aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/daemon.pp231
-rw-r--r--manifests/daemon/bridge.pp18
-rw-r--r--manifests/daemon/control.pp27
-rw-r--r--manifests/daemon/directory.pp27
-rw-r--r--manifests/daemon/dns.pp17
-rw-r--r--manifests/daemon/exit_policy.pp18
-rw-r--r--manifests/daemon/hidden_service.pp17
-rw-r--r--manifests/daemon/map_address.pp16
-rw-r--r--manifests/daemon/relay.pp41
-rw-r--r--manifests/daemon/snippet.pp16
-rw-r--r--manifests/daemon/socks.pp15
-rw-r--r--manifests/daemon/transparent.pp17
12 files changed, 229 insertions, 231 deletions
diff --git a/manifests/daemon.pp b/manifests/daemon.pp
index 623aa22..1f4ea49 100644
--- a/manifests/daemon.pp
+++ b/manifests/daemon.pp
@@ -76,235 +76,4 @@ class tor::daemon (
order => 01,
target => $config_file,
}
-
- # socks definition
- define socks(
- $port = 0,
- $listen_addresses = [],
- $policies = [] ) {
-
- concat::fragment { '02.socks':
- content => template('tor/torrc.socks.erb'),
- owner => 'debian-tor', group => 'debian-tor', mode => '0644',
- order => 02,
- target => $tor::daemon::config_file,
- }
- }
-
- # relay definition
- define relay(
- $port = 0,
- $listen_addresses = [],
- $outbound_bindaddresses = [],
- # KB/s, defaulting to using tor's default: 5120KB/s
- $bandwidth_rate = '',
- # KB/s, defaulting to using tor's default: 10240KB/s
- $bandwidth_burst = '',
- # KB/s, 0 for no limit
- $relay_bandwidth_rate = 0,
- # KB/s, 0 for no limit
- $relay_bandwidth_burst = 0,
- # GB, 0 for no limit
- $accounting_max = 0,
- $accounting_start = [],
- $contact_info = '',
- # TODO: autofill with other relays
- $my_family = '',
- $address = "tor.${::domain}",
- $bridge_relay = 0,
- $ensure = present ) {
-
- $nickname = $name
-
- if $outbound_bindaddresses == [] {
- $real_outbound_bindaddresses = $listen_addresses
- } else {
- $real_outbound_bindaddresses = $outbound_bindaddresses
- }
-
- concat::fragment { '03.relay':
- ensure => $ensure,
- content => template('tor/torrc.relay.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 03,
- target => $tor::daemon::config_file,
- }
- }
-
- # control definition
- define control(
- $port = 0,
- $hashed_control_password = '',
- $cookie_authentication = 0,
- $cookie_auth_file = '',
- $cookie_auth_file_group_readable = '',
- $ensure = present ) {
-
- if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' {
- fail('You need to define the tor control password')
- }
-
- if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') {
- notice('You set a tor cookie authentication option, but do not have cookie_authentication on')
- }
-
- concat::fragment { '04.control':
- ensure => $ensure,
- content => template('tor/torrc.control.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0600',
- order => 04,
- target => $tor::daemon::config_file,
- }
- }
-
- # hidden services definition
- define hidden_service(
- $ports = [],
- $data_dir = $tor::daemon::data_dir,
- $ensure = present ) {
-
- concat::fragment { "05.hidden_service.${name}":
- ensure => $ensure,
- content => template('tor/torrc.hidden_service.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 05,
- target => $tor::daemon::config_file,
- }
- }
-
- # directory advertising
- define directory (
- $port = 0,
- $listen_addresses = [],
- $port_front_page = '/etc/tor/tor.html',
- $ensure = present ) {
-
- concat::fragment { '06.directory':
- ensure => $ensure,
- content => template('tor/torrc.directory.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 06,
- target => $tor::daemon::config_file,
- }
-
- file { '/etc/tor/tor.html':
- ensure => $ensure,
- source => 'puppet:///modules/tor/tor.html',
- require => File['/etc/tor'],
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- }
- }
-
- # exit policies
- define exit_policy(
- $accept = [],
- $reject = [],
- $reject_private = 1,
- $ensure = present ) {
-
- concat::fragment { "07.exit_policy.${name}":
- ensure => $ensure,
- content => template('tor/torrc.exit_policy.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 07,
- target => $tor::daemon::config_file,
- }
- }
-
- # DNS definition
- define dns(
- $port = 0,
- $listen_addresses = [],
- $ensure = present ) {
-
- concat::fragment { "08.dns.${name}":
- ensure => $ensure,
- content => template('tor/torrc.dns.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 08,
- target => $tor::daemon::config_file,
- }
- }
-
- # Transparent proxy definition
- define transparent(
- $port = 0,
- $listen_addresses = [],
- $ensure = present ) {
-
- concat::fragment { "09.transparent.${name}":
- ensure => $ensure,
- content => template('tor/torrc.transparent.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 09,
- target => $tor::daemon::config_file,
- }
- }
-
- # Bridge definition
- define bridge(
- $ip,
- $port,
- $fingerprint = false,
- $ensure = present ) {
-
- concat::fragment { "10.bridge.${name}":
- ensure => $ensure,
- content => template('tor/torrc.bridge.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 10,
- target => $tor::daemon::config_file,
- }
- }
-
- # map address definition
- define map_address(
- $address = '',
- $newaddress = '') {
-
- concat::fragment { "08.map_address.${name}":
- ensure => $ensure,
- content => template('tor/torrc.map_address.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 08,
- target => $tor::daemon::config_file,
- }
- }
-
- # Arbitrary torrc snippet definition
- define snippet(
- $content = '',
- $ensure = present ) {
-
- concat::fragment { "99.snippet.${name}":
- ensure => $ensure,
- content => $content,
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
- order => 99,
- target => $tor::daemon::config_file,
- }
- }
-
}
diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp
new file mode 100644
index 0000000..063f565
--- /dev/null
+++ b/manifests/daemon/bridge.pp
@@ -0,0 +1,18 @@
+# Bridge definition
+define tor::daemon::bridge(
+ $ip,
+ $port,
+ $fingerprint = false,
+ $ensure = present ) {
+
+ concat::fragment { "10.bridge.${name}":
+ ensure => $ensure,
+ content => template('tor/torrc.bridge.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 10,
+ target => $tor::daemon::config_file,
+ }
+}
+
diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp
new file mode 100644
index 0000000..0172656
--- /dev/null
+++ b/manifests/daemon/control.pp
@@ -0,0 +1,27 @@
+# control definition
+define tor::daemon::control(
+ $port = 0,
+ $hashed_control_password = '',
+ $cookie_authentication = 0,
+ $cookie_auth_file = '',
+ $cookie_auth_file_group_readable = '',
+ $ensure = present ) {
+
+ if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' {
+ fail('You need to define the tor control password')
+ }
+
+ if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') {
+ notice('You set a tor cookie authentication option, but do not have cookie_authentication on')
+ }
+
+ concat::fragment { '04.control':
+ ensure => $ensure,
+ content => template('tor/torrc.control.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0600',
+ order => 04,
+ target => $tor::daemon::config_file,
+ }
+}
diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp
new file mode 100644
index 0000000..b71b6e6
--- /dev/null
+++ b/manifests/daemon/directory.pp
@@ -0,0 +1,27 @@
+# directory advertising
+define tor::daemon::directory (
+ $port = 0,
+ $listen_addresses = [],
+ $port_front_page = '/etc/tor/tor.html',
+ $ensure = present ) {
+
+ concat::fragment { '06.directory':
+ ensure => $ensure,
+ content => template('tor/torrc.directory.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 06,
+ target => $tor::daemon::config_file,
+ }
+
+ file { '/etc/tor/tor.html':
+ ensure => $ensure,
+ source => 'puppet:///modules/tor/tor.html',
+ require => File['/etc/tor'],
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ }
+}
+
diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp
new file mode 100644
index 0000000..f3a7027
--- /dev/null
+++ b/manifests/daemon/dns.pp
@@ -0,0 +1,17 @@
+# DNS definition
+define tor::daemon::dns(
+ $port = 0,
+ $listen_addresses = [],
+ $ensure = present ) {
+
+ concat::fragment { "08.dns.${name}":
+ ensure => $ensure,
+ content => template('tor/torrc.dns.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 08,
+ target => $tor::daemon::config_file,
+ }
+}
+
diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp
new file mode 100644
index 0000000..f459ece
--- /dev/null
+++ b/manifests/daemon/exit_policy.pp
@@ -0,0 +1,18 @@
+# exit policies
+define tor::daemon::exit_policy(
+ $accept = [],
+ $reject = [],
+ $reject_private = 1,
+ $ensure = present ) {
+
+ concat::fragment { "07.exit_policy.${name}":
+ ensure => $ensure,
+ content => template('tor/torrc.exit_policy.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 07,
+ target => $tor::daemon::config_file,
+ }
+}
+
diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp
new file mode 100644
index 0000000..c827211
--- /dev/null
+++ b/manifests/daemon/hidden_service.pp
@@ -0,0 +1,17 @@
+# hidden services definition
+define tor::daemon::hidden_service(
+ $ports = [],
+ $data_dir = $tor::daemon::data_dir,
+ $ensure = present ) {
+
+ concat::fragment { "05.hidden_service.${name}":
+ ensure => $ensure,
+ content => template('tor/torrc.hidden_service.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 05,
+ target => $tor::daemon::config_file,
+ }
+}
+
diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp
new file mode 100644
index 0000000..6cb0956
--- /dev/null
+++ b/manifests/daemon/map_address.pp
@@ -0,0 +1,16 @@
+# map address definition
+define tor::daemon::map_address(
+ $address = '',
+ $newaddress = '') {
+
+ concat::fragment { "08.map_address.${name}":
+ ensure => $ensure,
+ content => template('tor/torrc.map_address.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 08,
+ target => $tor::daemon::config_file,
+ }
+}
+
diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp
new file mode 100644
index 0000000..d5296de
--- /dev/null
+++ b/manifests/daemon/relay.pp
@@ -0,0 +1,41 @@
+# relay definition
+define tor::daemon::relay(
+ $port = 0,
+ $listen_addresses = [],
+ $outbound_bindaddresses = [],
+ # KB/s, defaulting to using tor's default: 5120KB/s
+ $bandwidth_rate = '',
+ # KB/s, defaulting to using tor's default: 10240KB/s
+ $bandwidth_burst = '',
+ # KB/s, 0 for no limit
+ $relay_bandwidth_rate = 0,
+ # KB/s, 0 for no limit
+ $relay_bandwidth_burst = 0,
+ # GB, 0 for no limit
+ $accounting_max = 0,
+ $accounting_start = [],
+ $contact_info = '',
+ # TODO: autofill with other relays
+ $my_family = '',
+ $address = "tor.${::domain}",
+ $bridge_relay = 0,
+ $ensure = present ) {
+
+ $nickname = $name
+
+ if $outbound_bindaddresses == [] {
+ $real_outbound_bindaddresses = $listen_addresses
+ } else {
+ $real_outbound_bindaddresses = $outbound_bindaddresses
+ }
+
+ concat::fragment { '03.relay':
+ ensure => $ensure,
+ content => template('tor/torrc.relay.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 03,
+ target => $tor::daemon::config_file,
+ }
+}
diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp
new file mode 100644
index 0000000..b9089b4
--- /dev/null
+++ b/manifests/daemon/snippet.pp
@@ -0,0 +1,16 @@
+# Arbitrary torrc snippet definition
+define tor::daemon::snippet(
+ $content = '',
+ $ensure = present ) {
+
+ concat::fragment { "99.snippet.${name}":
+ ensure => $ensure,
+ content => $content,
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 99,
+ target => $tor::daemon::config_file,
+ }
+}
+
diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp
new file mode 100644
index 0000000..910461c
--- /dev/null
+++ b/manifests/daemon/socks.pp
@@ -0,0 +1,15 @@
+# socks definition
+define tor::daemon::socks(
+ $port = 0,
+ $listen_addresses = [],
+ $policies = [] ) {
+
+ concat::fragment { '02.socks':
+ content => template('tor/torrc.socks.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 02,
+ target => $tor::daemon::config_file,
+ }
+}
diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp
new file mode 100644
index 0000000..74fed4f
--- /dev/null
+++ b/manifests/daemon/transparent.pp
@@ -0,0 +1,17 @@
+# Transparent proxy definition
+define tor::daemon::transparent(
+ $port = 0,
+ $listen_addresses = [],
+ $ensure = present ) {
+
+ concat::fragment { "09.transparent.${name}":
+ ensure => $ensure,
+ content => template('tor/torrc.transparent.erb'),
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0644',
+ order => 09,
+ target => $tor::daemon::config_file,
+ }
+}
+