diff options
author | Micah <micah@riseup.net> | 2015-03-27 18:50:01 +0000 |
---|---|---|
committer | Micah <micah@riseup.net> | 2015-03-27 18:50:01 +0000 |
commit | 3925f36f7cd0f15029304363b0f5749750627c96 (patch) | |
tree | 5613a76af8c008a5820e41c097ed94f231412956 | |
parent | a31579095231c68a2786955b9149d3bcd13400af (diff) | |
parent | 19a44ce97f59633002d844e2b37f2b26b2f1cfbc (diff) | |
download | puppet-tor-3925f36f7cd0f15029304363b0f5749750627c96.tar.gz puppet-tor-3925f36f7cd0f15029304363b0f5749750627c96.tar.bz2 |
Merge branch 'improvements' into 'master'
Improvements
These are a bunch of improvements I got on my github profile in the past.
Interested in merging them?
Summary:
* adds tor repo management
* removes a workaround for a fixed bug
* adds tor-arm support
* support for safe logging
* puppet 3 ready templates.
It's merged on top of the current master.
See merge request !1
-rw-r--r-- | README | 7 | ||||
-rwxr-xr-x | files/polipo/polipo.cron | 22 | ||||
-rw-r--r-- | manifests/arm.pp | 9 | ||||
-rw-r--r-- | manifests/daemon.pp | 3 | ||||
-rw-r--r-- | manifests/daemon/relay.pp | 3 | ||||
-rw-r--r-- | manifests/polipo/debian.pp | 11 | ||||
-rw-r--r-- | manifests/repo.pp | 16 | ||||
-rw-r--r-- | manifests/repo/debian.pp | 9 | ||||
-rw-r--r-- | templates/torrc.bridge.erb | 4 | ||||
-rw-r--r-- | templates/torrc.control.erb | 26 | ||||
-rw-r--r-- | templates/torrc.directory.erb | 12 | ||||
-rw-r--r-- | templates/torrc.dns.erb | 6 | ||||
-rw-r--r-- | templates/torrc.exit_policy.erb | 16 | ||||
-rw-r--r-- | templates/torrc.global.erb | 25 | ||||
-rw-r--r-- | templates/torrc.hidden_service.erb | 8 | ||||
-rw-r--r-- | templates/torrc.map_address.erb | 4 | ||||
-rw-r--r-- | templates/torrc.relay.erb | 84 | ||||
-rw-r--r-- | templates/torrc.socks.erb | 10 | ||||
-rw-r--r-- | templates/torrc.transparent.erb | 6 |
19 files changed, 151 insertions, 130 deletions
@@ -7,6 +7,11 @@ policies, etc. ! Upgrade Notice ! + previously, if you did not set the $outbound_bindaddress variable, it was being + automatically set to the $listen_address variable. Now this is not being done + and instead you will need to set the $outbound_bindaddress explicitly for it to + be set. + the tor::relay{} variables $bandwidth_rate and $bandwidth_burst were previously used for the tor configuration variables RelayBandwidthRate and RelayBandwidthBurst, these have been renamed to $relay_bandwidth_rate and @@ -128,6 +133,8 @@ You have the following options that can be passed to a relay, with the defaults $port = 0, $listen_addresses = [], +$portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. + # Requires 'tor-fw-helper' binary present. $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. diff --git a/files/polipo/polipo.cron b/files/polipo/polipo.cron deleted file mode 100755 index aba88bc..0000000 --- a/files/polipo/polipo.cron +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -set -e - -FORBIDDEN_FILE=/etc/polipo/forbidden -CONFIG_FILE=/etc/polipo/config - -if [ ! -x /usr/bin/polipo ]; then - exit 0 -fi - -if [ ! -f $FORBIDDEN_FILE ]; then - FORBIDDEN_FILE=/dev/null -fi - -PIDFILE=/var/run/polipo/polipo.pid -[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") -# TODO: remove redirect stderr to /dev/null after the following bug is solved: -# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 -su -c \ - "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ - proxy &> /dev/null -[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/manifests/arm.pp b/manifests/arm.pp new file mode 100644 index 0000000..44ddcbb --- /dev/null +++ b/manifests/arm.pp @@ -0,0 +1,9 @@ +# manage tor-arm +class tor::arm ( + $ensure_version = 'installed' +){ + include ::tor + package{'tor-arm': + ensure => $ensure_version, + } +} diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2440180..2522b2c 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -6,7 +6,8 @@ class tor::daemon ( $config_file = '/etc/tor/torrc', $use_bridges = 0, $automap_hosts_on_resolve = 0, - $log_rules = [ 'notice file /var/log/tor/notices.log' ] + $log_rules = [ 'notice file /var/log/tor/notices.log' ], + $safe_logging = 1, ) { class{'tor': diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index d5296de..3ef8602 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -3,6 +3,7 @@ define tor::daemon::relay( $port = 0, $listen_addresses = [], $outbound_bindaddresses = [], + $portforwarding = 0, # KB/s, defaulting to using tor's default: 5120KB/s $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 10240KB/s @@ -24,7 +25,7 @@ define tor::daemon::relay( $nickname = $name if $outbound_bindaddresses == [] { - $real_outbound_bindaddresses = $listen_addresses + $real_outbound_bindaddresses = '' } else { $real_outbound_bindaddresses = $outbound_bindaddresses } diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp index 5ca6922..607b361 100644 --- a/manifests/polipo/debian.pp +++ b/manifests/polipo/debian.pp @@ -1,16 +1,5 @@ # manage polipo on debian class tor::polipo::debian inherits tor::polipo::base { - # TODO: restore file to original state after the following bug is solved: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { '/etc/cron.daily/polipo': - ensure => present, - owner => root, - group => root, - mode => '0755', - require => Package['polipo'], - source => 'puppet:///modules/tor/polipo/polipo.cron', - } - Service['polipo'] { hasstatus => false, pattern => '/usr/bin/polipo', diff --git a/manifests/repo.pp b/manifests/repo.pp new file mode 100644 index 0000000..f625599 --- /dev/null +++ b/manifests/repo.pp @@ -0,0 +1,16 @@ +class tor::repo ( + $ensure = present, + $source_name = 'torproject.org', + $include_src = false, +) { + case $::osfamily { + 'Debian': { + $key = '886DDD89' + $location = 'https://deb.torproject.org/torproject.org/' + class { 'tor::repo::debian': } + } + default: { + fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu") + } + } +} diff --git a/manifests/repo/debian.pp b/manifests/repo/debian.pp new file mode 100644 index 0000000..174c331 --- /dev/null +++ b/manifests/repo/debian.pp @@ -0,0 +1,9 @@ +# PRIVATE CLASS: do not use directly +class tor::repo::debian inherits tor::repo { + apt::source { $source_name: + ensure => $::tor::repo::ensure, + location => $::tor::repo::location, + key => $::tor::repo::key, + include_src => $::tor::repo::include_src, + } +} diff --git a/templates/torrc.bridge.erb b/templates/torrc.bridge.erb index 58ef70d..559ce5d 100644 --- a/templates/torrc.bridge.erb +++ b/templates/torrc.bridge.erb @@ -1,3 +1,3 @@ -# Bridge <%= name%> -Bridge <%= ip%>:<%= port%><%- if fingerprint -%> <%= fingerprint%><%- end -%> +# Bridge <%= @name %> +Bridge <%= @ip %>:<%= @port %><% if @fingerprint -%> <%= @fingerprint%><% end -%> diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb index 336c72d..0b68faf 100644 --- a/templates/torrc.control.erb +++ b/templates/torrc.control.erb @@ -1,16 +1,16 @@ # tor controller -<%- if port != '0' then -%> -ControlPort <%= port %> -<%- if cookie_authentication != '0' then -%> +<% if @port != '0' -%> +ControlPort <%= @port %> +<% if @cookie_authentication != '0' -%> CookieAuthentication 1 -<%- if cookie_auth_file != '' then -%> -CookieAuthFile <%= cookie_auth_file %> -<%- end -%> -<%- if cookie_auth_file_group_readable != '' then -%> -CookieAuthFileGroupReadable <%= cookie_auth_file_group_readable %> -<%- end -%> -<%- else -%> -HashedControlPassword <%= hashed_control_password %> -<%- end -%> -<%- end -%> +<% if @cookie_auth_file != '' -%> +CookieAuthFile <%= @cookie_auth_file %> +<% end -%> +<% if @cookie_auth_file_group_readable != '' -%> +CookieAuthFileGroupReadable <%= @cookie_auth_file_group_readable %> +<% end -%> +<% else -%> +HashedControlPassword <%= @hashed_control_password %> +<% end -%> +<% end -%> diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb index c6b35b5..1af9f40 100644 --- a/templates/torrc.directory.erb +++ b/templates/torrc.directory.erb @@ -1,11 +1,11 @@ # directory listing -<%- if port != '0' then -%> -DirPort <%= port %> -<%- end -%> -<%- for listen_address in listen_addresses -%> +<% if port != '0' -%> +DirPort <%= @port %> +<% end -%> +<% listen_addresses.each do |listen_address| -%> DirListenAddress <%= listen_address %> -<%- end -%> -<%- if port_front_page != '' then -%> +<% end -%> +<% if @port_front_page != '' -%> DirPortFrontPage <%= port_front_page %> <%- end -%> diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb index bd1e719..57cf46d 100644 --- a/templates/torrc.dns.erb +++ b/templates/torrc.dns.erb @@ -1,5 +1,5 @@ # DNS -DNSPort <%= port %> -<%- for listen_address in listen_addresses -%> +DNSPort <%= @port %> +<% @listen_addresses.each do |listen_address| -%> DNSListenAddress <%= listen_address %> -<%- end -%> +<% end -%> diff --git a/templates/torrc.exit_policy.erb b/templates/torrc.exit_policy.erb index 92367c2..a30d43b 100644 --- a/templates/torrc.exit_policy.erb +++ b/templates/torrc.exit_policy.erb @@ -1,11 +1,11 @@ -# exit policies: <%= name %> -<%- if reject_private != 1 then -%> -ExitPolicyRejectPrivate <%= reject_private %> -<%- end -%> -<%- for policy in accept -%> +# exit policies: <%= @name %> +<% if @reject_private != '1' -%> +ExitPolicyRejectPrivate <%= @reject_private %> +<% end -%> +<% @accept.each do |policy| -%> ExitPolicy accept <%= policy %> -<%- end -%> -<%- for policy in reject -%> +<% end -%> +<% @reject.each do |policy| -%> ExitPolicy reject <%= policy %> -<%- end -%> +<% end -%> diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index 0bc3bf2..f577673 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -1,15 +1,24 @@ # runtime RunAsDaemon 1 -DataDirectory <%= scope.lookupvar('tor::daemon::data_dir') %> +<% if (v=scope.lookupvar('tor::daemon::data_dir')) != '/var/lib/tor' -%> +DataDirectory <%= v %> +<% end -%> # log -<%- if scope.lookupvar('tor::daemon::log_rules') != [] then -%> -<%- for log_rule in scope.lookupvar('tor::daemon::log_rules') -%> +<% if (rules=scope.lookupvar('tor::daemon::log_rules')).empty? -%> +Log notice syslog +<% else -%> +<% rules.each do |log_rule| -%> Log <%= log_rule %> +<% end -%> +<% end -%> +<%- if @safe_logging != 1 then -%> +SafeLogging <%= @safe_logging %> <%- end -%> -<%- else -%> -Log notice syslog -<%- end -%> -AutomapHostsOnResolve <%= scope.lookupvar('tor::daemon::automap_hosts_on_resolve') %> -UseBridges <%= scope.lookupvar('tor::daemon::use_bridges') %> +<% if (v=scope.lookupvar('tor::daemon::automap_hosts_on_resolve')) != '0' -%> +AutomapHostsOnResolve <%= v %> +<% end -%> +<% if (v=scope.lookupvar('tor::daemon::use_bridges')) != '0' -%> +UseBridges <%= v %> +<%- end -%> diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb index b9f758a..4dec0b2 100644 --- a/templates/torrc.hidden_service.erb +++ b/templates/torrc.hidden_service.erb @@ -1,6 +1,6 @@ -# hidden service <%= name %> -HiddenServiceDir <%= data_dir %>/<%= name %> -<%- for port in ports -%> +# hidden service <%= @name %> +HiddenServiceDir <%= @data_dir %>/<%= @name %> +<% @ports.each do |port| -%> HiddenServicePort <%= port %> -<%- end -%> +<% end -%> diff --git a/templates/torrc.map_address.erb b/templates/torrc.map_address.erb index 3fb0274..ef4f268 100644 --- a/templates/torrc.map_address.erb +++ b/templates/torrc.map_address.erb @@ -1,3 +1,3 @@ -# map address <%= name %> -MapAddress <%= address %> <%= newaddress %> +# map address <%= @name %> +MapAddress <%= @address %> <%= @newaddress %> diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 85320d3..511bda1 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,44 +1,46 @@ # relay -<%- if port != 0 then -%> -ORPort <%= port %> -<%- for listen_address in listen_addresses -%> +<% if @port != 0 -%> +ORPort <%= @port %> +<% listen_addresses.each do |listen_address| -%> ORListenAddress <%= listen_address %> -<%- end -%> -<%- for outbound_bindaddress in real_outbound_bindaddresses -%> +<% end -%> +<% real_outbound_bindaddresses.each do |outbound_bindaddress| -%> OutboundBindAddress <%= outbound_bindaddress %> -<%- end -%> -<%- if nickname != '' then -%> -Nickname <%= nickname %> -<%- end -%> -<%- if address != '' then -%> -Address <%= address %> -<%- end -%> -<%- if bandwidth_rate != '' then -%> -BandwidthRate <%= bandwidth_rate %> KB -<%- end -%> -<%- if bandwidth_burst != '' then -%> -BandwidthBurst <%= bandwidth_burst %> KB -<%- end -%> -<%- if relay_bandwidth_rate != '0' then -%> -RelayBandwidthRate <%= relay_bandwidth_rate %> KB -<%- end -%> -<%- if relay_bandwidth_burst != '0' then -%> -RelayBandwidthBurst <%= relay_bandwidth_burst %> KB -<%- end -%> -<%- if accounting_max != '0' then -%> -AccountingMax <%= accounting_max %> GB -<%- if accounting_start then -%> -AccountingStart <%= accounting_start %> -<%- end -%> -<%- end -%> -<%- if contact_info != '' then -%> -ContactInfo <%= contact_info %> -<%- end -%> -<%- end -%> -<%- if my_family != '' then -%> -MyFamily <%= my_family %> -<%- end -%> -<%- if bridge_relay != '0' then -%> -BridgeRelay <%= bridge_relay %> -<%- end -%> - +<% end -%> +<% if @nickname != '' -%> +Nickname <%= @nickname %> +<% end -%> +<% if @address != '' -%> +Address <%= @address %> +<% end -%> +<% if @portforwarding != '0' -%> +PortForwarding <%= @portforwarding %> +<% end -%> +<% if @bandwidth_rate != '' -%> +BandwidthRate <%= @bandwidth_rate %> KB +<% end -%> +<% if @bandwidth_burst != '' -%> +BandwidthBurst <%= @bandwidth_burst %> KB +<% end -%> +<% if @relay_bandwidth_rate != '0' -%> +RelayBandwidthRate <%= @relay_bandwidth_rate %> KB +<% end -%> +<% if @relay_bandwidth_burst != '0' -%> +RelayBandwidthBurst <%= @relay_bandwidth_burst %> KB +<% end -%> +<% if @accounting_max != '0' -%> +AccountingMax <%= @accounting_max %> GB +<% if @accounting_start -%> +AccountingStart <%= @accounting_start %> +<% end -%> +<% end -%> +<% if @contact_info != '' -%> +ContactInfo <%= @contact_info %> +<% end -%> +<% end -%> +<% if @my_family != '' -%> +MyFamily <%= @my_family %> +<% end -%> +<% if @bridge_relay != '0' -%> +BridgeRelay <%= @bridge_relay %> +<% end -%> diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb index caf750d..4bc3ddc 100644 --- a/templates/torrc.socks.erb +++ b/templates/torrc.socks.erb @@ -1,9 +1,9 @@ # socks -SocksPort <%= port %> -<%- for listen_address in listen_addresses -%> +SocksPort <%= @port %> +<% @listen_addresses.each do |listen_address| -%> SocksListenAddress <%= listen_address %> -<%- end -%> -<%- for policy in policies -%> +<% end -%> +<% @policies.each do |policy| -%> SocksPolicy <%= policy %> -<%- end -%> +<% end -%> diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb index dae97dc..c683150 100644 --- a/templates/torrc.transparent.erb +++ b/templates/torrc.transparent.erb @@ -1,5 +1,5 @@ # Transparent proxy -TransPort <%= port %> -<%- for listen_address in listen_addresses -%> +TransPort <%= @port %> +<% @listen_addresses.each do |listen_address| -%> TransListenAddress <%= listen_address %> -<%- end -%> +<% end -%> |