and IRC, respectively | |
| XMPP | Chat/messaging | dgoulet | Abandoned for lack of users |
Documentation assessment
- Internal: 20 services, 42% complete
- External: 20 services, 14 documented, of which 38% are complete complete, 6 unknown
- Undocumented: 23 services
- Total: 20% of the documentation completed as of 2020-09-30