diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/daemon.pp | 225 | ||||
-rw-r--r-- | manifests/munin.pp | 14 | ||||
-rw-r--r-- | manifests/polipo.pp | 4 |
3 files changed, 145 insertions, 98 deletions
diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 8af53bf..2bee67b 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -8,11 +8,11 @@ class tor::daemon ( # packages, user, group Service['tor'] { - subscribe => File["${config_file}"], + subscribe => File[$config_file], } Package[ 'tor' ] { - require => File["${data_dir}"], + require => File[$data_dir], } group { 'debian-tor': @@ -24,14 +24,14 @@ class tor::daemon ( ensure => present, allowdupe => false, comment => 'tor user,,,', - home => "${data_dir}", + home => $data_dir, shell => '/bin/false', gid => 'debian-tor', - require => Group['debian-tor'], + require => Group['debian-tor'], } # directories - file { "${data_dir}": + file { $data_dir: ensure => directory, mode => '0700', owner => 'debian-tor', @@ -54,56 +54,66 @@ class tor::daemon ( } # tor configuration file - concat { "${config_file}": + concat { $config_file: mode => '0600', - owner => 'debian-tor', group => 'debian-tor', + owner => 'debian-tor', + group => 'debian-tor', } # config file headers concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 00, - target => "${config_file}", + target => $config_file, } # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 01, - target => "${config_file}", + target => $config_file, } # socks definition - define socks( $port = 0, - $listen_addresses = [], - $policies = [] ) { + define socks( + $port = 0, + $listen_addresses = [], + $policies = [] ) { concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 02, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # relay definition - define relay( $port = 0, - $listen_addresses = [], - $outbound_bindaddresses = [], - $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s - $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s - $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. - $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. - $accounting_start = [], - $contact_info = '', - $my_family = '', # TODO: autofill with other relays - $address = "tor.${domain}", - $bridge_relay = 0, - $ensure = present ) { + define relay( + $port = 0, + $listen_addresses = [], + $outbound_bindaddresses = [], + # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_rate = '', + # KB/s, defaulting to using tor's default: 10240KB/s + $bandwidth_burst = '', + # KB/s, 0 for no limit + $relay_bandwidth_rate = 0, + # KB/s, 0 for no limit + $relay_bandwidth_burst = 0, + # GB, 0 for no limit + $accounting_max = 0, + $accounting_start = [], + $contact_info = '', + # TODO: autofill with other relays + $my_family = '', + $address = "tor.${::domain}", + $bridge_relay = 0, + $ensure = present ) { + $nickname = $name if $outbound_bindaddresses == [] { @@ -115,154 +125,185 @@ class tor::daemon ( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 03, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } + } # control definition - define control( $port = 0, - $hashed_control_password = '', - $cookie_authentication = 0, - $cookie_auth_file = '', - $cookie_auth_file_group_readable = '', - $ensure = present ) { + define control( + $port = 0, + $hashed_control_password = '', + $cookie_authentication = 0, + $cookie_auth_file = '', + $cookie_auth_file_group_readable = '', + $ensure = present ) { if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { fail('You need to define the tor control password') } - if $cookie_authentication == 0 and ("${cookie_auth_file}" != '' or "${cookie_auth_file_group_readable}" != '') { + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { notice('You set a tor cookie authentication option, but do not have cookie_authentication on') } - + concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0600', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600', order => 04, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } + } # hidden services definition - define hidden_service( $ports = [], - $data_dir = "${tor::daemon::data_dir}", - $ensure = present ) { + define hidden_service( + $ports = [], + $data_dir = $tor::daemon::data_dir, + $ensure = present ) { concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 05, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } - + } + # directory advertising - define directory ( $port = 0, - $listen_addresses = [], - $port_front_page = '/etc/tor/tor.html', - $ensure = present ) { + define directory ( + $port = 0, + $listen_addresses = [], + $port_front_page = '/etc/tor/tor.html', + $ensure = present ) { concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 06, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - + file { '/etc/tor/tor.html': ensure => $ensure, source => 'puppet:///modules/tor/tor.html', require => File['/etc/tor'], - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', } - } + } # exit policies - define exit_policy( $accept = [], - $reject = [], - $reject_private = 1, - $ensure = present ) { + define exit_policy( + $accept = [], + $reject = [], + $reject_private = 1, + $ensure = present ) { concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 07, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } + } # DNS definition - define dns( $port = 0, - $listen_addresses = [], - $ensure = present ) { + define dns( + $port = 0, + $listen_addresses = [], + $ensure = present ) { concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 08, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # Transparent proxy definition - define transparent( $port = 0, - $listen_addresses = [], - $ensure = present ) { + define transparent( + $port = 0, + $listen_addresses = [], + $ensure = present ) { concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 09, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # Bridge definition - define bridge( $ip, - $port, - $fingerprint = false, - $ensure = present ) { + define bridge( + $ip, + $port, + $fingerprint = false, + $ensure = present ) { concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 10, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # map address definition - define map_address( $address = '', - $newaddress = '') { + define map_address( + $address = '', + $newaddress = '') { concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 08, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # Arbitrary torrc snippet definition - define snippet( $content = '', - $ensure = present ) { + define snippet( + $content = '', + $ensure = present ) { concat::fragment { "99.snippet.${name}": ensure => $ensure, - content => "${content}", - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + content => $content, + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 99, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } diff --git a/manifests/munin.pp b/manifests/munin.pp index 2974195..2f0d5c2 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -3,15 +3,21 @@ class tor::munin { file { '/usr/local/share/munin-plugins/tor_connections': source => 'puppet:///modules/tor/munin/tor_connections', - mode => '0755', owner => root, group => root; - + mode => '0755', + owner => root, + group => root; + '/usr/local/share/munin-plugins/tor_routers': source => 'puppet:///modules/tor/munin/tor_routers', - mode => '0755', owner => root, group => root; + mode => '0755', + owner => root, + group => root; '/usr/local/share/munin-plugins/tor_traffic': source => 'puppet:///modules/tor/munin/tor_traffic', - mode => '0755', owner => root, group => root; + mode => '0755', + owner => root, + group => root; } munin::plugin { diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 9a8fdb5..1201e55 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,8 +1,8 @@ class tor::polipo { include ::tor - case "${::operatingsystem}" { + case $::operatingsystem { 'debian': { include tor::polipo::debian } - default: { include tor::polipo::base } + default: { include tor::polipo::base } } } |