diff options
Diffstat (limited to 'manifests/daemon.pp')
-rw-r--r-- | manifests/daemon.pp | 131 |
1 files changed, 108 insertions, 23 deletions
diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 7b28cd4..578fae7 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,3 +1,4 @@ +# tor::daemon class tor::daemon inherits tor::polipo { group { "debian-tor": @@ -27,38 +28,122 @@ class tor::daemon inherits tor::polipo { require => User["debian-tor"], } - define config( $socks_port = 9050, - $socks_listen_addresses = [ '127.0.0.1' ], - $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], - $log_rules = [ 'notice file /var/log/tor/notices.log' ], + file { "/etc/tor": + ensure => directory, + mode => 0755, + owner => debian-tor, + group => debian-tor, + require => User["debian-tor"], + } + + file { "/etc/tor.d": + ensure => directory, + mode => 0755, + owner => debian-tor, + group => debian-tor, + require => User["debian-tor"], + } + + # configuration file + define config( $log_rules = [ 'notice file /var/log/tor/notices.log' ], $data_directory = '/var/tor', - $control_port = 0, - $hashed_control_password = '', $hidden_services = [], - $or_port = 0, - $or_listen_address = '', - $nickname = '', - $address = $hostname, - $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. - $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. - $accounting_start = [], - $contact_info = '', $dir_port = 0, $dir_listen_address = '', $dir_port_front_page = '', - $my_family = '', $exit_policies = [], $bridge_relay = 0) { - file { "/etc/tor/torrc": - ensure => present, - content => template('tor/torrc.erb'), - owner => root, - group => root, - mode => 0644, - notify => Service["tor"], + } + + concatenated_file { "/etc/tor/torrc": + dir => '/etc/tor.d', + mode => 0600, + notify => Service["tor"], + } + + exec { "rm -f /etc/tor.d/*": + alias => 'clean-tor.d', + } + + # socks definition + define tor::socks( $socks_port = 9050, + $socks_listen_addresses = [ '127.0.0.1' ], + $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], ) { + file { "/etc/tor.d/01.socks": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], } } + # relay definition + define tor::relay( $port = 0, + $listen_address = '', + $nickname = '', + $address = $hostname, + $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. + $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. + $accounting_start = [], + $contact_info = '', + $my_family = '', + $ensure = absent, ) { + + file { "/etc/tor.d/02.relay": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # control definition + define tor::control( $port = 0, + $hashed_control_password = '', + $ensure = absent ) { + file { "/etc/tor.d/03.control": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # hidden services definition + define tor::hidden_service( $ports = [], + $ensure = present ) { + file { "/etc/tor.d/04.hidden_service.$name": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # directory advertising + define tor::directory ( $ports = [], + $hashed_password = '', + $ensure = present, ) { + file { "/etc/tor.d/05.directory": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } + + # exit policies + define tor::exit_policy( $accept = [], + $reject = [], + $ensure = present, ) { + file { "/etc/tor.d/06.exit_policy": + require => File['/etc/tor.d'], + notify => Exec['concat_/etc/tor/torrc'], + ensure => $ensure, + require => Exec['clean-tor.d'], + } + } } + |