diff options
Diffstat (limited to 'manifests/daemon.pp')
| -rw-r--r-- | manifests/daemon.pp | 209 |
1 files changed, 15 insertions, 194 deletions
diff --git a/manifests/daemon.pp b/manifests/daemon.pp index d1d57df..2440180 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,200 +1,21 @@ -# tor::daemon -class tor::daemon inherits tor { +# manage a snippet based tor installation +class tor::daemon ( + $ensure_version = 'installed', + $use_munin = false, + $data_dir = '/var/lib/tor', + $config_file = '/etc/tor/torrc', + $use_bridges = 0, + $automap_hosts_on_resolve = 0, + $log_rules = [ 'notice file /var/log/tor/notices.log' ] +) { - # config variables - $data_dir = '/var/lib/tor' - $config_file = '/etc/tor/torrc' - $spool_dir = '/var/lib/puppet/modules/tor' - $snippet_dir = "${spool_dir}/torrc.d" - - # packages, user, group - Service['tor'] { - subscribe => File[$config_file], - } - - Package[ 'tor', 'torsocks' ] { - require => File[$data_dir], - } - - group { 'debian-tor': - ensure => present, - allowdupe => false, - } - - user { 'debian-tor': - allowdupe => false, - comment => 'tor user,,,', - ensure => present, - home => $data_dir, - shell => '/bin/bash', - gid => 'debian-tor', - require => Group['debian-tor'], - } - - # directories - file { "${data_dir}": - ensure => directory, - mode => 0700, - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { '/etc/tor': - ensure => directory, - mode => 0755, - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { "${spool_dir}": - ensure => directory, - owner => 'debian-tor', group => 'debian-tor', mode => 0755, - } - - file { "${snippet_dir}": - ensure => directory, - owner => 'debian-tor', group => 'debian-tor', mode => 0755, - require => File[$spool_dir], - } - - # tor configuration file - concatenated_file { "${config_file}": - dir => $snippet_dir, - mode => 0600, - owner => 'debian-tor', group => 'debian-tor', + class{'tor': + ensure_version => $ensure_version, } - # config file headers - concatenated_file_part { '00.header': - dir => $snippet_dir, - content => template('tor/torrc.header.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => present, - } - - # global configurations - define global_opts( $data_dir = $tor::daemon::data_dir, - $log_rules = [ 'notice file /var/log/tor/notices.log' ] ) { - - concatenated_file_part { '01.global': - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.global.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - } - } - - # socks definition - define socks( $port = 0, - $listen_addresses = [], - $policies = [] ) { + include tor::daemon::base - concatenated_file_part { '02.socks': - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - } + if $use_munin { + include tor::munin } - - # relay definition - define relay( $port = 0, - $listen_addresses = [], - $outbound_bindaddresses = $listen_addresses, - $bandwidth_rate = 0, # KB/s, 0 for no limit. - $bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. - $accounting_start = [], - $contact_info = '', - $my_family = '', # TODO: autofill with other relays - $address = "tor.${domain}", - $bridge_relay = 0, - $ensure = present ) { - $nickname = $name - - concatenated_file_part { '03.relay': - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, - } - } - - # control definition - define control( $port = 0, - $hashed_control_password = '', - $ensure = present ) { - - if $hashed_control_password == '' and $ensure != 'absent' { - fail("You need to define the tor control password") - } - - concatenated_file_part { '04.control': - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.control.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0600, - ensure => $ensure, - } - } - - # hidden services definition - define hidden_service( $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { - - concatenated_file_part { "05.hidden_service.${name}": - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, - } - } - - # directory advertising - define directory ( $port = 0, - $listen_addresses = [], - $port_front_page = '/etc/tor/tor.html', - $ensure = present ) { - - concatenated_file_part { '06.directory': - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, - } - - file { '/etc/tor/tor.html': - source => "puppet:///modules/tor/tor.html", - require => File['/etc/tor'], - ensure => $ensure, - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - } - } - - # exit policies - define exit_policy( $accept = [], - $reject = [], - $reject_private = 1, - $ensure = present ) { - - concatenated_file_part { "07.exit_policy.${name}": - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, - } - } - - # map address definition - define map_address( $address = '', - $newaddress = '') { - - concatenated_file_part { "08.map_address.${name}": - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, - } - } } - |