Adding onion::monitor

2 files changed, 347 insertions, 0 deletions

diff --git a/manifests/monitor.pp b/manifests/monitor.pp
new file mode 100644
index 0000000..d6d0f03
--- /dev/null
+++ b/manifests/monitor.pp
@@ -0,0 +1,27 @@
+# Generate the hash using 'tor --hash-password <password>'
+class onion::monitor(
+  $control_password        = hiera('onion::monitor::control_password'),
+  $hashed_control_password = hiera('onion::monitor::hashed_control_password')
+) {
+  tor::daemon::control{ "control":
+    port                    => 9051,
+    ensure                  => present,
+    hashed_control_password => $hashed_control_password,
+  }
+
+  file { '/root/.arm':
+    ensure => directory,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+  }
+
+  file { '/root/.arm/armrc':
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => 0640,
+    source  => template('onion/armrc.erb'),
+    require => File['/root/.arm'],
+  }
+}
diff --git a/templates/armrc.erb b/templates/armrc.erb
new file mode 100644
index 0000000..1bf80d1
--- /dev/null
+++ b/templates/armrc.erb
@@ -0,0 +1,320 @@
+# Startup options
+startup.controlPassword <%= control_password %>
+startup.interface.ipAddress 127.0.0.1
+startup.interface.port 9051
+startup.interface.socket /var/run/tor/control
+startup.blindModeEnabled false
+startup.events N3
+startup.dataDirectory ~/.arm
+
+# Seconds between querying information
+queries.resourceUsage.rate 5
+queries.connections.minRate 5
+queries.refreshRate.rate 5
+
+# allows individual panels to be included/excluded
+features.panels.show.graph true
+features.panels.show.log true
+features.panels.show.connection true
+features.panels.show.config true
+features.panels.show.torrc true
+features.panels.show.interpretor true
+
+# Read the proc contents directly instead of calling ps, netstat, and other
+# resolvers. This provides very sizable performance benefits (around 90%
+# faster lookups) but this is only available on Linux.
+queries.useProc true
+
+# Renders the interface with color if set and the terminal supports it
+features.colorInterface true
+
+# Replaces all colored content (ie, anything that isn't white) with this
+# color. Valid options are:
+# none, red, green, yellow, blue, cyan, magenta, black, white
+features.colorOverride none
+
+# If arm is attached to an arm started tor instance when it shuts down then
+# offers to shut down tor too if true, otherwise skips this prompt.
+features.offerTorShutdownOnQuit false
+
+# Includes unicode characters in the interface.
+features.printUnicode true
+
+# Checks the torrc for issues, warning and hilighting problems if true
+features.torrc.validate true
+
+# Set this if you're running in a chroot jail or other environment where tor's
+# resources (log, state, etc) should have a prefix in their paths.
+features.pathPrefix
+
+# If set, arm appends any log messages it reports while running to the given
+# log file. This does not take filters into account or include prepopulated
+# events.
+features.logFile 
+
+# If true, the header panel always shows the file descriptor usage. Otherwise
+# this is only displayed when we're running out.
+features.showFdUsage false
+
+# Seconds to wait on user input before refreshing content
+features.redrawRate 5
+
+# Rate (seconds) to periodically redraw the screen, disabled if zero. This
+# shouldn't be necessary, but can correct issues if the terminal gets into a
+# funky state.
+features.refreshRate 5
+
+# Confirms promt to confirm when quiting if true
+features.confirmQuit true
+
+# Allows arm to start when there's no running tor instance if true, otherwise
+# we terminate right away. This is ignored if the user provides an option
+# specifying how to connect to tor (ie, a 'startup.interface.*' option or
+# startup argument).
+features.allowDetachedStartup true
+
+# Paremters for the log panel
+# ---------------------------
+# showDateDividers
+#   show borders with dates for entries from previous days
+# showDuplicateEntries
+#   shows all log entries if true, otherwise collapses similar entries with an
+#   indicator for how much is being hidden
+# entryDuration
+#   number of days log entries are kept before being dropped (if zero then
+#   they're kept until cropped due to caching limits)
+# maxLinesPerEntry
+#   max number of lines to display for a single log entry
+# prepopulate
+#   attempts to read past events from the log file if true
+# prepopulateReadLimit
+#   maximum entries read from the log file, used to prevent huge log files from
+#   causing a slow startup time.
+# maxRefreshRate
+#   rate limiting (in milliseconds) for drawing the log if updates are made
+#   rapidly (for instance, when at the DEBUG runlevel)
+# regex
+#   preconfigured regular expression pattern, up to five will be loaded
+
+features.log.showDateDividers true
+features.log.showDuplicateEntries false
+features.log.entryDuration 7
+features.log.maxLinesPerEntry 6
+features.log.prepopulate true
+features.log.prepopulateReadLimit 5000
+features.log.maxRefreshRate 300
+#features.log.regex My First Regex Pattern
+#features.log.regex ^My Second Regex Pattern$
+
+# Paremters for the config panel
+# ---------------------------
+# order
+#   three comma separated configuration attributes, options including:
+#   0 -> Category,  1 -> Option Name,   2 -> Value,       3 -> Arg Type,
+#   4 -> Arg Usage, 5 -> Summary,       6 -> Description, 7 -> Man Entry,
+#   8 -> Is Default
+# selectionDetails.height
+#   rows of data for the panel showing details on the current selection, this
+#   is disabled entirely if zero
+# features.config.prepopulateEditValues
+#   when editing config values the current value is prepopulated if true, and
+#   left blank otherwise
+# state.colWidth.*
+#   column content width
+# state.showPrivateOptions
+#   tor provides config options of the form "__<option>" that can be dangerous
+#   to set, if true arm provides these on the config panel
+# state.showVirtualOptions
+#   virtual options are placeholders for other option groups, never having
+#   values or being setable themselves
+# file.showScrollbars
+#   displays scrollbars when the torrc content is longer than the display
+# file.maxLinesPerEntry
+#   max number of lines to display for a single entry in the torrc
+
+features.config.order 7, 1, 8
+features.config.selectionDetails.height 6
+features.config.prepopulateEditValues true
+features.config.state.colWidth.option 25
+features.config.state.colWidth.value 15
+features.config.state.showPrivateOptions false
+features.config.state.showVirtualOptions false
+features.config.file.showScrollbars true
+features.config.file.maxLinesPerEntry 8
+
+# Descriptions for tor's configuration options can be loaded from its man page
+# to give usage information on the settings page. They can also be persisted to
+# a file to speed future lookups.
+# ---------------------------
+# enabled
+#   allows the descriptions to be fetched from the man page if true
+# persist
+#   caches the descriptions (substantially saving on future startup times)
+
+features.config.descriptions.enabled true
+features.config.descriptions.persist true
+
+# General graph parameters
+# ------------------------
+# height
+#   height of graphed stats
+# maxWidth
+#   maximum number of graphed entries
+# interval
+#   0 -> each second,   1 -> 5 seconds,     2 -> 30 seconds,  3 -> minutely,      
+#   4 -> 15 minutes,    5 -> half hour,     6 -> hourly,      7 -> daily
+# bound
+#   0 -> global maxima, 1 -> local maxima,  2 -> tight
+# type
+#   0 -> None, 1 -> Bandwidth, 2 -> Connections, 3 -> System Resources
+# showIntermediateBounds
+#   shows y-axis increments between the top/bottom bounds
+
+features.graph.height 7
+features.graph.maxWidth 150
+features.graph.interval 0
+features.graph.bound 1
+features.graph.type 1
+features.graph.showIntermediateBounds true
+
+# Parameters for graphing bandwidth stats
+# ---------------------------------------
+# prepopulate
+#   attempts to use tor's state file to prepopulate the bandwidth graph at the
+#   15-minute interval (this requires the minimum of a day's worth of uptime)
+# transferInBystes
+#   shows rate measurments in bytes if true, bits otherwise
+# accounting.show
+#   provides accounting stats if AccountingMax was set
+# accounting.rate
+#   seconds between querying accounting stats
+# accounting.isTimeLong
+#   provides verbose measurements of time if true
+
+features.graph.bw.prepopulate true
+features.graph.bw.transferInBytes false
+features.graph.bw.accounting.show true
+features.graph.bw.accounting.rate 10
+features.graph.bw.accounting.isTimeLong false
+
+# Parameters for connection display
+# ---------------------------------
+# listingType
+#   the primary category of information shown by default, options including:
+#   0 -> IP Address / Port              1 -> Hostname
+#   2 -> Fingerprint                    3 -> Nickname
+# order
+#   three comma separated configuration attributes, options including:
+#   0 -> Category,  1 -> Uptime,        2 -> Listing,     3 -> IP Address,
+#   4 -> Port,      5 -> Hostname,      6 -> Fingerprint, 7 -> Nickname,
+#   8 -> Country
+# refreshRate
+#   rate at which the connection panel contents is redrawn (if higher than the
+#   connection resolution rate then reducing this won't casue new data to
+#   appear more frequently - just increase the rate at which the uptime field
+#   is updated)
+# resolveApps
+#   issues lsof queries to determining the applications involved in local
+#   SOCKS and CONTROL connections
+# markInitialConnections
+#   if true, the uptime of the initial connections when we start are marked
+#   with a '+' (these uptimes are estimates since arm can only track a
+#   connection's duration while it runs)
+# showIps
+#   shows ip addresses for other tor relays, dropping this information if
+#   false
+# showExitPort
+#   shows port related information of exit connections we relay if true
+# showColumn.*
+#   toggles the visability of the connection table columns
+
+features.connection.listingType 0
+features.connection.order 0, 2, 1
+features.connection.refreshRate 5
+features.connection.resolveApps true
+features.connection.markInitialConnections true
+features.connection.showIps true
+features.connection.showExitPort true
+features.connection.showColumn.fingerprint true
+features.connection.showColumn.nickname true
+features.connection.showColumn.destination true
+features.connection.showColumn.expandedIp true
+
+# Thread pool size for hostname resolutions
+# Determines the maximum number of concurrent requests. Upping this to around
+# thirty or so seems to be problematic, causing intermittently seizing.
+
+queries.hostnames.poolSize 5
+
+# Method of resolving hostnames
+# If true, uses python's internal "socket.gethostbyaddr" to resolve addresses
+# rather than the host command. This is ignored if the system's unable to make
+# parallel requests. Resolving this way seems to be much slower than host calls
+# in practice.
+
+queries.hostnames.useSocketModule false
+
+# Caching parameters
+cache.sysCalls.size 600
+cache.hostnames.size 700000
+cache.hostnames.trimSize 200000
+cache.logPanel.size 1000
+cache.armLog.size 1000
+cache.armLog.trimSize 200
+
+# Runlevels at which arm logs its events
+log.startTime INFO
+log.configEntryNotFound NONE
+log.configEntryUndefined NOTICE
+log.configEntryTypeError NOTICE
+log.torCtlPortClosed NOTICE
+log.torGetInfo DEBUG
+log.torGetInfoCache NONE
+log.torGetConf DEBUG
+log.torGetConfCache NONE
+log.torSetConf INFO
+log.torEventTypeUnrecognized NOTICE
+log.torPrefixPathInvalid NOTICE
+log.procCallMade DEBUG
+log.sysCallMade DEBUG
+log.sysCallCached NONE
+log.sysCallFailed INFO
+log.sysCallCacheGrowing INFO
+log.panelRecreated DEBUG
+log.graph.bw.prepopulateSuccess NOTICE
+log.graph.bw.prepopulateFailure NOTICE
+log.logPanel.prepopulateSuccess INFO
+log.logPanel.prepopulateFailed WARN
+log.logPanel.logFileOpened NOTICE
+log.logPanel.logFileWriteFailed ERR
+log.logPanel.forceDoubleRedraw DEBUG
+log.torrc.readFailed WARN
+log.torrc.validation.torStateDiffers WARN
+log.torrc.validation.unnecessaryTorrcEntries NOTICE
+log.configDescriptions.readManPageSuccess INFO
+log.configDescriptions.readManPageFailed NOTICE
+log.configDescriptions.unrecognizedCategory NOTICE
+log.configDescriptions.internalLoadSuccess NOTICE
+log.configDescriptions.internalLoadFailed ERR
+log.configDescriptions.persistance.loadSuccess INFO
+log.configDescriptions.persistance.loadFailed INFO
+log.configDescriptions.persistance.saveSuccess NOTICE
+log.configDescriptions.persistance.saveFailed NOTICE
+log.connResolverOptions INFO
+log.connLookupFailed INFO
+log.connLookupFailover NOTICE
+log.connLookupAbandon NOTICE
+log.connLookupRateGrowing NONE
+log.hostnameCacheTrimmed INFO
+log.cursesColorSupport INFO
+log.bsdJailFound INFO
+log.unknownBsdJailId WARN
+log.geoipUnavailable WARN
+log.stats.failedProcResolution DEBUG
+log.stats.procResolutionFailover INFO
+log.stats.failedPsResolution INFO
+log.savingDebugLog NOTICE
+log.fdUsageSixtyPercent NOTICE
+log.fdUsageNinetyPercent WARN
+log.unknownTorPid WARN
+