aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/bridge.pp17
-rw-r--r--manifests/daemon.pp169
-rw-r--r--manifests/relay.pp23
-rw-r--r--templates/torrc.directory.erb12
-rw-r--r--templates/torrc.global.erb15
-rw-r--r--templates/torrc.header.erb15
-rw-r--r--templates/torrc.relay.erb4
7 files changed, 118 insertions, 137 deletions
diff --git a/manifests/bridge.pp b/manifests/bridge.pp
deleted file mode 100644
index 81c59f1..0000000
--- a/manifests/bridge.pp
+++ /dev/null
@@ -1,17 +0,0 @@
-class tor::bridge inherits tor::daemon {
-
- tor::daemon::config { "tor-bridge-$name":
- socks_port => 0,
- socks_listen_addresses => [],
- socks_policies => [],
- log_rules => [],
- hidden_services => [],
- or_port => 443,
- address => '',
- relay_bandwidth_rate => 0,
- relay_bandwidth_burst => 0,
- exit_policies => 'reject *:*',
- bridge_relay => 1,
- }
-
-}
diff --git a/manifests/daemon.pp b/manifests/daemon.pp
index 578fae7..80da4c7 100644
--- a/manifests/daemon.pp
+++ b/manifests/daemon.pp
@@ -1,86 +1,100 @@
# tor::daemon
-class tor::daemon inherits tor::polipo {
+class tor::daemon inherits tor {
- group { "debian-tor":
+ # config variables
+ $data_dir = '/var/tor'
+ $config_file = '/etc/tor/torrc'
+ $spool_dir = '/var/lib/puppet/modules/tor/torrc.d'
+
+ # packages, user, group
+ group { 'debian-tor':
ensure => present,
allowdupe => false,
}
- Package[ "tor", "torsocks" ] {
- require => File["/var/tor"],
+ Package[ 'tor', 'torsocks' ] {
+ require => File[$data_dir],
}
- user { "debian-tor":
+ user { 'debian-tor':
allowdupe => false,
- comment => "tor user,,,",
+ comment => 'tor user,,,',
ensure => present,
- home => "/var/tor",
- shell => "/bin/sh",
- gid => "debian-tor",
- require => Group["debian-tor"],
+ home => $data_dir,
+ shell => '/bin/sh',
+ gid => 'debian-tor',
+ require => Group['debian-tor'],
}
- file { "/var/tor":
+ # directories
+ file { "${data_dir}":
ensure => directory,
mode => 0755,
- owner => debian-tor,
- group => debian-tor,
- require => User["debian-tor"],
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ require => User['debian-tor'],
}
- file { "/etc/tor":
+ file { '/etc/tor':
ensure => directory,
mode => 0755,
- owner => debian-tor,
- group => debian-tor,
- require => User["debian-tor"],
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ require => User['debian-tor'],
}
- file { "/etc/tor.d":
- ensure => directory,
- mode => 0755,
- owner => debian-tor,
- group => debian-tor,
- require => User["debian-tor"],
+ file {"${spool_dir}":
+ ensure => directory,
+ force => true,
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
- # configuration file
- define config( $log_rules = [ 'notice file /var/log/tor/notices.log' ],
- $data_directory = '/var/tor',
- $hidden_services = [],
- $dir_port = 0,
- $dir_listen_address = '',
- $dir_port_front_page = '',
- $exit_policies = [],
- $bridge_relay = 0) {
-
+ # tor configuration file
+ concatenated_file { '${config_file}':
+ dir => $spool_dir,
+ header => "${spool_dir}/00.header"
+ mode => 0600,
+ notify => Service['tor'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
- concatenated_file { "/etc/tor/torrc":
- dir => '/etc/tor.d',
- mode => 0600,
- notify => Service["tor"],
+ # config file headers
+ file { '${spool_dir}/00.header':
+ content => template('tor/header.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
+ ensure => present,
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
- exec { "rm -f /etc/tor.d/*":
- alias => 'clean-tor.d',
+ # global configurations
+ define tor::global_opts( $log_rules = [ 'notice file /var/log/tor/notices.log' ],
+ $ensure = present ) {
+ file { '${spool_dir}/01.global':
+ content => template('tor/global.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
+ ensure => $ensure,
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
+ }
}
# socks definition
- define tor::socks( $socks_port = 9050,
- $socks_listen_addresses = [ '127.0.0.1' ],
- $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], ) {
- file { "/etc/tor.d/01.socks":
- require => File['/etc/tor.d'],
- notify => Exec['concat_/etc/tor/torrc'],
+ define tor::socks( $socks_port = 0,
+ $socks_listen_addresses = [],
+ $socks_policies = [] ) {
+ file { '${spool_dir}/02.socks':
+ content => template('tor/socks.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
ensure => $ensure,
- require => Exec['clean-tor.d'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
}
# relay definition
define tor::relay( $port = 0,
- $listen_address = '',
+ $listen_addresses = [],
$nickname = '',
$address = $hostname,
$relay_bandwidth_rate = 0, # KB/s, 0 for no limit.
@@ -89,60 +103,67 @@ class tor::daemon inherits tor::polipo {
$accounting_start = [],
$contact_info = '',
$my_family = '',
- $ensure = absent, ) {
+ $bridge_reay = 0,
+ $ensure = present ) {
- file { "/etc/tor.d/02.relay":
- require => File['/etc/tor.d'],
- notify => Exec['concat_/etc/tor/torrc'],
+ file { '${spool_dir}/03.relay':
+ content => template('tor/relay.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
ensure => $ensure,
- require => Exec['clean-tor.d'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
}
# control definition
define tor::control( $port = 0,
$hashed_control_password = '',
- $ensure = absent ) {
- file { "/etc/tor.d/03.control":
- require => File['/etc/tor.d'],
- notify => Exec['concat_/etc/tor/torrc'],
+ $ensure = present ) {
+ file { '${spool_dir}/04.control':
+ content => template('tor/control.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
ensure => $ensure,
- require => Exec['clean-tor.d'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
}
# hidden services definition
define tor::hidden_service( $ports = [],
$ensure = present ) {
- file { "/etc/tor.d/04.hidden_service.$name":
- require => File['/etc/tor.d'],
- notify => Exec['concat_/etc/tor/torrc'],
+ file { '${spool_dir}/05.hidden_service.${name}':
+ content => template('tor/hidden_service.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
ensure => $ensure,
- require => Exec['clean-tor.d'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
}
# directory advertising
- define tor::directory ( $ports = [],
- $hashed_password = '',
- $ensure = present, ) {
- file { "/etc/tor.d/05.directory":
- require => File['/etc/tor.d'],
- notify => Exec['concat_/etc/tor/torrc'],
+ define tor::directory ( $port = 0,
+ $listen_addresses = [],
+ $port_front_page = '',
+ $ensure = present ) {
+ file { '${spool_dir}/06.directory':
+ content => template('tor/directory.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
ensure => $ensure,
- require => Exec['clean-tor.d'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
}
# exit policies
define tor::exit_policy( $accept = [],
$reject = [],
- $ensure = present, ) {
- file { "/etc/tor.d/06.exit_policy":
- require => File['/etc/tor.d'],
- notify => Exec['concat_/etc/tor/torrc'],
+ $ensure = present ) {
+ file { '${spool_dir}/07.exit_policy.${name}':
+ content => template('tor/exit_policy.erb'),
+ require => File['${spool_dir}'],
+ notify => Exec['concat_${config_file}'],
ensure => $ensure,
- require => Exec['clean-tor.d'],
+ owner => 'debian-tor', group => 'debian-tor', mode => 0755,
}
}
}
diff --git a/manifests/relay.pp b/manifests/relay.pp
deleted file mode 100644
index 5d3beb7..0000000
--- a/manifests/relay.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-class tor::relay inherits tor::daemon {
-
- tor::daemon::config { "tor-relay":
- socks_port => 0,
- socks_listen_addresses => [],
- socks_policies => [],
- or_port => 9001,
- or_listen_address => '',
- nickname => '',
- address => '',
- relay_bandwidth_rate => 50,
- relay_bandwidth_burst => 50,
- accounting_max => 0,
- accounting_start => [],
- contact_info => '',
- dir_port => 0,
- dir_listen_address => '',
- dir_port_front_page => '',
- my_family => '',
- exit_policies => [ 'reject *:*' ],
- }
-
-}
diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb
index 56cfae0..14712ef 100644
--- a/templates/torrc.directory.erb
+++ b/templates/torrc.directory.erb
@@ -1,12 +1,12 @@
# directory listing
-<%- if dir_port != '0' then -%>
-DirPort <%= dir_port %>
+<%- if port != '0' then -%>
+DirPort <%= port %>
<%- end -%>
-<%- if dir_listen_address != '' then -%>
-DirListenAddress <%= dir_listen_address %>
+<%- for listen_address in listen_addresses -%>
+DirListenAddress <%= listen_address %>
<%- end -%>
-<%- if dir_port_front_page != '' then -%>
-DirPortFrontPage <%= dir_port_front_page %>
+<%- if port_front_page != '' then -%>
+DirPortFrontPage <%= port_front_page %>
<%- end -%>
diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb
new file mode 100644
index 0000000..96ea930
--- /dev/null
+++ b/templates/torrc.global.erb
@@ -0,0 +1,15 @@
+# runtime
+
+RunAsDaemon 1
+DataDirectory <%= data_dir %>
+
+# log
+
+<%- if log_rules != [] then -%>
+<%- for log_rule in log_rules -%>
+Log <%= log_rule %>
+<%- end -%>
+<%- else -%>
+Log notice syslog
+<%- end -%>
+
diff --git a/templates/torrc.header.erb b/templates/torrc.header.erb
index b393631..79d6da9 100644
--- a/templates/torrc.header.erb
+++ b/templates/torrc.header.erb
@@ -1,17 +1,2 @@
# This file is managed by puppet.
-# runtime
-
-RunAsDaemon 1
-DataDirectory <%= data_directory %>
-
-# log
-
-<%- if log_rules != [] then -%>
-<%- for log_rule in log_rules -%>
-Log <%= log_rule %>
-<%- end -%>
-<%- else -%>
-Log notice syslog
-<%- end -%>
-
diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb
index 9531c9b..d9f06ae 100644
--- a/templates/torrc.relay.erb
+++ b/templates/torrc.relay.erb
@@ -19,9 +19,9 @@ RelayBandwidthBurst <%= relay_bandwidth_burst %> KB
<%- end -%>
<%- if accounting_max != '0' then -%>
AccountingMax <%= accounting_max %> GB
-<%- end -%>
-<%- for accounting in accounting_start -%>
+<%- for accounting in accounting_start -%>
AccountingStart <%= accounting_start %>
+<%- end -%>
<%- end -%>
<%- if contact_info != '' then -%>
ContactInfo <%= contact_info %>