aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah <micah@riseup.net>2015-03-27 18:50:01 +0000
committerMicah <micah@riseup.net>2015-03-27 18:50:01 +0000
commit3925f36f7cd0f15029304363b0f5749750627c96 (patch)
tree5613a76af8c008a5820e41c097ed94f231412956
parenta31579095231c68a2786955b9149d3bcd13400af (diff)
parent19a44ce97f59633002d844e2b37f2b26b2f1cfbc (diff)
downloadpuppet-tor-3925f36f7cd0f15029304363b0f5749750627c96.tar.gz
puppet-tor-3925f36f7cd0f15029304363b0f5749750627c96.tar.bz2
Merge branch 'improvements' into 'master'
Improvements These are a bunch of improvements I got on my github profile in the past. Interested in merging them? Summary: * adds tor repo management * removes a workaround for a fixed bug * adds tor-arm support * support for safe logging * puppet 3 ready templates. It's merged on top of the current master. See merge request !1
-rw-r--r--README7
-rwxr-xr-xfiles/polipo/polipo.cron22
-rw-r--r--manifests/arm.pp9
-rw-r--r--manifests/daemon.pp3
-rw-r--r--manifests/daemon/relay.pp3
-rw-r--r--manifests/polipo/debian.pp11
-rw-r--r--manifests/repo.pp16
-rw-r--r--manifests/repo/debian.pp9
-rw-r--r--templates/torrc.bridge.erb4
-rw-r--r--templates/torrc.control.erb26
-rw-r--r--templates/torrc.directory.erb12
-rw-r--r--templates/torrc.dns.erb6
-rw-r--r--templates/torrc.exit_policy.erb16
-rw-r--r--templates/torrc.global.erb25
-rw-r--r--templates/torrc.hidden_service.erb8
-rw-r--r--templates/torrc.map_address.erb4
-rw-r--r--templates/torrc.relay.erb84
-rw-r--r--templates/torrc.socks.erb10
-rw-r--r--templates/torrc.transparent.erb6
19 files changed, 151 insertions, 130 deletions
diff --git a/README b/README
index c241118..7777438 100644
--- a/README
+++ b/README
@@ -7,6 +7,11 @@ policies, etc.
! Upgrade Notice !
+ previously, if you did not set the $outbound_bindaddress variable, it was being
+ automatically set to the $listen_address variable. Now this is not being done
+ and instead you will need to set the $outbound_bindaddress explicitly for it to
+ be set.
+
the tor::relay{} variables $bandwidth_rate and $bandwidth_burst were previously
used for the tor configuration variables RelayBandwidthRate and
RelayBandwidthBurst, these have been renamed to $relay_bandwidth_rate and
@@ -128,6 +133,8 @@ You have the following options that can be passed to a relay, with the defaults
$port = 0,
$listen_addresses = [],
+$portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP.
+ # Requires 'tor-fw-helper' binary present.
$bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s
$bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s
$relay_bandwidth_rate = 0, # KB/s, 0 for no limit.
diff --git a/files/polipo/polipo.cron b/files/polipo/polipo.cron
deleted file mode 100755
index aba88bc..0000000
--- a/files/polipo/polipo.cron
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-set -e
-
-FORBIDDEN_FILE=/etc/polipo/forbidden
-CONFIG_FILE=/etc/polipo/config
-
-if [ ! -x /usr/bin/polipo ]; then
- exit 0
-fi
-
-if [ ! -f $FORBIDDEN_FILE ]; then
- FORBIDDEN_FILE=/dev/null
-fi
-
-PIDFILE=/var/run/polipo/polipo.pid
-[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE")
-# TODO: remove redirect stderr to /dev/null after the following bug is solved:
-# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434
-su -c \
- "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \
- proxy &> /dev/null
-[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE")
diff --git a/manifests/arm.pp b/manifests/arm.pp
new file mode 100644
index 0000000..44ddcbb
--- /dev/null
+++ b/manifests/arm.pp
@@ -0,0 +1,9 @@
+# manage tor-arm
+class tor::arm (
+ $ensure_version = 'installed'
+){
+ include ::tor
+ package{'tor-arm':
+ ensure => $ensure_version,
+ }
+}
diff --git a/manifests/daemon.pp b/manifests/daemon.pp
index 2440180..2522b2c 100644
--- a/manifests/daemon.pp
+++ b/manifests/daemon.pp
@@ -6,7 +6,8 @@ class tor::daemon (
$config_file = '/etc/tor/torrc',
$use_bridges = 0,
$automap_hosts_on_resolve = 0,
- $log_rules = [ 'notice file /var/log/tor/notices.log' ]
+ $log_rules = [ 'notice file /var/log/tor/notices.log' ],
+ $safe_logging = 1,
) {
class{'tor':
diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp
index d5296de..3ef8602 100644
--- a/manifests/daemon/relay.pp
+++ b/manifests/daemon/relay.pp
@@ -3,6 +3,7 @@ define tor::daemon::relay(
$port = 0,
$listen_addresses = [],
$outbound_bindaddresses = [],
+ $portforwarding = 0,
# KB/s, defaulting to using tor's default: 5120KB/s
$bandwidth_rate = '',
# KB/s, defaulting to using tor's default: 10240KB/s
@@ -24,7 +25,7 @@ define tor::daemon::relay(
$nickname = $name
if $outbound_bindaddresses == [] {
- $real_outbound_bindaddresses = $listen_addresses
+ $real_outbound_bindaddresses = ''
} else {
$real_outbound_bindaddresses = $outbound_bindaddresses
}
diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp
index 5ca6922..607b361 100644
--- a/manifests/polipo/debian.pp
+++ b/manifests/polipo/debian.pp
@@ -1,16 +1,5 @@
# manage polipo on debian
class tor::polipo::debian inherits tor::polipo::base {
- # TODO: restore file to original state after the following bug is solved:
- # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434
- file { '/etc/cron.daily/polipo':
- ensure => present,
- owner => root,
- group => root,
- mode => '0755',
- require => Package['polipo'],
- source => 'puppet:///modules/tor/polipo/polipo.cron',
- }
-
Service['polipo'] {
hasstatus => false,
pattern => '/usr/bin/polipo',
diff --git a/manifests/repo.pp b/manifests/repo.pp
new file mode 100644
index 0000000..f625599
--- /dev/null
+++ b/manifests/repo.pp
@@ -0,0 +1,16 @@
+class tor::repo (
+ $ensure = present,
+ $source_name = 'torproject.org',
+ $include_src = false,
+) {
+ case $::osfamily {
+ 'Debian': {
+ $key = '886DDD89'
+ $location = 'https://deb.torproject.org/torproject.org/'
+ class { 'tor::repo::debian': }
+ }
+ default: {
+ fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu")
+ }
+ }
+}
diff --git a/manifests/repo/debian.pp b/manifests/repo/debian.pp
new file mode 100644
index 0000000..174c331
--- /dev/null
+++ b/manifests/repo/debian.pp
@@ -0,0 +1,9 @@
+# PRIVATE CLASS: do not use directly
+class tor::repo::debian inherits tor::repo {
+ apt::source { $source_name:
+ ensure => $::tor::repo::ensure,
+ location => $::tor::repo::location,
+ key => $::tor::repo::key,
+ include_src => $::tor::repo::include_src,
+ }
+}
diff --git a/templates/torrc.bridge.erb b/templates/torrc.bridge.erb
index 58ef70d..559ce5d 100644
--- a/templates/torrc.bridge.erb
+++ b/templates/torrc.bridge.erb
@@ -1,3 +1,3 @@
-# Bridge <%= name%>
-Bridge <%= ip%>:<%= port%><%- if fingerprint -%> <%= fingerprint%><%- end -%>
+# Bridge <%= @name %>
+Bridge <%= @ip %>:<%= @port %><% if @fingerprint -%> <%= @fingerprint%><% end -%>
diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb
index 336c72d..0b68faf 100644
--- a/templates/torrc.control.erb
+++ b/templates/torrc.control.erb
@@ -1,16 +1,16 @@
# tor controller
-<%- if port != '0' then -%>
-ControlPort <%= port %>
-<%- if cookie_authentication != '0' then -%>
+<% if @port != '0' -%>
+ControlPort <%= @port %>
+<% if @cookie_authentication != '0' -%>
CookieAuthentication 1
-<%- if cookie_auth_file != '' then -%>
-CookieAuthFile <%= cookie_auth_file %>
-<%- end -%>
-<%- if cookie_auth_file_group_readable != '' then -%>
-CookieAuthFileGroupReadable <%= cookie_auth_file_group_readable %>
-<%- end -%>
-<%- else -%>
-HashedControlPassword <%= hashed_control_password %>
-<%- end -%>
-<%- end -%>
+<% if @cookie_auth_file != '' -%>
+CookieAuthFile <%= @cookie_auth_file %>
+<% end -%>
+<% if @cookie_auth_file_group_readable != '' -%>
+CookieAuthFileGroupReadable <%= @cookie_auth_file_group_readable %>
+<% end -%>
+<% else -%>
+HashedControlPassword <%= @hashed_control_password %>
+<% end -%>
+<% end -%>
diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb
index c6b35b5..1af9f40 100644
--- a/templates/torrc.directory.erb
+++ b/templates/torrc.directory.erb
@@ -1,11 +1,11 @@
# directory listing
-<%- if port != '0' then -%>
-DirPort <%= port %>
-<%- end -%>
-<%- for listen_address in listen_addresses -%>
+<% if port != '0' -%>
+DirPort <%= @port %>
+<% end -%>
+<% listen_addresses.each do |listen_address| -%>
DirListenAddress <%= listen_address %>
-<%- end -%>
-<%- if port_front_page != '' then -%>
+<% end -%>
+<% if @port_front_page != '' -%>
DirPortFrontPage <%= port_front_page %>
<%- end -%>
diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb
index bd1e719..57cf46d 100644
--- a/templates/torrc.dns.erb
+++ b/templates/torrc.dns.erb
@@ -1,5 +1,5 @@
# DNS
-DNSPort <%= port %>
-<%- for listen_address in listen_addresses -%>
+DNSPort <%= @port %>
+<% @listen_addresses.each do |listen_address| -%>
DNSListenAddress <%= listen_address %>
-<%- end -%>
+<% end -%>
diff --git a/templates/torrc.exit_policy.erb b/templates/torrc.exit_policy.erb
index 92367c2..a30d43b 100644
--- a/templates/torrc.exit_policy.erb
+++ b/templates/torrc.exit_policy.erb
@@ -1,11 +1,11 @@
-# exit policies: <%= name %>
-<%- if reject_private != 1 then -%>
-ExitPolicyRejectPrivate <%= reject_private %>
-<%- end -%>
-<%- for policy in accept -%>
+# exit policies: <%= @name %>
+<% if @reject_private != '1' -%>
+ExitPolicyRejectPrivate <%= @reject_private %>
+<% end -%>
+<% @accept.each do |policy| -%>
ExitPolicy accept <%= policy %>
-<%- end -%>
-<%- for policy in reject -%>
+<% end -%>
+<% @reject.each do |policy| -%>
ExitPolicy reject <%= policy %>
-<%- end -%>
+<% end -%>
diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb
index 0bc3bf2..f577673 100644
--- a/templates/torrc.global.erb
+++ b/templates/torrc.global.erb
@@ -1,15 +1,24 @@
# runtime
RunAsDaemon 1
-DataDirectory <%= scope.lookupvar('tor::daemon::data_dir') %>
+<% if (v=scope.lookupvar('tor::daemon::data_dir')) != '/var/lib/tor' -%>
+DataDirectory <%= v %>
+<% end -%>
# log
-<%- if scope.lookupvar('tor::daemon::log_rules') != [] then -%>
-<%- for log_rule in scope.lookupvar('tor::daemon::log_rules') -%>
+<% if (rules=scope.lookupvar('tor::daemon::log_rules')).empty? -%>
+Log notice syslog
+<% else -%>
+<% rules.each do |log_rule| -%>
Log <%= log_rule %>
+<% end -%>
+<% end -%>
+<%- if @safe_logging != 1 then -%>
+SafeLogging <%= @safe_logging %>
<%- end -%>
-<%- else -%>
-Log notice syslog
-<%- end -%>
-AutomapHostsOnResolve <%= scope.lookupvar('tor::daemon::automap_hosts_on_resolve') %>
-UseBridges <%= scope.lookupvar('tor::daemon::use_bridges') %>
+<% if (v=scope.lookupvar('tor::daemon::automap_hosts_on_resolve')) != '0' -%>
+AutomapHostsOnResolve <%= v %>
+<% end -%>
+<% if (v=scope.lookupvar('tor::daemon::use_bridges')) != '0' -%>
+UseBridges <%= v %>
+<%- end -%>
diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb
index b9f758a..4dec0b2 100644
--- a/templates/torrc.hidden_service.erb
+++ b/templates/torrc.hidden_service.erb
@@ -1,6 +1,6 @@
-# hidden service <%= name %>
-HiddenServiceDir <%= data_dir %>/<%= name %>
-<%- for port in ports -%>
+# hidden service <%= @name %>
+HiddenServiceDir <%= @data_dir %>/<%= @name %>
+<% @ports.each do |port| -%>
HiddenServicePort <%= port %>
-<%- end -%>
+<% end -%>
diff --git a/templates/torrc.map_address.erb b/templates/torrc.map_address.erb
index 3fb0274..ef4f268 100644
--- a/templates/torrc.map_address.erb
+++ b/templates/torrc.map_address.erb
@@ -1,3 +1,3 @@
-# map address <%= name %>
-MapAddress <%= address %> <%= newaddress %>
+# map address <%= @name %>
+MapAddress <%= @address %> <%= @newaddress %>
diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb
index 85320d3..511bda1 100644
--- a/templates/torrc.relay.erb
+++ b/templates/torrc.relay.erb
@@ -1,44 +1,46 @@
# relay
-<%- if port != 0 then -%>
-ORPort <%= port %>
-<%- for listen_address in listen_addresses -%>
+<% if @port != 0 -%>
+ORPort <%= @port %>
+<% listen_addresses.each do |listen_address| -%>
ORListenAddress <%= listen_address %>
-<%- end -%>
-<%- for outbound_bindaddress in real_outbound_bindaddresses -%>
+<% end -%>
+<% real_outbound_bindaddresses.each do |outbound_bindaddress| -%>
OutboundBindAddress <%= outbound_bindaddress %>
-<%- end -%>
-<%- if nickname != '' then -%>
-Nickname <%= nickname %>
-<%- end -%>
-<%- if address != '' then -%>
-Address <%= address %>
-<%- end -%>
-<%- if bandwidth_rate != '' then -%>
-BandwidthRate <%= bandwidth_rate %> KB
-<%- end -%>
-<%- if bandwidth_burst != '' then -%>
-BandwidthBurst <%= bandwidth_burst %> KB
-<%- end -%>
-<%- if relay_bandwidth_rate != '0' then -%>
-RelayBandwidthRate <%= relay_bandwidth_rate %> KB
-<%- end -%>
-<%- if relay_bandwidth_burst != '0' then -%>
-RelayBandwidthBurst <%= relay_bandwidth_burst %> KB
-<%- end -%>
-<%- if accounting_max != '0' then -%>
-AccountingMax <%= accounting_max %> GB
-<%- if accounting_start then -%>
-AccountingStart <%= accounting_start %>
-<%- end -%>
-<%- end -%>
-<%- if contact_info != '' then -%>
-ContactInfo <%= contact_info %>
-<%- end -%>
-<%- end -%>
-<%- if my_family != '' then -%>
-MyFamily <%= my_family %>
-<%- end -%>
-<%- if bridge_relay != '0' then -%>
-BridgeRelay <%= bridge_relay %>
-<%- end -%>
-
+<% end -%>
+<% if @nickname != '' -%>
+Nickname <%= @nickname %>
+<% end -%>
+<% if @address != '' -%>
+Address <%= @address %>
+<% end -%>
+<% if @portforwarding != '0' -%>
+PortForwarding <%= @portforwarding %>
+<% end -%>
+<% if @bandwidth_rate != '' -%>
+BandwidthRate <%= @bandwidth_rate %> KB
+<% end -%>
+<% if @bandwidth_burst != '' -%>
+BandwidthBurst <%= @bandwidth_burst %> KB
+<% end -%>
+<% if @relay_bandwidth_rate != '0' -%>
+RelayBandwidthRate <%= @relay_bandwidth_rate %> KB
+<% end -%>
+<% if @relay_bandwidth_burst != '0' -%>
+RelayBandwidthBurst <%= @relay_bandwidth_burst %> KB
+<% end -%>
+<% if @accounting_max != '0' -%>
+AccountingMax <%= @accounting_max %> GB
+<% if @accounting_start -%>
+AccountingStart <%= @accounting_start %>
+<% end -%>
+<% end -%>
+<% if @contact_info != '' -%>
+ContactInfo <%= @contact_info %>
+<% end -%>
+<% end -%>
+<% if @my_family != '' -%>
+MyFamily <%= @my_family %>
+<% end -%>
+<% if @bridge_relay != '0' -%>
+BridgeRelay <%= @bridge_relay %>
+<% end -%>
diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb
index caf750d..4bc3ddc 100644
--- a/templates/torrc.socks.erb
+++ b/templates/torrc.socks.erb
@@ -1,9 +1,9 @@
# socks
-SocksPort <%= port %>
-<%- for listen_address in listen_addresses -%>
+SocksPort <%= @port %>
+<% @listen_addresses.each do |listen_address| -%>
SocksListenAddress <%= listen_address %>
-<%- end -%>
-<%- for policy in policies -%>
+<% end -%>
+<% @policies.each do |policy| -%>
SocksPolicy <%= policy %>
-<%- end -%>
+<% end -%>
diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb
index dae97dc..c683150 100644
--- a/templates/torrc.transparent.erb
+++ b/templates/torrc.transparent.erb
@@ -1,5 +1,5 @@
# Transparent proxy
-TransPort <%= port %>
-<%- for listen_address in listen_addresses -%>
+TransPort <%= @port %>
+<% @listen_addresses.each do |listen_address| -%>
TransListenAddress <%= listen_address %>
-<%- end -%>
+<% end -%>