diff options
-rw-r--r-- | manifests/daemon.pp | 231 | ||||
-rw-r--r-- | manifests/daemon/bridge.pp | 18 | ||||
-rw-r--r-- | manifests/daemon/control.pp | 27 | ||||
-rw-r--r-- | manifests/daemon/directory.pp | 27 | ||||
-rw-r--r-- | manifests/daemon/dns.pp | 17 | ||||
-rw-r--r-- | manifests/daemon/exit_policy.pp | 18 | ||||
-rw-r--r-- | manifests/daemon/hidden_service.pp | 17 | ||||
-rw-r--r-- | manifests/daemon/map_address.pp | 16 | ||||
-rw-r--r-- | manifests/daemon/relay.pp | 41 | ||||
-rw-r--r-- | manifests/daemon/snippet.pp | 16 | ||||
-rw-r--r-- | manifests/daemon/socks.pp | 15 | ||||
-rw-r--r-- | manifests/daemon/transparent.pp | 17 |
12 files changed, 229 insertions, 231 deletions
diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 623aa22..1f4ea49 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -76,235 +76,4 @@ class tor::daemon ( order => 01, target => $config_file, } - - # socks definition - define socks( - $port = 0, - $listen_addresses = [], - $policies = [] ) { - - concat::fragment { '02.socks': - content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', - order => 02, - target => $tor::daemon::config_file, - } - } - - # relay definition - define relay( - $port = 0, - $listen_addresses = [], - $outbound_bindaddresses = [], - # KB/s, defaulting to using tor's default: 5120KB/s - $bandwidth_rate = '', - # KB/s, defaulting to using tor's default: 10240KB/s - $bandwidth_burst = '', - # KB/s, 0 for no limit - $relay_bandwidth_rate = 0, - # KB/s, 0 for no limit - $relay_bandwidth_burst = 0, - # GB, 0 for no limit - $accounting_max = 0, - $accounting_start = [], - $contact_info = '', - # TODO: autofill with other relays - $my_family = '', - $address = "tor.${::domain}", - $bridge_relay = 0, - $ensure = present ) { - - $nickname = $name - - if $outbound_bindaddresses == [] { - $real_outbound_bindaddresses = $listen_addresses - } else { - $real_outbound_bindaddresses = $outbound_bindaddresses - } - - concat::fragment { '03.relay': - ensure => $ensure, - content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 03, - target => $tor::daemon::config_file, - } - } - - # control definition - define control( - $port = 0, - $hashed_control_password = '', - $cookie_authentication = 0, - $cookie_auth_file = '', - $cookie_auth_file_group_readable = '', - $ensure = present ) { - - if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { - fail('You need to define the tor control password') - } - - if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { - notice('You set a tor cookie authentication option, but do not have cookie_authentication on') - } - - concat::fragment { '04.control': - ensure => $ensure, - content => template('tor/torrc.control.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0600', - order => 04, - target => $tor::daemon::config_file, - } - } - - # hidden services definition - define hidden_service( - $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { - - concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, - content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 05, - target => $tor::daemon::config_file, - } - } - - # directory advertising - define directory ( - $port = 0, - $listen_addresses = [], - $port_front_page = '/etc/tor/tor.html', - $ensure = present ) { - - concat::fragment { '06.directory': - ensure => $ensure, - content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 06, - target => $tor::daemon::config_file, - } - - file { '/etc/tor/tor.html': - ensure => $ensure, - source => 'puppet:///modules/tor/tor.html', - require => File['/etc/tor'], - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - } - } - - # exit policies - define exit_policy( - $accept = [], - $reject = [], - $reject_private = 1, - $ensure = present ) { - - concat::fragment { "07.exit_policy.${name}": - ensure => $ensure, - content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 07, - target => $tor::daemon::config_file, - } - } - - # DNS definition - define dns( - $port = 0, - $listen_addresses = [], - $ensure = present ) { - - concat::fragment { "08.dns.${name}": - ensure => $ensure, - content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 08, - target => $tor::daemon::config_file, - } - } - - # Transparent proxy definition - define transparent( - $port = 0, - $listen_addresses = [], - $ensure = present ) { - - concat::fragment { "09.transparent.${name}": - ensure => $ensure, - content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 09, - target => $tor::daemon::config_file, - } - } - - # Bridge definition - define bridge( - $ip, - $port, - $fingerprint = false, - $ensure = present ) { - - concat::fragment { "10.bridge.${name}": - ensure => $ensure, - content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 10, - target => $tor::daemon::config_file, - } - } - - # map address definition - define map_address( - $address = '', - $newaddress = '') { - - concat::fragment { "08.map_address.${name}": - ensure => $ensure, - content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 08, - target => $tor::daemon::config_file, - } - } - - # Arbitrary torrc snippet definition - define snippet( - $content = '', - $ensure = present ) { - - concat::fragment { "99.snippet.${name}": - ensure => $ensure, - content => $content, - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 99, - target => $tor::daemon::config_file, - } - } - } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp new file mode 100644 index 0000000..063f565 --- /dev/null +++ b/manifests/daemon/bridge.pp @@ -0,0 +1,18 @@ +# Bridge definition +define tor::daemon::bridge( + $ip, + $port, + $fingerprint = false, + $ensure = present ) { + + concat::fragment { "10.bridge.${name}": + ensure => $ensure, + content => template('tor/torrc.bridge.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 10, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp new file mode 100644 index 0000000..0172656 --- /dev/null +++ b/manifests/daemon/control.pp @@ -0,0 +1,27 @@ +# control definition +define tor::daemon::control( + $port = 0, + $hashed_control_password = '', + $cookie_authentication = 0, + $cookie_auth_file = '', + $cookie_auth_file_group_readable = '', + $ensure = present ) { + + if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { + fail('You need to define the tor control password') + } + + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + notice('You set a tor cookie authentication option, but do not have cookie_authentication on') + } + + concat::fragment { '04.control': + ensure => $ensure, + content => template('tor/torrc.control.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600', + order => 04, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp new file mode 100644 index 0000000..b71b6e6 --- /dev/null +++ b/manifests/daemon/directory.pp @@ -0,0 +1,27 @@ +# directory advertising +define tor::daemon::directory ( + $port = 0, + $listen_addresses = [], + $port_front_page = '/etc/tor/tor.html', + $ensure = present ) { + + concat::fragment { '06.directory': + ensure => $ensure, + content => template('tor/torrc.directory.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 06, + target => $tor::daemon::config_file, + } + + file { '/etc/tor/tor.html': + ensure => $ensure, + source => 'puppet:///modules/tor/tor.html', + require => File['/etc/tor'], + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + } +} + diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp new file mode 100644 index 0000000..f3a7027 --- /dev/null +++ b/manifests/daemon/dns.pp @@ -0,0 +1,17 @@ +# DNS definition +define tor::daemon::dns( + $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concat::fragment { "08.dns.${name}": + ensure => $ensure, + content => template('tor/torrc.dns.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 08, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp new file mode 100644 index 0000000..f459ece --- /dev/null +++ b/manifests/daemon/exit_policy.pp @@ -0,0 +1,18 @@ +# exit policies +define tor::daemon::exit_policy( + $accept = [], + $reject = [], + $reject_private = 1, + $ensure = present ) { + + concat::fragment { "07.exit_policy.${name}": + ensure => $ensure, + content => template('tor/torrc.exit_policy.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 07, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp new file mode 100644 index 0000000..c827211 --- /dev/null +++ b/manifests/daemon/hidden_service.pp @@ -0,0 +1,17 @@ +# hidden services definition +define tor::daemon::hidden_service( + $ports = [], + $data_dir = $tor::daemon::data_dir, + $ensure = present ) { + + concat::fragment { "05.hidden_service.${name}": + ensure => $ensure, + content => template('tor/torrc.hidden_service.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 05, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp new file mode 100644 index 0000000..6cb0956 --- /dev/null +++ b/manifests/daemon/map_address.pp @@ -0,0 +1,16 @@ +# map address definition +define tor::daemon::map_address( + $address = '', + $newaddress = '') { + + concat::fragment { "08.map_address.${name}": + ensure => $ensure, + content => template('tor/torrc.map_address.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 08, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp new file mode 100644 index 0000000..d5296de --- /dev/null +++ b/manifests/daemon/relay.pp @@ -0,0 +1,41 @@ +# relay definition +define tor::daemon::relay( + $port = 0, + $listen_addresses = [], + $outbound_bindaddresses = [], + # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_rate = '', + # KB/s, defaulting to using tor's default: 10240KB/s + $bandwidth_burst = '', + # KB/s, 0 for no limit + $relay_bandwidth_rate = 0, + # KB/s, 0 for no limit + $relay_bandwidth_burst = 0, + # GB, 0 for no limit + $accounting_max = 0, + $accounting_start = [], + $contact_info = '', + # TODO: autofill with other relays + $my_family = '', + $address = "tor.${::domain}", + $bridge_relay = 0, + $ensure = present ) { + + $nickname = $name + + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = $listen_addresses + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } + + concat::fragment { '03.relay': + ensure => $ensure, + content => template('tor/torrc.relay.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 03, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp new file mode 100644 index 0000000..b9089b4 --- /dev/null +++ b/manifests/daemon/snippet.pp @@ -0,0 +1,16 @@ +# Arbitrary torrc snippet definition +define tor::daemon::snippet( + $content = '', + $ensure = present ) { + + concat::fragment { "99.snippet.${name}": + ensure => $ensure, + content => $content, + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 99, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp new file mode 100644 index 0000000..910461c --- /dev/null +++ b/manifests/daemon/socks.pp @@ -0,0 +1,15 @@ +# socks definition +define tor::daemon::socks( + $port = 0, + $listen_addresses = [], + $policies = [] ) { + + concat::fragment { '02.socks': + content => template('tor/torrc.socks.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 02, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp new file mode 100644 index 0000000..74fed4f --- /dev/null +++ b/manifests/daemon/transparent.pp @@ -0,0 +1,17 @@ +# Transparent proxy definition +define tor::daemon::transparent( + $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concat::fragment { "09.transparent.${name}": + ensure => $ensure, + content => template('tor/torrc.transparent.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 09, + target => $tor::daemon::config_file, + } +} + |