aboutsummaryrefslogtreecommitdiff
path: root/manifests/daemon.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/daemon.pp')
-rw-r--r--manifests/daemon.pp131
1 files changed, 108 insertions, 23 deletions
diff --git a/manifests/daemon.pp b/manifests/daemon.pp
index 7b28cd4..578fae7 100644
--- a/manifests/daemon.pp
+++ b/manifests/daemon.pp
@@ -1,3 +1,4 @@
+# tor::daemon
class tor::daemon inherits tor::polipo {
group { "debian-tor":
@@ -27,38 +28,122 @@ class tor::daemon inherits tor::polipo {
require => User["debian-tor"],
}
- define config( $socks_port = 9050,
- $socks_listen_addresses = [ '127.0.0.1' ],
- $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ],
- $log_rules = [ 'notice file /var/log/tor/notices.log' ],
+ file { "/etc/tor":
+ ensure => directory,
+ mode => 0755,
+ owner => debian-tor,
+ group => debian-tor,
+ require => User["debian-tor"],
+ }
+
+ file { "/etc/tor.d":
+ ensure => directory,
+ mode => 0755,
+ owner => debian-tor,
+ group => debian-tor,
+ require => User["debian-tor"],
+ }
+
+ # configuration file
+ define config( $log_rules = [ 'notice file /var/log/tor/notices.log' ],
$data_directory = '/var/tor',
- $control_port = 0,
- $hashed_control_password = '',
$hidden_services = [],
- $or_port = 0,
- $or_listen_address = '',
- $nickname = '',
- $address = $hostname,
- $relay_bandwidth_rate = 0, # KB/s, 0 for no limit.
- $relay_bandwidth_burst = 0, # KB/s, 0 for no limit.
- $accounting_max = 0, # GB, 0 for no limit.
- $accounting_start = [],
- $contact_info = '',
$dir_port = 0,
$dir_listen_address = '',
$dir_port_front_page = '',
- $my_family = '',
$exit_policies = [],
$bridge_relay = 0) {
- file { "/etc/tor/torrc":
- ensure => present,
- content => template('tor/torrc.erb'),
- owner => root,
- group => root,
- mode => 0644,
- notify => Service["tor"],
+ }
+
+ concatenated_file { "/etc/tor/torrc":
+ dir => '/etc/tor.d',
+ mode => 0600,
+ notify => Service["tor"],
+ }
+
+ exec { "rm -f /etc/tor.d/*":
+ alias => 'clean-tor.d',
+ }
+
+ # socks definition
+ define tor::socks( $socks_port = 9050,
+ $socks_listen_addresses = [ '127.0.0.1' ],
+ $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], ) {
+ file { "/etc/tor.d/01.socks":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
}
}
+ # relay definition
+ define tor::relay( $port = 0,
+ $listen_address = '',
+ $nickname = '',
+ $address = $hostname,
+ $relay_bandwidth_rate = 0, # KB/s, 0 for no limit.
+ $relay_bandwidth_burst = 0, # KB/s, 0 for no limit.
+ $accounting_max = 0, # GB, 0 for no limit.
+ $accounting_start = [],
+ $contact_info = '',
+ $my_family = '',
+ $ensure = absent, ) {
+
+ file { "/etc/tor.d/02.relay":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # control definition
+ define tor::control( $port = 0,
+ $hashed_control_password = '',
+ $ensure = absent ) {
+ file { "/etc/tor.d/03.control":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # hidden services definition
+ define tor::hidden_service( $ports = [],
+ $ensure = present ) {
+ file { "/etc/tor.d/04.hidden_service.$name":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # directory advertising
+ define tor::directory ( $ports = [],
+ $hashed_password = '',
+ $ensure = present, ) {
+ file { "/etc/tor.d/05.directory":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # exit policies
+ define tor::exit_policy( $accept = [],
+ $reject = [],
+ $ensure = present, ) {
+ file { "/etc/tor.d/06.exit_policy":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
}
+