manifests/subsystems/onion.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

class onion {
  class { 'tor::daemon': }

  # It's important to use a subdir from the tor datadir
  # to ease backup/restore procedures as we don't mix
  # hidden service data with other tor files.
  file { "${tor::daemon::data_dir}/hidden":
    ensure => directory, 
    owner  => 'debian-tor',
    group  => 'debian-tor',
    mode   => 0700,
  }
}

class onion::socks inherits onion {
  # Default tor daemon configuration
  tor::daemon::socks { 'socks':
    port             => 9050,
    listen_addresses => [ '127.0.0.1' ],
  }
}

class onion::freenode inherits onion::socks {
  # Freenode via Tor
  # http://freenode.net/irc_servers.shtml
  # http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/
  # http://freenode.net/sasl/sasl-irssi.shtml
  # https://wiki.archlinux.org/index.php/Tor
  tor::daemon::map_address { 'freenode':
    address    => '10.40.40.40',
    newaddress => 'p4fsi4ockecnea7l.onion',
  }
}

class onion::ssh {
  tor::daemon::hidden_service { 'ssh':
    ports    => [ "22 127.0.0.1:22" ],
    data_dir => "${tor::daemon::data_dir}/hidden",
    ensure   => present,
  }
}

class onion::full inherits onion::freenode {
  include onion::ssh

  # Currently tor management just works for debian
  case $::operatingsystem {
    debian: {
      include tor::polipo
    }
    default: { }
  }

}