diff options
-rw-r--r-- | manifests/bridge.pp | 17 | ||||
-rw-r--r-- | manifests/daemon.pp | 43 | ||||
-rw-r--r-- | manifests/init.pp | 74 | ||||
-rw-r--r-- | manifests/polipo.pp | 35 | ||||
-rw-r--r-- | manifests/relay.pp | 18 | ||||
-rw-r--r-- | templates/torrc.erb | 6 |
6 files changed, 123 insertions, 70 deletions
diff --git a/manifests/bridge.pp b/manifests/bridge.pp new file mode 100644 index 0000000..c0cfaae --- /dev/null +++ b/manifests/bridge.pp @@ -0,0 +1,17 @@ +class tor::bridge inherits tor::daemon { + + tor::daemon::config { "tor-bridge-$name": + socks_port => 0, + socks_listen_addresses => [], + socks_policies => [], + log_rules => [], + hidden_services => [], + or_port => 443, + address => '', + relay_bandwith_rate => 0, + relay_bandwith_burst => 0, + exit_policies => 'reject *:*', + bridge_relay => 1, + } + +} diff --git a/manifests/daemon.pp b/manifests/daemon.pp new file mode 100644 index 0000000..d05f94f --- /dev/null +++ b/manifests/daemon.pp @@ -0,0 +1,43 @@ +class tor::daemon inherits tor { + + include polipo + + service { "tor": + ensure => running, + require => [ Package['tor'], Service["polipo"] ], + } + + define config( $socks_port = 9001, + $socks_listen_addresses = [ '127.0.0.1' ], + $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], + $log_rules = [ 'notice file /var/log/tor/notices.log' ], + $data_directory = '/var/tor', + $control_port = false, + $hashed_control_password = '', + $hidden_services = [], + $or_port = 0, + $or_listen_address = '', + $nickname = '', + $address = $hostname, + $relay_bandwith_rate = 0, # KB/s, 0 for no limit. + $relay_bandwith_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. + $accounting_start = [], + $contact_info = '', + $dir_port = 0, + $dir_listen_address = '', + $dir_front_page = '', + $my_family = '', + $exit_policies = [], + $bridge_relay = 0) { + + file { "/etc/tor/torrc": + ensure => present, + content => template('tor/torrc.erb'), + owner => root, + group => root, + mode => 0644, + } + } + +} diff --git a/manifests/init.pp b/manifests/init.pp index 1d4b5f5..bf4f696 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,8 @@ +import "polipo.pp" +import "daemon.pp" +import "relay.pp" +import "bridge.pp" + class tor { package { "privoxy": ensure => absent, @@ -6,73 +11,4 @@ class tor { package { [ "tor", "polipo", "torsocks" ]: ensure => installed, } - - service { "tor": - ensure => running, - require => [ Package['tor'], Service["polipo"] ], - } - - service { "polipo": - ensure => running, - require => Package["polipo"], - } - - file { "/etc/polipo": - ensure => directory, - owner => root, - group => root, - mode => 0755, - } - - file { "/etc/polipo/config": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => "puppet://$server/modules/tor/polipo.conf", - notify => Service["polipo"], - require => File["/etc/polipo"], - } - - # TODO: restore file to original state after the following bug is solved: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { "/etc/cron.daily/polipo": - ensure => present, - owner => root, - group => root, - mode => 0755, - source => "puppet://$server/modules/tor/polipo.cron", - } - - define config( $socks_port = 9050, - $socks_listen_addresses = [ '127.0.0.1' ], - $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], - $log_rules = [ 'notice file /var/log/tor/notices.log' ], - $data_directory = '/var/tor', - $control_port = false, - $hashed_control_password = '', - $hidden_services = [], - $or_port = 443, - $or_listen_address = '0.0.0.0:9090', - $nickname = '', - $address = $hostname, - $relay_bandwith_rate = 0, # KB/s, 0 for no limit. - $relay_bandwith_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. - $accounting_start = [], - $contact_info = '', - $dir_port = 0, - $dir_listen_address = '', - $dir_front_page = '', - $my_family = '', - $exit_policies = [], - ) { - file { "/etc/tor/torrc": - ensure => present, - content => template('tor/torrc.erb'), - owner => root, - group => root, - mode => 0644, - } - } } diff --git a/manifests/polipo.pp b/manifests/polipo.pp new file mode 100644 index 0000000..7509563 --- /dev/null +++ b/manifests/polipo.pp @@ -0,0 +1,35 @@ +class polipo { + + service { "polipo": + ensure => running, + require => Package["polipo"], + } + + file { "/etc/polipo": + ensure => directory, + owner => root, + group => root, + mode => 0755, + } + + file { "/etc/polipo/config": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet://$server/modules/tor/polipo.conf", + notify => Service["polipo"], + require => File["/etc/polipo"], + } + + # TODO: restore file to original state after the following bug is solved: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 + file { "/etc/cron.daily/polipo": + ensure => present, + owner => root, + group => root, + mode => 0755, + source => "puppet://$server/modules/tor/polipo.cron", + } + +} diff --git a/manifests/relay.pp b/manifests/relay.pp new file mode 100644 index 0000000..2f474dc --- /dev/null +++ b/manifests/relay.pp @@ -0,0 +1,18 @@ +class tor::relay inherits tor::daemon { + tor::daemon::config { "tor-relay-$name": + or_port => 9001, + or_listen_address => '', + nickname => '', + address => $hostname, + relay_bandwith_rate => 0, + relay_bandwith_burst => 0, + accounting_max => 0, + accounting_start => [], + contact_info => '', + dir_port => 0, + dir_listen_address => '', + dir_front_page => '', + my_family => '', + exit_policies => [], + } +} diff --git a/templates/torrc.erb b/templates/torrc.erb index 652e039..9d97253 100644 --- a/templates/torrc.erb +++ b/templates/torrc.erb @@ -81,8 +81,12 @@ DirPortFrontPage <%= dir_port_front_page %> MyFamily <%= my_family %> <%- end %> +## bridge relay +<%- if bridge_relay != 0 then %> +BridgeRelay <%= bridge_relay %> +<%- end %> + ## exit policies <%- for policy in exit_policies %> ExitPolicy <%= policy %> <%- end %> - |