diff options
| -rw-r--r-- | files/torrc-bridge | 4 | ||||
| -rw-r--r-- | manifests/daemon.pp | 131 | ||||
| -rw-r--r-- | templates/torrc.control.erb | 7 | ||||
| -rw-r--r-- | templates/torrc.directory.erb | 12 | ||||
| -rw-r--r-- | templates/torrc.erb | 92 | ||||
| -rw-r--r-- | templates/torrc.exit_policy.erb | 10 | ||||
| -rw-r--r-- | templates/torrc.header.erb | 17 | ||||
| -rw-r--r-- | templates/torrc.hidden_service.erb | 7 | ||||
| -rw-r--r-- | templates/torrc.relay.erb | 36 | ||||
| -rw-r--r-- | templates/torrc.socks.erb | 10 |
10 files changed, 207 insertions, 119 deletions
diff --git a/files/torrc-bridge b/files/torrc-bridge deleted file mode 100644 index a10de52..0000000 --- a/files/torrc-bridge +++ /dev/null @@ -1,4 +0,0 @@ -SocksPort 0 -ORPort 443 -BridgeRelay 1 -Exitpolicy reject *:* diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 7b28cd4..578fae7 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,3 +1,4 @@ +# tor::daemon class tor::daemon inherits tor::polipo { group { "debian-tor": @@ -27,38 +28,122 @@ class tor::daemon inherits tor::polipo { require => User["debian-tor"], } - define config( $socks_port = 9050, - $socks_listen_addresses = [ '127.0.0.1' ], - $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], - $log_rules = [ 'notice file /var/log/tor/notices.log' ], + file { "/etc/tor": + ensure => directory, + mode => 0755, + owner => debian-tor, + group => debian-tor, + require => User["debian-tor"], + } + + file { "/etc/tor.d": + ensure => directory, + mode => 0755, + owner => debian-tor, + group => debian-tor, + require => User["debian-tor"], + } + + # configuration file + define config( $log_rules = [ 'notice file /var/log/tor/notices.log' ], $data_directory = '/var/tor', - $control_port = 0, - $hashed_control_password = '', $hidden_services = [], - $or_port = 0, - $or_listen_address = '', - $nickname = '', - $address = $hostname, - $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. - $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. - $accounting_start = [], - $contact_info = '', $dir_port = 0, $dir_listen_address = '', $dir_port_front_page = '', - $my_family = '', $exit_policies = [], $bridge_relay = 0) { - file { "/etc/tor/torrc": - ensure => present, - content => template('tor/torrc.erb'), - owner => root, - group => root, - mode => 0644, - notify => Service["tor"], + } + + concatenated_file { "/etc/tor/torrc": + dir => '/etc/tor.d', + mode => 0600, + notify => Service["tor"], + } + + exec { "rm -f /etc/tor.d/*": + alias => 'clean-tor.d', + } + + # socks definition + define tor::socks( $socks_port = 9050, + $socks_listen_addresses = [ '127.0.0.1' ], + $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], ) { + file { "/etc/tor.d/01.socks": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], } } + # relay definition + define tor::relay( $port = 0, + $listen_address = '', + $nickname = '', + $address = $hostname, + $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. + $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. + $accounting_start = [], + $contact_info = '', + $my_family = '', + $ensure = absent, ) { + + file { "/etc/tor.d/02.relay": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # control definition + define tor::control( $port = 0, + $hashed_control_password = '', + $ensure = absent ) { + file { "/etc/tor.d/03.control": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # hidden services definition + define tor::hidden_service( $ports = [], + $ensure = present ) { + file { "/etc/tor.d/04.hidden_service.$name": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # directory advertising + define tor::directory ( $ports = [], + $hashed_password = '', + $ensure = present, ) { + file { "/etc/tor.d/05.directory": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # exit policies + define tor::exit_policy( $accept = [], + $reject = [], + $ensure = present, ) { + file { "/etc/tor.d/06.exit_policy": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } } + diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb new file mode 100644 index 0000000..27b8156 --- /dev/null +++ b/templates/torrc.control.erb @@ -0,0 +1,7 @@ +# tor controller + +<%- if control_port != '0' then -%> +ControlPort <%= control_port %> +HashedControlPassword <%= hashed_control_password %> +<%- end -%> + diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb new file mode 100644 index 0000000..56cfae0 --- /dev/null +++ b/templates/torrc.directory.erb @@ -0,0 +1,12 @@ +# directory listing + +<%- if dir_port != '0' then -%> +DirPort <%= dir_port %> +<%- end -%> +<%- if dir_listen_address != '' then -%> +DirListenAddress <%= dir_listen_address %> +<%- end -%> +<%- if dir_port_front_page != '' then -%> +DirPortFrontPage <%= dir_port_front_page %> +<%- end -%> + diff --git a/templates/torrc.erb b/templates/torrc.erb deleted file mode 100644 index 1e233a8..0000000 --- a/templates/torrc.erb +++ /dev/null @@ -1,92 +0,0 @@ -## This file is managed by puppet. - -## socks -SocksPort <%= socks_port %> -<%- for add in socks_listen_addresses -%> -SocksListenAddress <%= add %> -<%- end -%> -<%- for policy in socks_policies -%> -SocksPolicy <%= policy %> -<%- end -%> - -## log -<%- if log_rules != [] then -%> -<%- for log_rule in log_rules -%> -Log <%= log_rule %> -<%- end -%> -<%- else -%> -Log notice syslog -<%- end -%> - -## runtime -RunAsDaemon 1 -DataDirectory <%= data_directory %> - -## tor controller -<%- if control_port != '0' then -%> -ControlPort <%= control_port %> -HashedControlPassword <%= hashed_control_password %> -<%- end -%> - -## hidden services -<%- for service in hidden_services -%> -HiddenServiceDir /var/tor/<%= service[:name] %>/<%= service[:dir] %> -<%- for port in service[:ports] -%> -HiddenServicePort <%= port %> -<%- end -%> -<%- end -%> - -## relay -<%- if or_port != 0 then -%> -ORPort <%= or_port %> -<%- end -%> -<%- if or_listen_address != '' then -%> -ORListenAddress <%= or_listen_address %> -<%- end -%> -<%- if nickname != '' then -%> -Nickname <%= nickname %> -<%- end -%> -<%- if address != '' then -%> -Address <%= address %> -<%- end -%> -<%- if relay_bandwidth_rate != '0' then -%> -RelayBandwidthRate <%= relay_bandwidth_rate %> KB -<%- end -%> -<%- if relay_bandwidth_burst != '0' then -%> -RelayBandwidthBurst <%= relay_bandwidth_burst %> KB -<%- end -%> -<%- if accounting_max != '0' then -%> -AccountingMax <%= accounting_max %> GB -<%- end -%> -<%- for accounting in accounting_start -%> -AccountingStart <%= accounting_start %> -<%- end -%> -<%- if contact_info != '' then -%> -ContactInfo <%= contact_info %> -<%- end -%> - -## directory listing -<%- if dir_port != '0' then -%> -DirPort <%= dir_port %> -<%- end -%> -<%- if dir_listen_address != '' then -%> -DirListenAddress <%= dir_listen_address %> -<%- end -%> -<%- if dir_port_front_page != '' then -%> -DirPortFrontPage <%= dir_port_front_page %> -<%- end -%> - -## relay family -<%- if my_family != '' then -%> -MyFamily <%= my_family %> -<%- end -%> - -## bridge relay -<%- if bridge_relay != '0' then -%> -BridgeRelay <%= bridge_relay %> -<%- end -%> - -## exit policies -<%- for policy in exit_policies -%> -ExitPolicy <%= policy %> -<%- end -%> diff --git a/templates/torrc.exit_policy.erb b/templates/torrc.exit_policy.erb new file mode 100644 index 0000000..68ceba2 --- /dev/null +++ b/templates/torrc.exit_policy.erb @@ -0,0 +1,10 @@ +# exit policies: <%= name %> + +<%- for policy in accept -%> +ExitPolicy accept <%= policy %> +<%- end -%> + +<%- for policy in reject -%> +ExitPolicy reject <%= policy %> +<%- end -%> + diff --git a/templates/torrc.header.erb b/templates/torrc.header.erb new file mode 100644 index 0000000..b393631 --- /dev/null +++ b/templates/torrc.header.erb @@ -0,0 +1,17 @@ +# This file is managed by puppet. + +# runtime + +RunAsDaemon 1 +DataDirectory <%= data_directory %> + +# log + +<%- if log_rules != [] then -%> +<%- for log_rule in log_rules -%> +Log <%= log_rule %> +<%- end -%> +<%- else -%> +Log notice syslog +<%- end -%> + diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb new file mode 100644 index 0000000..d2f2d49 --- /dev/null +++ b/templates/torrc.hidden_service.erb @@ -0,0 +1,7 @@ +# hidden service <%= name %> + +HiddenServiceDir /var/tor/<%= name %> +<%- for port in ports -%> +HiddenServicePort <%= port %> +<%- end -%> + diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb new file mode 100644 index 0000000..9531c9b --- /dev/null +++ b/templates/torrc.relay.erb @@ -0,0 +1,36 @@ +# relay + +<%- if port != 0 then -%> +ORPort <%= port %> +<%- for listen_address in listen_addresses -%> +ORListenAddress <%= listen_address %> +<%- end -%> +<%- if nickname != '' then -%> +Nickname <%= nickname %> +<%- end -%> +<%- if address != '' then -%> +Address <%= address %> +<%- end -%> +<%- if relay_bandwidth_rate != '0' then -%> +RelayBandwidthRate <%= relay_bandwidth_rate %> KB +<%- end -%> +<%- if relay_bandwidth_burst != '0' then -%> +RelayBandwidthBurst <%= relay_bandwidth_burst %> KB +<%- end -%> +<%- if accounting_max != '0' then -%> +AccountingMax <%= accounting_max %> GB +<%- end -%> +<%- for accounting in accounting_start -%> +AccountingStart <%= accounting_start %> +<%- end -%> +<%- if contact_info != '' then -%> +ContactInfo <%= contact_info %> +<%- end -%> +<%- end -%> +<%- if my_family != '' then -%> +MyFamily <%= my_family %> +<%- end -%> +<%- if bridge_relay != '0' then -%> +BridgeRelay <%= bridge_relay %> +<%- end -%> + diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb new file mode 100644 index 0000000..a27489d --- /dev/null +++ b/templates/torrc.socks.erb @@ -0,0 +1,10 @@ +# socks + +SocksPort <%= socks_port %> +<%- for listen_address in socks_listen_addresses -%> +SocksListenAddress <%= listen_address %> +<%- end -%> +<%- for policy in socks_policies -%> +SocksPolicy <%= policy %> +<%- end -%> + |