From 8f1d1c4ef7a1298d448416997218dafb5d40166f Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:50:30 +0200 Subject: decouple polipo and torsocks into their own subclasses, so we can for example also just install tor --- files/polipo.conf | 164 --------------------------------------------- files/polipo.cron | 22 ------ files/polipo/polipo.conf | 164 +++++++++++++++++++++++++++++++++++++++++++++ files/polipo/polipo.cron | 22 ++++++ manifests/init.pp | 29 +------- manifests/polipo.pp | 8 +++ manifests/polipo/base.pp | 21 ++++++ manifests/polipo/debian.pp | 12 ++++ manifests/torsocks.pp | 6 ++ 9 files changed, 234 insertions(+), 214 deletions(-) delete mode 100644 files/polipo.conf delete mode 100755 files/polipo.cron create mode 100644 files/polipo/polipo.conf create mode 100755 files/polipo/polipo.cron create mode 100644 manifests/polipo.pp create mode 100644 manifests/polipo/base.pp create mode 100644 manifests/polipo/debian.pp create mode 100644 manifests/torsocks.pp diff --git a/files/polipo.conf b/files/polipo.conf deleted file mode 100644 index 12b10c4..0000000 --- a/files/polipo.conf +++ /dev/null @@ -1,164 +0,0 @@ -# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf -# Managed by puppet. - -### Basic configuration -### ******************* - -# Uncomment one of these if you want to allow remote clients to -# connect: - -# proxyAddress = "::0" # both IPv4 and IPv6 -# proxyAddress = "0.0.0.0" # IPv4 only - -proxyAddress = "127.0.0.1" -proxyPort = 8118 - -# If you do that, you'll want to restrict the set of hosts allowed to -# connect: - -# allowedClients = "127.0.0.1, 134.157.168.57" -# allowedClients = "127.0.0.1, 134.157.168.0/24" - -allowedClients = 127.0.0.1 -allowedPorts = 1-65535 - -# Uncomment this if you want your Polipo to identify itself by -# something else than the host name: - -proxyName = "localhost" - -# Uncomment this if there's only one user using this instance of Polipo: - -cacheIsShared = false - -# Uncomment this if you want to use a parent proxy: - -# parentProxy = "squid.example.org:3128" - -# Uncomment this if you want to use a parent SOCKS proxy: - -socksParentProxy = "localhost:9050" -socksProxyType = socks5 - - -### Memory -### ****** - -# Uncomment this if you want Polipo to use a ridiculously small amount -# of memory (a hundred C-64 worth or so): - -# chunkHighMark = 819200 -# objectHighMark = 128 - -# Uncomment this if you've got plenty of memory: - -# chunkHighMark = 50331648 -# objectHighMark = 16384 - -chunkHighMark = 67108864 - -### On-disk data -### ************ - -# Uncomment this if you want to disable the on-disk cache: - -diskCacheRoot = "" - -# Uncomment this if you want to put the on-disk cache in a -# non-standard location: - -# diskCacheRoot = "~/.polipo-cache/" - -# Uncomment this if you want to disable the local web server: - -localDocumentRoot = "" - -# Uncomment this if you want to enable the pages under /polipo/index? -# and /polipo/servers?. This is a serious privacy leak if your proxy -# is shared. - -# disableIndexing = false -# disableServersList = false - -disableLocalInterface = true -disableConfiguration = true - -### Domain Name System -### ****************** - -# Uncomment this if you want to contact IPv4 hosts only (and make DNS -# queries somewhat faster): -# -# dnsQueryIPv6 = no - -# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for -# double-stack hosts: -# -# dnsQueryIPv6 = reluctantly - -# Uncomment this to disable Polipo's DNS resolver and use the system's -# default resolver instead. If you do that, Polipo will freeze during -# every DNS query: - -dnsUseGethostbyname = yes - - -### HTTP -### **** - -# Uncomment this if you want to enable detection of proxy loops. -# This will cause your hostname (or whatever you put into proxyName -# above) to be included in every request: - -disableVia = true - -# Uncomment this if you want to slightly reduce the amount of -# information that you leak about yourself: - -# censoredHeaders = from, accept-language -# censorReferer = maybe - -censoredHeaders = from,accept-language,x-pad,link -censorReferer = maybe - -# Uncomment this if you're paranoid. This will break a lot of sites, -# though: - -# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language -# censorReferer = true - -# Uncomment this if you want to use Poor Man's Multiplexing; increase -# the sizes if you're on a fast line. They should each amount to a few -# seconds' worth of transfer; if pmmSize is small, you'll want -# pmmFirstSize to be larger. - -# Note that PMM is somewhat unreliable. - -# pmmFirstSize = 16384 -# pmmSize = 8192 - -# Uncomment this if your user-agent does something reasonable with -# Warning headers (most don't): - -# relaxTransparency = maybe - -# Uncomment this if you never want to revalidate instances for which -# data is available (this is not a good idea): - -# relaxTransparency = yes - -# Uncomment this if you have no network: - -# proxyOffline = yes - -# Uncomment this if you want to avoid revalidating instances with a -# Vary header (this is not a good idea): - -# mindlesslyCacheVary = true - -# Suggestions from Incognito configuration -maxConnectionAge = 5m -maxConnectionRequests = 120 -serverMaxSlots = 8 -serverSlots = 2 -tunnelAllowedPorts = 1-65535 diff --git a/files/polipo.cron b/files/polipo.cron deleted file mode 100755 index aba88bc..0000000 --- a/files/polipo.cron +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -set -e - -FORBIDDEN_FILE=/etc/polipo/forbidden -CONFIG_FILE=/etc/polipo/config - -if [ ! -x /usr/bin/polipo ]; then - exit 0 -fi - -if [ ! -f $FORBIDDEN_FILE ]; then - FORBIDDEN_FILE=/dev/null -fi - -PIDFILE=/var/run/polipo/polipo.pid -[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") -# TODO: remove redirect stderr to /dev/null after the following bug is solved: -# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 -su -c \ - "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ - proxy &> /dev/null -[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/files/polipo/polipo.conf b/files/polipo/polipo.conf new file mode 100644 index 0000000..12b10c4 --- /dev/null +++ b/files/polipo/polipo.conf @@ -0,0 +1,164 @@ +# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf +# Managed by puppet. + +### Basic configuration +### ******************* + +# Uncomment one of these if you want to allow remote clients to +# connect: + +# proxyAddress = "::0" # both IPv4 and IPv6 +# proxyAddress = "0.0.0.0" # IPv4 only + +proxyAddress = "127.0.0.1" +proxyPort = 8118 + +# If you do that, you'll want to restrict the set of hosts allowed to +# connect: + +# allowedClients = "127.0.0.1, 134.157.168.57" +# allowedClients = "127.0.0.1, 134.157.168.0/24" + +allowedClients = 127.0.0.1 +allowedPorts = 1-65535 + +# Uncomment this if you want your Polipo to identify itself by +# something else than the host name: + +proxyName = "localhost" + +# Uncomment this if there's only one user using this instance of Polipo: + +cacheIsShared = false + +# Uncomment this if you want to use a parent proxy: + +# parentProxy = "squid.example.org:3128" + +# Uncomment this if you want to use a parent SOCKS proxy: + +socksParentProxy = "localhost:9050" +socksProxyType = socks5 + + +### Memory +### ****** + +# Uncomment this if you want Polipo to use a ridiculously small amount +# of memory (a hundred C-64 worth or so): + +# chunkHighMark = 819200 +# objectHighMark = 128 + +# Uncomment this if you've got plenty of memory: + +# chunkHighMark = 50331648 +# objectHighMark = 16384 + +chunkHighMark = 67108864 + +### On-disk data +### ************ + +# Uncomment this if you want to disable the on-disk cache: + +diskCacheRoot = "" + +# Uncomment this if you want to put the on-disk cache in a +# non-standard location: + +# diskCacheRoot = "~/.polipo-cache/" + +# Uncomment this if you want to disable the local web server: + +localDocumentRoot = "" + +# Uncomment this if you want to enable the pages under /polipo/index? +# and /polipo/servers?. This is a serious privacy leak if your proxy +# is shared. + +# disableIndexing = false +# disableServersList = false + +disableLocalInterface = true +disableConfiguration = true + +### Domain Name System +### ****************** + +# Uncomment this if you want to contact IPv4 hosts only (and make DNS +# queries somewhat faster): +# +# dnsQueryIPv6 = no + +# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for +# double-stack hosts: +# +# dnsQueryIPv6 = reluctantly + +# Uncomment this to disable Polipo's DNS resolver and use the system's +# default resolver instead. If you do that, Polipo will freeze during +# every DNS query: + +dnsUseGethostbyname = yes + + +### HTTP +### **** + +# Uncomment this if you want to enable detection of proxy loops. +# This will cause your hostname (or whatever you put into proxyName +# above) to be included in every request: + +disableVia = true + +# Uncomment this if you want to slightly reduce the amount of +# information that you leak about yourself: + +# censoredHeaders = from, accept-language +# censorReferer = maybe + +censoredHeaders = from,accept-language,x-pad,link +censorReferer = maybe + +# Uncomment this if you're paranoid. This will break a lot of sites, +# though: + +# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language +# censorReferer = true + +# Uncomment this if you want to use Poor Man's Multiplexing; increase +# the sizes if you're on a fast line. They should each amount to a few +# seconds' worth of transfer; if pmmSize is small, you'll want +# pmmFirstSize to be larger. + +# Note that PMM is somewhat unreliable. + +# pmmFirstSize = 16384 +# pmmSize = 8192 + +# Uncomment this if your user-agent does something reasonable with +# Warning headers (most don't): + +# relaxTransparency = maybe + +# Uncomment this if you never want to revalidate instances for which +# data is available (this is not a good idea): + +# relaxTransparency = yes + +# Uncomment this if you have no network: + +# proxyOffline = yes + +# Uncomment this if you want to avoid revalidating instances with a +# Vary header (this is not a good idea): + +# mindlesslyCacheVary = true + +# Suggestions from Incognito configuration +maxConnectionAge = 5m +maxConnectionRequests = 120 +serverMaxSlots = 8 +serverSlots = 2 +tunnelAllowedPorts = 1-65535 diff --git a/files/polipo/polipo.cron b/files/polipo/polipo.cron new file mode 100755 index 0000000..aba88bc --- /dev/null +++ b/files/polipo/polipo.cron @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +FORBIDDEN_FILE=/etc/polipo/forbidden +CONFIG_FILE=/etc/polipo/config + +if [ ! -x /usr/bin/polipo ]; then + exit 0 +fi + +if [ ! -f $FORBIDDEN_FILE ]; then + FORBIDDEN_FILE=/dev/null +fi + +PIDFILE=/var/run/polipo/polipo.pid +[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") +# TODO: remove redirect stderr to /dev/null after the following bug is solved: +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 +su -c \ + "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ + proxy &> /dev/null +[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/manifests/init.pp b/manifests/init.pp index 8b78f65..5d1c3d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,5 @@ class tor { - package { [ "tor", "polipo", "torsocks" ]: + package {'tor': ensure => installed, } @@ -8,31 +8,4 @@ class tor { enable => true, require => Package['tor'], } - - service { "polipo": - ensure => running, - enable => true, - } - - file { "/etc/polipo/config": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => "puppet:///modules/tor/polipo.conf", - require => Package["polipo"], - notify => Service["polipo"], - before => Service["tor"], - } - - # TODO: restore file to original state after the following bug is solved: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { "/etc/cron.daily/polipo": - ensure => present, - owner => root, - group => root, - mode => 0755, - require => Package["polipo"], - source => "puppet:///modules/tor/polipo.cron", - } } diff --git a/manifests/polipo.pp b/manifests/polipo.pp new file mode 100644 index 0000000..a7ef005 --- /dev/null +++ b/manifests/polipo.pp @@ -0,0 +1,8 @@ +class tor::polipo { + include ::tor + + case $operatingsystem { + 'debian': { include tor::polipo::debian } + default: { include tor::polipo::base } + } +} diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp new file mode 100644 index 0000000..a634920 --- /dev/null +++ b/manifests/polipo/base.pp @@ -0,0 +1,21 @@ +class tor::polipo::base { + package{'polipo': + ensure => present, + } + + file { "/etc/polipo/config": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet:///modules/tor/polipo/polipo.conf", + require => Package["polipo"], + notify => Service["polipo"], + before => Service["tor"], + } + + service { "polipo": + ensure => running, + enable => true, + } +} diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp new file mode 100644 index 0000000..1986119 --- /dev/null +++ b/manifests/polipo/debian.pp @@ -0,0 +1,12 @@ +class tor::polipo::debian inherits tor::polipo::base { + # TODO: restore file to original state after the following bug is solved: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 + file { "/etc/cron.daily/polipo": + ensure => present, + owner => root, + group => root, + mode => 0755, + require => Package["polipo"], + source => "puppet:///modules/tor/polipo/polipo.cron", + } +} diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp new file mode 100644 index 0000000..e3221c9 --- /dev/null +++ b/manifests/torsocks.pp @@ -0,0 +1,6 @@ +class tor::torsocks { + include ::tor + package{'torsocks': + ensure => present, + } +} -- cgit v1.2.3