From 74be0603ec956121a0995bdc0decc4618cb9a656 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:14:10 +0200 Subject: $server is not anymore needed --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 726b247..e4bf380 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,7 +29,7 @@ class tor { owner => root, group => root, mode => 0644, - source => "puppet://$server/modules/tor/polipo.conf", + source => "puppet:///modules/tor/polipo.conf", notify => Service["polipo"], require => File["/etc/polipo"], } @@ -41,6 +41,6 @@ class tor { owner => root, group => root, mode => 0755, - source => "puppet://$server/modules/tor/polipo.cron", + source => "puppet:///modules/tor/polipo.cron", } } -- cgit v1.2.3 From 73d8e9e66fcbcb4bc539bb8dab37a89c3d033351 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:16:28 +0200 Subject: this should be done in a seperate module and is not really needed here --- manifests/init.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index e4bf380..e1b1e72 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,8 +1,4 @@ class tor { - package { "privoxy": - ensure => absent, - } - package { [ "tor", "polipo", "torsocks" ]: ensure => installed, } -- cgit v1.2.3 From 4eae3d127eee35a5fdad29283b05c76eca0451ac Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:17:45 +0200 Subject: no need to manage that directory as it comes via package --- manifests/init.pp | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index e1b1e72..954b804 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -10,14 +10,6 @@ class tor { service { "polipo": ensure => running, - require => Package["polipo"], - } - - file { "/etc/polipo": - ensure => directory, - owner => root, - group => root, - mode => 0755, } file { "/etc/polipo/config": @@ -26,8 +18,8 @@ class tor { group => root, mode => 0644, source => "puppet:///modules/tor/polipo.conf", + require => Package["polipo"], notify => Service["polipo"], - require => File["/etc/polipo"], } # TODO: restore file to original state after the following bug is solved: -- cgit v1.2.3 From 9f88bf5b8873d1174e4dc537142bccd98b3e35b2 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:33:28 +0200 Subject: this file should be deployed after the package have been installed, as it replaces the file from the cronjob --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index 954b804..8796a73 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,6 +29,7 @@ class tor { owner => root, group => root, mode => 0755, + require => Package["polipo"], source => "puppet:///modules/tor/polipo.cron", } } -- cgit v1.2.3 From d401332e0a038fe9fc6cbc44facbf4f38dc0663c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:34:46 +0200 Subject: decouple things a bit, so we can move it to a own class --- manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 8796a73..77896d6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,7 +5,7 @@ class tor { service { "tor": ensure => running, - require => [ Package['tor'], Service["polipo"] ], + require => Package['tor'], } service { "polipo": @@ -20,6 +20,7 @@ class tor { source => "puppet:///modules/tor/polipo.conf", require => Package["polipo"], notify => Service["polipo"], + before => Service["tor"], } # TODO: restore file to original state after the following bug is solved: -- cgit v1.2.3 From 5d2516c3a7a6b34399ff7b856fc9900ef1e41294 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:36:00 +0200 Subject: enable service on boot --- manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 77896d6..8b78f65 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,11 +5,13 @@ class tor { service { "tor": ensure => running, + enable => true, require => Package['tor'], } service { "polipo": ensure => running, + enable => true, } file { "/etc/polipo/config": -- cgit v1.2.3 From 8f1d1c4ef7a1298d448416997218dafb5d40166f Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:50:30 +0200 Subject: decouple polipo and torsocks into their own subclasses, so we can for example also just install tor --- files/polipo.conf | 164 --------------------------------------------- files/polipo.cron | 22 ------ files/polipo/polipo.conf | 164 +++++++++++++++++++++++++++++++++++++++++++++ files/polipo/polipo.cron | 22 ++++++ manifests/init.pp | 29 +------- manifests/polipo.pp | 8 +++ manifests/polipo/base.pp | 21 ++++++ manifests/polipo/debian.pp | 12 ++++ manifests/torsocks.pp | 6 ++ 9 files changed, 234 insertions(+), 214 deletions(-) delete mode 100644 files/polipo.conf delete mode 100755 files/polipo.cron create mode 100644 files/polipo/polipo.conf create mode 100755 files/polipo/polipo.cron create mode 100644 manifests/polipo.pp create mode 100644 manifests/polipo/base.pp create mode 100644 manifests/polipo/debian.pp create mode 100644 manifests/torsocks.pp diff --git a/files/polipo.conf b/files/polipo.conf deleted file mode 100644 index 12b10c4..0000000 --- a/files/polipo.conf +++ /dev/null @@ -1,164 +0,0 @@ -# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf -# Managed by puppet. - -### Basic configuration -### ******************* - -# Uncomment one of these if you want to allow remote clients to -# connect: - -# proxyAddress = "::0" # both IPv4 and IPv6 -# proxyAddress = "0.0.0.0" # IPv4 only - -proxyAddress = "127.0.0.1" -proxyPort = 8118 - -# If you do that, you'll want to restrict the set of hosts allowed to -# connect: - -# allowedClients = "127.0.0.1, 134.157.168.57" -# allowedClients = "127.0.0.1, 134.157.168.0/24" - -allowedClients = 127.0.0.1 -allowedPorts = 1-65535 - -# Uncomment this if you want your Polipo to identify itself by -# something else than the host name: - -proxyName = "localhost" - -# Uncomment this if there's only one user using this instance of Polipo: - -cacheIsShared = false - -# Uncomment this if you want to use a parent proxy: - -# parentProxy = "squid.example.org:3128" - -# Uncomment this if you want to use a parent SOCKS proxy: - -socksParentProxy = "localhost:9050" -socksProxyType = socks5 - - -### Memory -### ****** - -# Uncomment this if you want Polipo to use a ridiculously small amount -# of memory (a hundred C-64 worth or so): - -# chunkHighMark = 819200 -# objectHighMark = 128 - -# Uncomment this if you've got plenty of memory: - -# chunkHighMark = 50331648 -# objectHighMark = 16384 - -chunkHighMark = 67108864 - -### On-disk data -### ************ - -# Uncomment this if you want to disable the on-disk cache: - -diskCacheRoot = "" - -# Uncomment this if you want to put the on-disk cache in a -# non-standard location: - -# diskCacheRoot = "~/.polipo-cache/" - -# Uncomment this if you want to disable the local web server: - -localDocumentRoot = "" - -# Uncomment this if you want to enable the pages under /polipo/index? -# and /polipo/servers?. This is a serious privacy leak if your proxy -# is shared. - -# disableIndexing = false -# disableServersList = false - -disableLocalInterface = true -disableConfiguration = true - -### Domain Name System -### ****************** - -# Uncomment this if you want to contact IPv4 hosts only (and make DNS -# queries somewhat faster): -# -# dnsQueryIPv6 = no - -# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for -# double-stack hosts: -# -# dnsQueryIPv6 = reluctantly - -# Uncomment this to disable Polipo's DNS resolver and use the system's -# default resolver instead. If you do that, Polipo will freeze during -# every DNS query: - -dnsUseGethostbyname = yes - - -### HTTP -### **** - -# Uncomment this if you want to enable detection of proxy loops. -# This will cause your hostname (or whatever you put into proxyName -# above) to be included in every request: - -disableVia = true - -# Uncomment this if you want to slightly reduce the amount of -# information that you leak about yourself: - -# censoredHeaders = from, accept-language -# censorReferer = maybe - -censoredHeaders = from,accept-language,x-pad,link -censorReferer = maybe - -# Uncomment this if you're paranoid. This will break a lot of sites, -# though: - -# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language -# censorReferer = true - -# Uncomment this if you want to use Poor Man's Multiplexing; increase -# the sizes if you're on a fast line. They should each amount to a few -# seconds' worth of transfer; if pmmSize is small, you'll want -# pmmFirstSize to be larger. - -# Note that PMM is somewhat unreliable. - -# pmmFirstSize = 16384 -# pmmSize = 8192 - -# Uncomment this if your user-agent does something reasonable with -# Warning headers (most don't): - -# relaxTransparency = maybe - -# Uncomment this if you never want to revalidate instances for which -# data is available (this is not a good idea): - -# relaxTransparency = yes - -# Uncomment this if you have no network: - -# proxyOffline = yes - -# Uncomment this if you want to avoid revalidating instances with a -# Vary header (this is not a good idea): - -# mindlesslyCacheVary = true - -# Suggestions from Incognito configuration -maxConnectionAge = 5m -maxConnectionRequests = 120 -serverMaxSlots = 8 -serverSlots = 2 -tunnelAllowedPorts = 1-65535 diff --git a/files/polipo.cron b/files/polipo.cron deleted file mode 100755 index aba88bc..0000000 --- a/files/polipo.cron +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -set -e - -FORBIDDEN_FILE=/etc/polipo/forbidden -CONFIG_FILE=/etc/polipo/config - -if [ ! -x /usr/bin/polipo ]; then - exit 0 -fi - -if [ ! -f $FORBIDDEN_FILE ]; then - FORBIDDEN_FILE=/dev/null -fi - -PIDFILE=/var/run/polipo/polipo.pid -[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") -# TODO: remove redirect stderr to /dev/null after the following bug is solved: -# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 -su -c \ - "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ - proxy &> /dev/null -[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/files/polipo/polipo.conf b/files/polipo/polipo.conf new file mode 100644 index 0000000..12b10c4 --- /dev/null +++ b/files/polipo/polipo.conf @@ -0,0 +1,164 @@ +# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf +# Managed by puppet. + +### Basic configuration +### ******************* + +# Uncomment one of these if you want to allow remote clients to +# connect: + +# proxyAddress = "::0" # both IPv4 and IPv6 +# proxyAddress = "0.0.0.0" # IPv4 only + +proxyAddress = "127.0.0.1" +proxyPort = 8118 + +# If you do that, you'll want to restrict the set of hosts allowed to +# connect: + +# allowedClients = "127.0.0.1, 134.157.168.57" +# allowedClients = "127.0.0.1, 134.157.168.0/24" + +allowedClients = 127.0.0.1 +allowedPorts = 1-65535 + +# Uncomment this if you want your Polipo to identify itself by +# something else than the host name: + +proxyName = "localhost" + +# Uncomment this if there's only one user using this instance of Polipo: + +cacheIsShared = false + +# Uncomment this if you want to use a parent proxy: + +# parentProxy = "squid.example.org:3128" + +# Uncomment this if you want to use a parent SOCKS proxy: + +socksParentProxy = "localhost:9050" +socksProxyType = socks5 + + +### Memory +### ****** + +# Uncomment this if you want Polipo to use a ridiculously small amount +# of memory (a hundred C-64 worth or so): + +# chunkHighMark = 819200 +# objectHighMark = 128 + +# Uncomment this if you've got plenty of memory: + +# chunkHighMark = 50331648 +# objectHighMark = 16384 + +chunkHighMark = 67108864 + +### On-disk data +### ************ + +# Uncomment this if you want to disable the on-disk cache: + +diskCacheRoot = "" + +# Uncomment this if you want to put the on-disk cache in a +# non-standard location: + +# diskCacheRoot = "~/.polipo-cache/" + +# Uncomment this if you want to disable the local web server: + +localDocumentRoot = "" + +# Uncomment this if you want to enable the pages under /polipo/index? +# and /polipo/servers?. This is a serious privacy leak if your proxy +# is shared. + +# disableIndexing = false +# disableServersList = false + +disableLocalInterface = true +disableConfiguration = true + +### Domain Name System +### ****************** + +# Uncomment this if you want to contact IPv4 hosts only (and make DNS +# queries somewhat faster): +# +# dnsQueryIPv6 = no + +# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for +# double-stack hosts: +# +# dnsQueryIPv6 = reluctantly + +# Uncomment this to disable Polipo's DNS resolver and use the system's +# default resolver instead. If you do that, Polipo will freeze during +# every DNS query: + +dnsUseGethostbyname = yes + + +### HTTP +### **** + +# Uncomment this if you want to enable detection of proxy loops. +# This will cause your hostname (or whatever you put into proxyName +# above) to be included in every request: + +disableVia = true + +# Uncomment this if you want to slightly reduce the amount of +# information that you leak about yourself: + +# censoredHeaders = from, accept-language +# censorReferer = maybe + +censoredHeaders = from,accept-language,x-pad,link +censorReferer = maybe + +# Uncomment this if you're paranoid. This will break a lot of sites, +# though: + +# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language +# censorReferer = true + +# Uncomment this if you want to use Poor Man's Multiplexing; increase +# the sizes if you're on a fast line. They should each amount to a few +# seconds' worth of transfer; if pmmSize is small, you'll want +# pmmFirstSize to be larger. + +# Note that PMM is somewhat unreliable. + +# pmmFirstSize = 16384 +# pmmSize = 8192 + +# Uncomment this if your user-agent does something reasonable with +# Warning headers (most don't): + +# relaxTransparency = maybe + +# Uncomment this if you never want to revalidate instances for which +# data is available (this is not a good idea): + +# relaxTransparency = yes + +# Uncomment this if you have no network: + +# proxyOffline = yes + +# Uncomment this if you want to avoid revalidating instances with a +# Vary header (this is not a good idea): + +# mindlesslyCacheVary = true + +# Suggestions from Incognito configuration +maxConnectionAge = 5m +maxConnectionRequests = 120 +serverMaxSlots = 8 +serverSlots = 2 +tunnelAllowedPorts = 1-65535 diff --git a/files/polipo/polipo.cron b/files/polipo/polipo.cron new file mode 100755 index 0000000..aba88bc --- /dev/null +++ b/files/polipo/polipo.cron @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +FORBIDDEN_FILE=/etc/polipo/forbidden +CONFIG_FILE=/etc/polipo/config + +if [ ! -x /usr/bin/polipo ]; then + exit 0 +fi + +if [ ! -f $FORBIDDEN_FILE ]; then + FORBIDDEN_FILE=/dev/null +fi + +PIDFILE=/var/run/polipo/polipo.pid +[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") +# TODO: remove redirect stderr to /dev/null after the following bug is solved: +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 +su -c \ + "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ + proxy &> /dev/null +[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/manifests/init.pp b/manifests/init.pp index 8b78f65..5d1c3d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,5 @@ class tor { - package { [ "tor", "polipo", "torsocks" ]: + package {'tor': ensure => installed, } @@ -8,31 +8,4 @@ class tor { enable => true, require => Package['tor'], } - - service { "polipo": - ensure => running, - enable => true, - } - - file { "/etc/polipo/config": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => "puppet:///modules/tor/polipo.conf", - require => Package["polipo"], - notify => Service["polipo"], - before => Service["tor"], - } - - # TODO: restore file to original state after the following bug is solved: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { "/etc/cron.daily/polipo": - ensure => present, - owner => root, - group => root, - mode => 0755, - require => Package["polipo"], - source => "puppet:///modules/tor/polipo.cron", - } } diff --git a/manifests/polipo.pp b/manifests/polipo.pp new file mode 100644 index 0000000..a7ef005 --- /dev/null +++ b/manifests/polipo.pp @@ -0,0 +1,8 @@ +class tor::polipo { + include ::tor + + case $operatingsystem { + 'debian': { include tor::polipo::debian } + default: { include tor::polipo::base } + } +} diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp new file mode 100644 index 0000000..a634920 --- /dev/null +++ b/manifests/polipo/base.pp @@ -0,0 +1,21 @@ +class tor::polipo::base { + package{'polipo': + ensure => present, + } + + file { "/etc/polipo/config": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet:///modules/tor/polipo/polipo.conf", + require => Package["polipo"], + notify => Service["polipo"], + before => Service["tor"], + } + + service { "polipo": + ensure => running, + enable => true, + } +} diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp new file mode 100644 index 0000000..1986119 --- /dev/null +++ b/manifests/polipo/debian.pp @@ -0,0 +1,12 @@ +class tor::polipo::debian inherits tor::polipo::base { + # TODO: restore file to original state after the following bug is solved: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 + file { "/etc/cron.daily/polipo": + ensure => present, + owner => root, + group => root, + mode => 0755, + require => Package["polipo"], + source => "puppet:///modules/tor/polipo/polipo.cron", + } +} diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp new file mode 100644 index 0000000..e3221c9 --- /dev/null +++ b/manifests/torsocks.pp @@ -0,0 +1,6 @@ +class tor::torsocks { + include ::tor + package{'torsocks': + ensure => present, + } +} -- cgit v1.2.3 From 6f5e3422b89ba38bbb22e350401279f722e18827 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:55:19 +0200 Subject: add a compact class mainly to give a way to have the old behavior --- manifests/compact.pp | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 manifests/compact.pp diff --git a/manifests/compact.pp b/manifests/compact.pp new file mode 100644 index 0000000..472a4a6 --- /dev/null +++ b/manifests/compact.pp @@ -0,0 +1,5 @@ +class tor::compact { + include ::tor + include tor::polipo + include tor::torsocks +} -- cgit v1.2.3 From 4d178902337cf6fe07734af744c052e451f1388c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:16:28 +0200 Subject: Do not ensure the privoxy package is uninstalled. this should be done in a seperate module and is not really needed here Conflicts: manifests/init.pp --- manifests/polipo.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 73eaea2..4a3d146 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,9 +1,5 @@ class tor::polipo inherits tor { - package { "privoxy": - ensure => absent, - } - package { "polipo": ensure => installed, } -- cgit v1.2.3 From 1840bee0fc2162c63adcaec15e2c027f78020a9a Mon Sep 17 00:00:00 2001 From: intrigeri Date: Wed, 11 Apr 2012 15:09:42 +0200 Subject: Don't manage /etc/polipo: it's shipped by the polipo package. --- manifests/polipo.pp | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 4a3d146..a23ff0b 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -9,21 +9,14 @@ class tor::polipo inherits tor { require => [ Package["polipo"], Service["tor"] ], } - file { "/etc/polipo": - ensure => directory, - owner => root, - group => root, - mode => 0755, - } - file { "/etc/polipo/config": ensure => present, owner => root, group => root, mode => 0644, source => "puppet:///modules/tor/polipo.conf", + require => Package["polipo"], notify => Service["polipo"], - require => File["/etc/polipo"], } # TODO: restore file to original state after the following bug is solved: -- cgit v1.2.3 From f927bec2fa472461a14e8a3d5cf30fbc7bbd20f4 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:33:28 +0200 Subject: this file should be deployed after the package have been installed, as it replaces the file from the cronjob Conflicts: manifests/init.pp --- manifests/polipo.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/polipo.pp b/manifests/polipo.pp index a23ff0b..79ee769 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -26,6 +26,7 @@ class tor::polipo inherits tor { owner => root, group => root, mode => 0755, + require => Package["polipo"], source => "puppet:///modules/tor/polipo.cron", } -- cgit v1.2.3 From bc0c42ef3de9c0330d8fe5bc90b793327e06d8da Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:36:00 +0200 Subject: enable service on boot Conflicts: manifests/init.pp --- manifests/polipo.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 79ee769..72a9236 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -6,6 +6,7 @@ class tor::polipo inherits tor { service { "polipo": ensure => running, + enable => true, require => [ Package["polipo"], Service["tor"] ], } -- cgit v1.2.3 From 8e0dbb0d9d903fbf89e4263cd29c1b1a7d597075 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Thu, 26 Apr 2012 16:56:35 +0200 Subject: Fix the relay define's outbound_bindaddresses default value setting. Apparently, we have no guarantee $outbound_bindaddresses's value is set *after* $listen_addresses is, so (at least on my setup) it ends up being undef, and then the template parsing fails: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template tor/torrc.relay.erb: undefined method `each' for :undef:Symbol at /etc/puppet/modules/tor/manifests/daemon.pp:117 So, let's set $real_outbound_bindaddresses to $listen_addresses in the define body, as needed. --- manifests/daemon.pp | 8 +++++++- templates/torrc.relay.erb | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 6d8c315..dddef14 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -100,7 +100,7 @@ class tor::daemon inherits tor { # relay definition define relay( $port = 0, $listen_addresses = [], - $outbound_bindaddresses = $listen_addresses, + $outbound_bindaddresses = [], $bandwidth_rate = 0, # KB/s, 0 for no limit. $bandwidth_burst = 0, # KB/s, 0 for no limit. $accounting_max = 0, # GB, 0 for no limit. @@ -112,6 +112,12 @@ class tor::daemon inherits tor { $ensure = present ) { $nickname = $name + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = $listen_addresses + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } + concatenated_file_part { '03.relay': dir => $tor::daemon::snippet_dir, content => template('tor/torrc.relay.erb'), diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 2ab34bf..990dfcc 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -4,7 +4,7 @@ ORPort <%= port %> <%- for listen_address in listen_addresses -%> ORListenAddress <%= listen_address %> <%- end -%> -<%- for outbound_bindaddress in outbound_bindaddresses -%> +<%- for outbound_bindaddress in real_outbound_bindaddresses -%> OutboundBindAddress <%= outbound_bindaddress %> <%- end -%> <%- if nickname != '' then -%> -- cgit v1.2.3 From 0648f9e4440053786f06f98eca00eecae5e1e53a Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 5 Jun 2012 18:05:25 -0300 Subject: new style for 2.7 --- manifests/polipo.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/polipo.pp b/manifests/polipo.pp index a7ef005..8563347 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,7 +1,7 @@ class tor::polipo { include ::tor - case $operatingsystem { + case $::operatingsystem { 'debian': { include tor::polipo::debian } default: { include tor::polipo::base } } -- cgit v1.2.3 From fae18b4cb919297eedfb7103e5d06ab76f93abff Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 8 Jun 2012 17:27:59 +0200 Subject: Decouple torsocks into its own class. immerda's big decoupling commit (8f1d1c4) is too hard to apply in one shot in the current state of the shared branch, so let's pick bits of it one after the other. --- manifests/init.pp | 5 ----- manifests/torsocks.pp | 7 +++++++ 2 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 manifests/torsocks.pp diff --git a/manifests/init.pp b/manifests/init.pp index 0c38073..d916188 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,16 +1,11 @@ class tor { if !$tor_ensure_version { $tor_ensure_version = 'installed' } - if !$torsocks_ensure_version { $torsocks_ensure_version = 'installed'} package { [ "tor", "tor-geoipdb" ]: ensure => $tor_ensure_version, } - package { "torsocks": - ensure => $torsocks_ensure_version, - } - service { 'tor': ensure => running, enable => true, diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp new file mode 100644 index 0000000..6346707 --- /dev/null +++ b/manifests/torsocks.pp @@ -0,0 +1,7 @@ +class tor::torsocks { + if !$torsocks_ensure_version { $torsocks_ensure_version = 'installed'} + include ::tor + package{'torsocks': + ensure => $torsocks_ensure_version, + } +} -- cgit v1.2.3 From c59fe7465bedc1157ee9e314938fdc10c4158cf5 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 8 Jun 2012 17:34:13 +0200 Subject: Factor out Polipo into base and Debian -specific classes. --- manifests/polipo.pp | 36 +++++------------------------------- manifests/polipo/base.pp | 21 +++++++++++++++++++++ manifests/polipo/debian.pp | 12 ++++++++++++ 3 files changed, 38 insertions(+), 31 deletions(-) create mode 100644 manifests/polipo/base.pp create mode 100644 manifests/polipo/debian.pp diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 72a9236..a7ef005 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,34 +1,8 @@ -class tor::polipo inherits tor { +class tor::polipo { + include ::tor - package { "polipo": - ensure => installed, + case $operatingsystem { + 'debian': { include tor::polipo::debian } + default: { include tor::polipo::base } } - - service { "polipo": - ensure => running, - enable => true, - require => [ Package["polipo"], Service["tor"] ], - } - - file { "/etc/polipo/config": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => "puppet:///modules/tor/polipo.conf", - require => Package["polipo"], - notify => Service["polipo"], - } - - # TODO: restore file to original state after the following bug is solved: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { "/etc/cron.daily/polipo": - ensure => present, - owner => root, - group => root, - mode => 0755, - require => Package["polipo"], - source => "puppet:///modules/tor/polipo.cron", - } - } diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp new file mode 100644 index 0000000..81cfe9c --- /dev/null +++ b/manifests/polipo/base.pp @@ -0,0 +1,21 @@ +class tor::polipo::base { + package { "polipo": + ensure => installed, + } + + file { "/etc/polipo/config": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet:///modules/tor/polipo.conf", + require => Package["polipo"], + notify => Service["polipo"], + } + + service { "polipo": + ensure => running, + enable => true, + require => [ Package["polipo"], Service["tor"] ], + } +} diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp new file mode 100644 index 0000000..46897dd --- /dev/null +++ b/manifests/polipo/debian.pp @@ -0,0 +1,12 @@ +class tor::polipo::debian inherits tor::polipo::base { + # TODO: restore file to original state after the following bug is solved: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 + file { "/etc/cron.daily/polipo": + ensure => present, + owner => root, + group => root, + mode => 0755, + require => Package["polipo"], + source => "puppet:///modules/tor/polipo.cron", + } +} -- cgit v1.2.3 From 85471074070083d089365d10bc3978eabc606c28 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 8 Jun 2012 17:37:05 +0200 Subject: Move Polipo configuration files to a dedicated directory. --- files/polipo.conf | 164 --------------------------------------------- files/polipo.cron | 22 ------ files/polipo/polipo.conf | 164 +++++++++++++++++++++++++++++++++++++++++++++ files/polipo/polipo.cron | 22 ++++++ manifests/polipo/base.pp | 2 +- manifests/polipo/debian.pp | 2 +- 6 files changed, 188 insertions(+), 188 deletions(-) delete mode 100644 files/polipo.conf delete mode 100755 files/polipo.cron create mode 100644 files/polipo/polipo.conf create mode 100755 files/polipo/polipo.cron diff --git a/files/polipo.conf b/files/polipo.conf deleted file mode 100644 index 12b10c4..0000000 --- a/files/polipo.conf +++ /dev/null @@ -1,164 +0,0 @@ -# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf -# Managed by puppet. - -### Basic configuration -### ******************* - -# Uncomment one of these if you want to allow remote clients to -# connect: - -# proxyAddress = "::0" # both IPv4 and IPv6 -# proxyAddress = "0.0.0.0" # IPv4 only - -proxyAddress = "127.0.0.1" -proxyPort = 8118 - -# If you do that, you'll want to restrict the set of hosts allowed to -# connect: - -# allowedClients = "127.0.0.1, 134.157.168.57" -# allowedClients = "127.0.0.1, 134.157.168.0/24" - -allowedClients = 127.0.0.1 -allowedPorts = 1-65535 - -# Uncomment this if you want your Polipo to identify itself by -# something else than the host name: - -proxyName = "localhost" - -# Uncomment this if there's only one user using this instance of Polipo: - -cacheIsShared = false - -# Uncomment this if you want to use a parent proxy: - -# parentProxy = "squid.example.org:3128" - -# Uncomment this if you want to use a parent SOCKS proxy: - -socksParentProxy = "localhost:9050" -socksProxyType = socks5 - - -### Memory -### ****** - -# Uncomment this if you want Polipo to use a ridiculously small amount -# of memory (a hundred C-64 worth or so): - -# chunkHighMark = 819200 -# objectHighMark = 128 - -# Uncomment this if you've got plenty of memory: - -# chunkHighMark = 50331648 -# objectHighMark = 16384 - -chunkHighMark = 67108864 - -### On-disk data -### ************ - -# Uncomment this if you want to disable the on-disk cache: - -diskCacheRoot = "" - -# Uncomment this if you want to put the on-disk cache in a -# non-standard location: - -# diskCacheRoot = "~/.polipo-cache/" - -# Uncomment this if you want to disable the local web server: - -localDocumentRoot = "" - -# Uncomment this if you want to enable the pages under /polipo/index? -# and /polipo/servers?. This is a serious privacy leak if your proxy -# is shared. - -# disableIndexing = false -# disableServersList = false - -disableLocalInterface = true -disableConfiguration = true - -### Domain Name System -### ****************** - -# Uncomment this if you want to contact IPv4 hosts only (and make DNS -# queries somewhat faster): -# -# dnsQueryIPv6 = no - -# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for -# double-stack hosts: -# -# dnsQueryIPv6 = reluctantly - -# Uncomment this to disable Polipo's DNS resolver and use the system's -# default resolver instead. If you do that, Polipo will freeze during -# every DNS query: - -dnsUseGethostbyname = yes - - -### HTTP -### **** - -# Uncomment this if you want to enable detection of proxy loops. -# This will cause your hostname (or whatever you put into proxyName -# above) to be included in every request: - -disableVia = true - -# Uncomment this if you want to slightly reduce the amount of -# information that you leak about yourself: - -# censoredHeaders = from, accept-language -# censorReferer = maybe - -censoredHeaders = from,accept-language,x-pad,link -censorReferer = maybe - -# Uncomment this if you're paranoid. This will break a lot of sites, -# though: - -# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language -# censorReferer = true - -# Uncomment this if you want to use Poor Man's Multiplexing; increase -# the sizes if you're on a fast line. They should each amount to a few -# seconds' worth of transfer; if pmmSize is small, you'll want -# pmmFirstSize to be larger. - -# Note that PMM is somewhat unreliable. - -# pmmFirstSize = 16384 -# pmmSize = 8192 - -# Uncomment this if your user-agent does something reasonable with -# Warning headers (most don't): - -# relaxTransparency = maybe - -# Uncomment this if you never want to revalidate instances for which -# data is available (this is not a good idea): - -# relaxTransparency = yes - -# Uncomment this if you have no network: - -# proxyOffline = yes - -# Uncomment this if you want to avoid revalidating instances with a -# Vary header (this is not a good idea): - -# mindlesslyCacheVary = true - -# Suggestions from Incognito configuration -maxConnectionAge = 5m -maxConnectionRequests = 120 -serverMaxSlots = 8 -serverSlots = 2 -tunnelAllowedPorts = 1-65535 diff --git a/files/polipo.cron b/files/polipo.cron deleted file mode 100755 index aba88bc..0000000 --- a/files/polipo.cron +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -set -e - -FORBIDDEN_FILE=/etc/polipo/forbidden -CONFIG_FILE=/etc/polipo/config - -if [ ! -x /usr/bin/polipo ]; then - exit 0 -fi - -if [ ! -f $FORBIDDEN_FILE ]; then - FORBIDDEN_FILE=/dev/null -fi - -PIDFILE=/var/run/polipo/polipo.pid -[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") -# TODO: remove redirect stderr to /dev/null after the following bug is solved: -# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 -su -c \ - "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ - proxy &> /dev/null -[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/files/polipo/polipo.conf b/files/polipo/polipo.conf new file mode 100644 index 0000000..12b10c4 --- /dev/null +++ b/files/polipo/polipo.conf @@ -0,0 +1,164 @@ +# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf +# Managed by puppet. + +### Basic configuration +### ******************* + +# Uncomment one of these if you want to allow remote clients to +# connect: + +# proxyAddress = "::0" # both IPv4 and IPv6 +# proxyAddress = "0.0.0.0" # IPv4 only + +proxyAddress = "127.0.0.1" +proxyPort = 8118 + +# If you do that, you'll want to restrict the set of hosts allowed to +# connect: + +# allowedClients = "127.0.0.1, 134.157.168.57" +# allowedClients = "127.0.0.1, 134.157.168.0/24" + +allowedClients = 127.0.0.1 +allowedPorts = 1-65535 + +# Uncomment this if you want your Polipo to identify itself by +# something else than the host name: + +proxyName = "localhost" + +# Uncomment this if there's only one user using this instance of Polipo: + +cacheIsShared = false + +# Uncomment this if you want to use a parent proxy: + +# parentProxy = "squid.example.org:3128" + +# Uncomment this if you want to use a parent SOCKS proxy: + +socksParentProxy = "localhost:9050" +socksProxyType = socks5 + + +### Memory +### ****** + +# Uncomment this if you want Polipo to use a ridiculously small amount +# of memory (a hundred C-64 worth or so): + +# chunkHighMark = 819200 +# objectHighMark = 128 + +# Uncomment this if you've got plenty of memory: + +# chunkHighMark = 50331648 +# objectHighMark = 16384 + +chunkHighMark = 67108864 + +### On-disk data +### ************ + +# Uncomment this if you want to disable the on-disk cache: + +diskCacheRoot = "" + +# Uncomment this if you want to put the on-disk cache in a +# non-standard location: + +# diskCacheRoot = "~/.polipo-cache/" + +# Uncomment this if you want to disable the local web server: + +localDocumentRoot = "" + +# Uncomment this if you want to enable the pages under /polipo/index? +# and /polipo/servers?. This is a serious privacy leak if your proxy +# is shared. + +# disableIndexing = false +# disableServersList = false + +disableLocalInterface = true +disableConfiguration = true + +### Domain Name System +### ****************** + +# Uncomment this if you want to contact IPv4 hosts only (and make DNS +# queries somewhat faster): +# +# dnsQueryIPv6 = no + +# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for +# double-stack hosts: +# +# dnsQueryIPv6 = reluctantly + +# Uncomment this to disable Polipo's DNS resolver and use the system's +# default resolver instead. If you do that, Polipo will freeze during +# every DNS query: + +dnsUseGethostbyname = yes + + +### HTTP +### **** + +# Uncomment this if you want to enable detection of proxy loops. +# This will cause your hostname (or whatever you put into proxyName +# above) to be included in every request: + +disableVia = true + +# Uncomment this if you want to slightly reduce the amount of +# information that you leak about yourself: + +# censoredHeaders = from, accept-language +# censorReferer = maybe + +censoredHeaders = from,accept-language,x-pad,link +censorReferer = maybe + +# Uncomment this if you're paranoid. This will break a lot of sites, +# though: + +# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language +# censorReferer = true + +# Uncomment this if you want to use Poor Man's Multiplexing; increase +# the sizes if you're on a fast line. They should each amount to a few +# seconds' worth of transfer; if pmmSize is small, you'll want +# pmmFirstSize to be larger. + +# Note that PMM is somewhat unreliable. + +# pmmFirstSize = 16384 +# pmmSize = 8192 + +# Uncomment this if your user-agent does something reasonable with +# Warning headers (most don't): + +# relaxTransparency = maybe + +# Uncomment this if you never want to revalidate instances for which +# data is available (this is not a good idea): + +# relaxTransparency = yes + +# Uncomment this if you have no network: + +# proxyOffline = yes + +# Uncomment this if you want to avoid revalidating instances with a +# Vary header (this is not a good idea): + +# mindlesslyCacheVary = true + +# Suggestions from Incognito configuration +maxConnectionAge = 5m +maxConnectionRequests = 120 +serverMaxSlots = 8 +serverSlots = 2 +tunnelAllowedPorts = 1-65535 diff --git a/files/polipo/polipo.cron b/files/polipo/polipo.cron new file mode 100755 index 0000000..aba88bc --- /dev/null +++ b/files/polipo/polipo.cron @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +FORBIDDEN_FILE=/etc/polipo/forbidden +CONFIG_FILE=/etc/polipo/config + +if [ ! -x /usr/bin/polipo ]; then + exit 0 +fi + +if [ ! -f $FORBIDDEN_FILE ]; then + FORBIDDEN_FILE=/dev/null +fi + +PIDFILE=/var/run/polipo/polipo.pid +[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") +# TODO: remove redirect stderr to /dev/null after the following bug is solved: +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 +su -c \ + "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ + proxy &> /dev/null +[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp index 81cfe9c..f485747 100644 --- a/manifests/polipo/base.pp +++ b/manifests/polipo/base.pp @@ -8,7 +8,7 @@ class tor::polipo::base { owner => root, group => root, mode => 0644, - source => "puppet:///modules/tor/polipo.conf", + source => "puppet:///modules/tor/polipo/polipo.conf", require => Package["polipo"], notify => Service["polipo"], } diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp index 46897dd..1986119 100644 --- a/manifests/polipo/debian.pp +++ b/manifests/polipo/debian.pp @@ -7,6 +7,6 @@ class tor::polipo::debian inherits tor::polipo::base { group => root, mode => 0755, require => Package["polipo"], - source => "puppet:///modules/tor/polipo.cron", + source => "puppet:///modules/tor/polipo/polipo.cron", } } -- cgit v1.2.3 From 3c197b0de15f9d43fc63c029c19d2e8b5c2a0ecf Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 28 Oct 2011 16:55:19 +0200 Subject: add a compact class mainly to give a way to have the old behavior --- manifests/compact.pp | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 manifests/compact.pp diff --git a/manifests/compact.pp b/manifests/compact.pp new file mode 100644 index 0000000..472a4a6 --- /dev/null +++ b/manifests/compact.pp @@ -0,0 +1,5 @@ +class tor::compact { + include ::tor + include tor::polipo + include tor::torsocks +} -- cgit v1.2.3 From a7fa4a80543ea29ec9521831b15b146911c5fe8a Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 8 Jun 2012 17:49:54 +0200 Subject: The torsocks package does not need the Tor data directory. --- manifests/daemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index dddef14..4911cd0 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -12,7 +12,7 @@ class tor::daemon inherits tor { subscribe => File[$config_file], } - Package[ 'tor', 'torsocks' ] { + Package[ 'tor' ] { require => File[$data_dir], } -- cgit v1.2.3 From f12bf2ae954aeabb0c75d52801158238931ca0ae Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 03:59:20 +0200 Subject: Add support for DNSPort and DNSListenAddress. --- manifests/daemon.pp | 14 ++++++++++++++ templates/torrc.dns.erb | 5 +++++ 2 files changed, 19 insertions(+) create mode 100644 templates/torrc.dns.erb diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 4911cd0..ac8529c 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -190,5 +190,19 @@ class tor::daemon inherits tor { ensure => $ensure, } } + + # DNS definition + define dns( $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concatenated_file_part { "08.dns.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.dns.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb new file mode 100644 index 0000000..bd1e719 --- /dev/null +++ b/templates/torrc.dns.erb @@ -0,0 +1,5 @@ +# DNS +DNSPort <%= port %> +<%- for listen_address in listen_addresses -%> +DNSListenAddress <%= listen_address %> +<%- end -%> -- cgit v1.2.3 From ebee9da1b3883461b18f9aae86663002195e94e7 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 04:02:13 +0200 Subject: Add support for TransPort and TransListenAddress. --- manifests/daemon.pp | 13 +++++++++++++ templates/torrc.transparent.erb | 5 +++++ 2 files changed, 18 insertions(+) create mode 100644 templates/torrc.transparent.erb diff --git a/manifests/daemon.pp b/manifests/daemon.pp index ac8529c..0778bce 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -204,5 +204,18 @@ class tor::daemon inherits tor { } } + # Transparent proxy definition + define transparent( $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concatenated_file_part { "09.transparent.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.transparent.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb new file mode 100644 index 0000000..dae97dc --- /dev/null +++ b/templates/torrc.transparent.erb @@ -0,0 +1,5 @@ +# Transparent proxy +TransPort <%= port %> +<%- for listen_address in listen_addresses -%> +TransListenAddress <%= listen_address %> +<%- end -%> -- cgit v1.2.3 From f401daa245495233c3d86d5f955105be564e02b1 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 04:07:31 +0200 Subject: Add support for using bridges. --- manifests/daemon.pp | 17 ++++++++++++++++- templates/torrc.bridge.erb | 3 +++ templates/torrc.global.erb | 1 + 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 templates/torrc.bridge.erb diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 0778bce..2484edf 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -76,7 +76,8 @@ class tor::daemon inherits tor { # global configurations define global_opts( $data_dir = $tor::daemon::data_dir, - $log_rules = [ 'notice file /var/log/tor/notices.log' ] ) { + $log_rules = [ 'notice file /var/log/tor/notices.log' ], + $use_bridges = 0 ) { concatenated_file_part { '01.global': dir => $tor::daemon::snippet_dir, @@ -217,5 +218,19 @@ class tor::daemon inherits tor { } } + # Bridge definition + define bridge( $ip, + $port, + $fingerprint = false, + $ensure = present ) { + + concatenated_file_part { "10.bridge.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.bridge.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } diff --git a/templates/torrc.bridge.erb b/templates/torrc.bridge.erb new file mode 100644 index 0000000..58ef70d --- /dev/null +++ b/templates/torrc.bridge.erb @@ -0,0 +1,3 @@ +# Bridge <%= name%> +Bridge <%= ip%>:<%= port%><%- if fingerprint -%> <%= fingerprint%><%- end -%> + diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index 6ca49de..84e244d 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -11,3 +11,4 @@ Log <%= log_rule %> Log notice syslog <%- end -%> +UseBridges <%= use_bridges%> -- cgit v1.2.3 From d017a7eee415a1398a0f7e533a5bfba3986e7505 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 04:48:26 +0200 Subject: Add support for AutomapHostsOnResolve. --- manifests/daemon.pp | 5 +++-- templates/torrc.global.erb | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2484edf..d04734d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -77,9 +77,10 @@ class tor::daemon inherits tor { # global configurations define global_opts( $data_dir = $tor::daemon::data_dir, $log_rules = [ 'notice file /var/log/tor/notices.log' ], - $use_bridges = 0 ) { + $use_bridges = 0, + $automap_hosts_on_resolve = 0) { - concatenated_file_part { '01.global': + concatenated_file_part { '01.global': dir => $tor::daemon::snippet_dir, content => template('tor/torrc.global.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index 84e244d..3a3b623 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -11,4 +11,5 @@ Log <%= log_rule %> Log notice syslog <%- end -%> +AutomapHostsOnResolve <%= automap_hosts_on_resolve%> UseBridges <%= use_bridges%> -- cgit v1.2.3 From ed98955cec143ee81b09a525318518825b86a791 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 20 Jun 2012 23:24:30 -0300 Subject: Adding support for MapAddress tor option --- manifests/daemon.pp | 12 ++++++++++++ templates/torrc.map_address.erb | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 templates/torrc.map_address.erb diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 6d8c315..d1d57df 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -184,5 +184,17 @@ class tor::daemon inherits tor { ensure => $ensure, } } + + # map address definition + define map_address( $address = '', + $newaddress = '') { + + concatenated_file_part { "08.map_address.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.map_address.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } } diff --git a/templates/torrc.map_address.erb b/templates/torrc.map_address.erb new file mode 100644 index 0000000..3fb0274 --- /dev/null +++ b/templates/torrc.map_address.erb @@ -0,0 +1,3 @@ +# map address <%= name %> +MapAddress <%= address %> <%= newaddress %> + -- cgit v1.2.3 From d29669e13e276c1e5a399653c82f576dbc1700b8 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 7 Jul 2012 19:02:34 +0200 Subject: Remove trailing whitespace from newly added lines. --- manifests/daemon.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index d1d57df..3a201e4 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -192,9 +192,9 @@ class tor::daemon inherits tor { concatenated_file_part { "08.map_address.${name}": dir => $tor::daemon::snippet_dir, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, } - } + } } -- cgit v1.2.3 From 0cc4d9c90911b0117cfd13fbee5e18bcfd9c89c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 30 Jul 2012 22:08:30 -0400 Subject: switch bandwidth_rate and bandwidth_burst to be relay_bandwidth_rate and relay_bandwidth_burst so we can use those variables for their proper tor configuration variables --- manifests/daemon.pp | 8 +++++--- templates/torrc.relay.erb | 14 ++++++++++---- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 6d8c315..5150c96 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -101,9 +101,11 @@ class tor::daemon inherits tor { define relay( $port = 0, $listen_addresses = [], $outbound_bindaddresses = $listen_addresses, - $bandwidth_rate = 0, # KB/s, 0 for no limit. - $bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. + $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s + $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. + $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. $accounting_start = [], $contact_info = '', $my_family = '', # TODO: autofill with other relays diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 2ab34bf..71c94b9 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -13,11 +13,17 @@ Nickname <%= nickname %> <%- if address != '' then -%> Address <%= address %> <%- end -%> -<%- if bandwidth_rate != '0' then -%> -RelayBandwidthRate <%= bandwidth_rate %> KB +<%- if bandwidth_rate != '' then -%> +BandwidthRate <%= bandwidth_rate %> KB <%- end -%> -<%- if bandwidth_burst != '0' then -%> -RelayBandwidthBurst <%= bandwidth_burst %> KB +<%- if bandwidth_burst != '' then -%> +BandwidthBurst <%= bandwidth_burst %> KB +<%- end -%> +<%- if relay_bandwidth_rate != '0' then -%> +RelayBandwidthRate <%= relay_bandwidth_rate %> KB +<%- end -%> +<%- if relay_bandwidth_burst != '0' then -%> +RelayBandwidthBurst <%= relay_bandwidth_burst %> KB <%- end -%> <%- if accounting_max != '0' then -%> AccountingMax <%= accounting_max %> GB -- cgit v1.2.3 From ee3c2c9c1bfb4c54d03e87d7ba03050296c82640 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 30 Jul 2012 22:08:50 -0400 Subject: add README, including information about the transition information regarding the bandwidth parameters --- README | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 0000000..baafe84 --- /dev/null +++ b/README @@ -0,0 +1,161 @@ +puppet module for managing tor +============================== + +This module tries to manage tor, making sure it is installed, running, has munin +graphs if desired and allows for configuration of relays, hidden services, exit +policies, etc. + +! Upgrade Notice ! + + the tor::relay{} variables $bandwidth_rate and $bandwidth_burst were previously + used for the tor configuration variables RelayBandwidthRate and + RelayBandwidthBurst, these have been renamed to $relay_bandwidth_rate and + $relay_bandwidth_burst. If you were using these, please rename your variables in + your configuration. + + The variables $bandwidth_rate and $bandwidth_burst are now used for the tor + configuration variables BandwidthRate and BandwidthBurst. If you used + $bandwidth_rate or $bandwidth_burst please be aware that these values have + changed and adjust your configuration as necessary. + + +Usage +===== + +Installing tor +-------------- + +To install tor, simply include the 'tor' class in your manifests: + + include tor + +You can specify $tor_ensure_version and $torsocks_ensure_version to get a +specific version installed. + +However, if you want to make configuration changes to your tor daemon, you will +want to instead include the 'tor::daemon' class in your manifests, which will +inherit the 'tor' class from above: + + include tor::daemon + +You have the following tor global variables that you can adjust in your node scope: + +$data_dir = '/var/lib/tor' +$config_file = '/etc/tor/torrc' +$log_rules = 'notice file /var/log/tor/notices.log' + +The $data_dir will be used for the tor user's $HOME, and the tor DataDirectory +value. The $config_file will be managed and the daemon restarted when it +changed. + +The $log_rules can be an array of different Log lines, each will be added to the +config, for example the following will use syslog: + + tor::daemon::global_opts { "use_syslog": log_rules => [ 'notice syslog' ]; } + +Configuring socks +----------------- + +To configure tor socks support, you can do the following: + + tor::daemon::socks { "listen_locally": listen_addresses => [ '127.0.0.1' ]; } + +this will setup the SocksListenAddress to be 127.0.0.1. You also can pass the +following options to tor::daemon::socks: + +$port = 0 - SocksPort +$listen_address - can pass multiple values to configure SocksListenAddress lines +$policies - can pass multiple values to configure SocksPolicy lines + + +Configuring relays +================== + +An example relay configuration: + + tor::daemon::relay { "foobar": + port => 9001, listen_addresses => '192.168.0.1', address => '192.168.0.1', + bandwidth_rate => '256', bandwidth_burst => '256', contact_info => "Foo ", + my_family => '' + } + +You have the following options that can be passed to a relay, with the defaults shown: + +$port = 0, +$listen_addresses = [], +$bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s +$bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s +$relay_bandwidth_rate = 0, # KB/s, 0 for no limit. +$relay_bandwidth_burst = 0, # KB/s, 0 for no limit. +$accounting_max = 0, # GB, 0 for no limit. +$accounting_start = [], +$contact_info = '', +$my_family = '', # TODO: autofill with other relays +$address = "tor.${domain}", +$bridge_relay = 0, +$ensure = present +$nickname = $name + +Configuring the control +----------------------- + +To pass parameters to configure the ControlPort and the HashedControlPassword, +you would do something like this: + + tor::daemon::control { "foo-control": + port => '80', hashed_control_password => '', + ensure => present +} + +Note: you must pass a hashed password to the control port, if you are going to +use it. + + +Configuring hidden services +--------------------------- + +To configure a tor hidden service you can do something like the following: + + tor::daemon::hidden_service { "hidden_ssh": ports => 22 } + +The HiddenServiceDir is set to the ${data_dir}/${name}. + +Configuring directories +----------------------- + +An example directory configuration: + + tor::daemon::directory { 'ssh_directory': + port => 80, listen_address => '192.168.0.1', + port_front_page => '/etc/tor/tor.html' + } + +Configuring exit policies +-------------------------- + +To configure exit policies, you can do the following: + +tor::daemon::exit_policy { "ssh_exit_policy": + accept => "192.168.0.1:22", + reject => "*:*"; + } + } + + +Polipo +====== + +Polipo support can be enabled by doing: + + include tor::polipo + +this will inherit the tor class by default, remove privoxy if its installed, and +install polipo, making sure it is running. + + +Munin +===== + +If you are using munin, and have the puppet munin module installed, you can set +the variable $use_munin = true to have graphs setup for you. + -- cgit v1.2.3 From 5a1f664b66f62d2f75fb8ea8cee730aaf9097e84 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 3 Aug 2012 14:39:08 -0400 Subject: change location of control port in munin graphs, now that /usr/share/tor/tor-service-defaults-torrc exists and contains: CookieAuthentication 1 CookieAuthFileGroupReadable 1 CookieAuthFile /var/run/tor/control.authcookie --- manifests/munin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/munin.pp b/manifests/munin.pp index ac2630a..8504f89 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -17,7 +17,7 @@ class tor::munin { munin::plugin { [ "tor_connections", "tor_routers", "tor_traffic" ]: ensure => present, - config => "user debian-tor\n env.cookiefile /var/lib/tor/control_auth_cookie", + config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie", script_path_in => "/usr/local/share/munin-plugins"; } } -- cgit v1.2.3 From 1591ee0c75565a0109ce4615f78e2bef444e1491 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 3 Aug 2012 15:00:32 -0400 Subject: add $cookie_authentication, $cookie_auth_file and $cookie_auth_file_group_readable variables --- manifests/daemon.pp | 13 ++++++++++--- templates/torrc.control.erb | 10 ++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 5150c96..8f6d80d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -123,13 +123,20 @@ class tor::daemon inherits tor { } # control definition - define control( $port = 0, - $hashed_control_password = '', + define control( $port = 0, + $hashed_control_password = '', + $cookie_authentication = 0, + $cookie_auth_file = '', + $cookie_auth_file_group_readable = '', $ensure = present ) { - if $hashed_control_password == '' and $ensure != 'absent' { + if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { fail("You need to define the tor control password") } + + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + notice("You set a tor cookie authentication option, but do not have cookie_authentication on") + } concatenated_file_part { '04.control': dir => $tor::daemon::snippet_dir, diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb index df9513a..7e10d4d 100644 --- a/templates/torrc.control.erb +++ b/templates/torrc.control.erb @@ -1,6 +1,16 @@ # tor controller <%- if port != '0' then -%> ControlPort <%= port %> +<%- if cookie_authentication != '0' then -%> +CookieAuthentication 1 +<%- if cookie_auth_file != '' then -%> +CookieAuthFile <%= cookie_auth_file %> +<%- end -%> +<%- if cookie_auth_file_group_readable != '' then -%> +CookieAuthFileGroupReadable <%= cookie_auth_file_group_readable %> +<%- end -%> +<%- else %-> HashedControlPassword <%= hashed_control_password %> <%- end -%> +<%- end -%> -- cgit v1.2.3 From d7ec8bf77c55f573138d41d5e24e1fb80e073b25 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 3 Aug 2012 15:08:43 -0400 Subject: fix template syntax error --- templates/torrc.control.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb index 7e10d4d..336c72d 100644 --- a/templates/torrc.control.erb +++ b/templates/torrc.control.erb @@ -9,7 +9,7 @@ CookieAuthFile <%= cookie_auth_file %> <%- if cookie_auth_file_group_readable != '' then -%> CookieAuthFileGroupReadable <%= cookie_auth_file_group_readable %> <%- end -%> -<%- else %-> +<%- else -%> HashedControlPassword <%= hashed_control_password %> <%- end -%> <%- end -%> -- cgit v1.2.3 From a7c8b004e1239b2bef366cbd33a0596b20971ff9 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Wed, 29 Aug 2012 11:49:11 +0200 Subject: Add support for including arbitrary snippet into torrc. --- manifests/daemon.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index e6d0c2e..07066c6 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -253,4 +253,17 @@ class tor::daemon inherits tor { ensure => $ensure, } } + + # Arbitrary torrc snippet definition + define snippet( $content = '', + $ensure = present ) { + + concatenated_file_part { "99.snippet.${name}": + dir => $tor::daemon::snippet_dir, + content => $content, + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } -- cgit v1.2.3 From 3a91fa40e19ab0645e159e76592fcbe60fc8ea41 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 9 Nov 2012 21:40:21 +0100 Subject: Remove useless comment. --- manifests/daemon.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 07066c6..06a396b 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,4 +1,3 @@ -# tor::daemon class tor::daemon inherits tor { # config variables -- cgit v1.2.3 From 49cb5faa62544c589a82b9d48a768eb1391c9a61 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 9 Nov 2012 21:54:58 +0100 Subject: Migrate to parameterized classes, drop global variables. --- README | 69 ++++++++++++++++++++++++++++++++++++++++----------- manifests/daemon.pp | 28 ++++++++++----------- manifests/init.pp | 9 ++++--- manifests/torsocks.pp | 7 +++--- 4 files changed, 77 insertions(+), 36 deletions(-) diff --git a/README b/README index baafe84..9c040a3 100644 --- a/README +++ b/README @@ -18,6 +18,17 @@ policies, etc. $bandwidth_rate or $bandwidth_burst please be aware that these values have changed and adjust your configuration as necessary. + The $tor_ensure_version was converted to a parameter for the tor and + tor::daemon classes. + + The $torsocks_ensure_version was converted to a parameter for the + tor::torsocks class. + + The options that used to be settable with the + tor::daemon::global_opts define now are parameters for the + tor::daemon class, and tor::daemon::global_opts was + removed accordingly. + Usage ===== @@ -27,31 +38,51 @@ Installing tor To install tor, simply include the 'tor' class in your manifests: - include tor + class { 'tor': } -You can specify $tor_ensure_version and $torsocks_ensure_version to get a -specific version installed. +You can specify the $ensure_version class parameter to get a specific +version installed. However, if you want to make configuration changes to your tor daemon, you will want to instead include the 'tor::daemon' class in your manifests, which will inherit the 'tor' class from above: - include tor::daemon + class { '::tor::daemon': } + +You have the following class parameters that you can specify: -You have the following tor global variables that you can adjust in your node scope: +data_dir (default: '/var/lib/tor') +config_file (default: '/etc/tor/torrc') +use_bridges (default: 0) +automap_hosts_on_resolve (default: 0) +log_rules (default: ['notice file /var/log/tor/notices.log']) -$data_dir = '/var/lib/tor' -$config_file = '/etc/tor/torrc' -$log_rules = 'notice file /var/log/tor/notices.log' +The data_dir will be used for the tor user's $HOME, and the tor DataDirectory +value. -The $data_dir will be used for the tor user's $HOME, and the tor DataDirectory -value. The $config_file will be managed and the daemon restarted when it -changed. +The config_file will be managed and the daemon restarted when +it changed. -The $log_rules can be an array of different Log lines, each will be added to the +use_bridges and automap_hosts_on_resolve are used to set the +UseBridges and AutomapHostsOnResolve torrc settings. + +The log_rules can be an array of different Log lines, each will be added to the config, for example the following will use syslog: - tor::daemon::global_opts { "use_syslog": log_rules => [ 'notice syslog' ]; } + class { '::tor::daemon': + log_rules => [ 'notice syslog' ], + } + +If you want to set specific options for the tor class, +you need to define it before tor::daemon in your manifests, +e.g.: + + class { '::tor': + use_munin => true, + } + class { '::tor::daemon': + automap_hosts_on_resolve => 1, + } Configuring socks ----------------- @@ -67,6 +98,15 @@ $port = 0 - SocksPort $listen_address - can pass multiple values to configure SocksListenAddress lines $policies - can pass multiple values to configure SocksPolicy lines +Installing torsocks +------------------- + +To install torsocks, simply include the 'torsocks' class in your manifests: + + class { 'torsocks': } + +You can specify the $ensure_version class parameter to get a specific +version installed. Configuring relays ================== @@ -157,5 +197,6 @@ Munin ===== If you are using munin, and have the puppet munin module installed, you can set -the variable $use_munin = true to have graphs setup for you. +the use_munin parameter to true when defining the tor::daemon class to have +graphs setup for you. diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 06a396b..9351b3c 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,8 +1,12 @@ -class tor::daemon inherits tor { - - # config variables - $data_dir = '/var/lib/tor' - $config_file = '/etc/tor/torrc' +class tor::daemon ( + $data_dir = '/var/lib/tor', + $config_file = '/etc/tor/torrc', + $use_bridges = 0, + $automap_hosts_on_resolve = 0, + $log_rules = [ 'notice file /var/log/tor/notices.log' ], +) inherits tor { + + # constants $spool_dir = '/var/lib/puppet/modules/tor' $snippet_dir = "${spool_dir}/torrc.d" @@ -74,16 +78,10 @@ class tor::daemon inherits tor { } # global configurations - define global_opts( $data_dir = $tor::daemon::data_dir, - $log_rules = [ 'notice file /var/log/tor/notices.log' ], - $use_bridges = 0, - $automap_hosts_on_resolve = 0) { - - concatenated_file_part { '01.global': - dir => $tor::daemon::snippet_dir, - content => template('tor/torrc.global.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, - } + concatenated_file_part { '01.global': + dir => $snippet_dir, + content => template('tor/torrc.global.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, } # socks definition diff --git a/manifests/init.pp b/manifests/init.pp index d916188..613eb29 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,9 +1,10 @@ -class tor { +class tor ( + $ensure_version = 'installed', + $use_munin = false, +){ - if !$tor_ensure_version { $tor_ensure_version = 'installed' } - package { [ "tor", "tor-geoipdb" ]: - ensure => $tor_ensure_version, + ensure => $ensure_version, } service { 'tor': diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp index 7bb51ee..452b4f1 100644 --- a/manifests/torsocks.pp +++ b/manifests/torsocks.pp @@ -1,7 +1,8 @@ -class tor::torsocks { - if !$torsocks_ensure_version { $torsocks_ensure_version = 'installed' } +class tor::torsocks ( + $ensure_version = 'installed', +){ include ::tor package{'torsocks': - ensure => $torsocks_ensure_version, + ensure => $ensure_version, } } -- cgit v1.2.3 From 955c46180a855eb841886d85fd3691cfe471d8cf Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 20:57:33 +0100 Subject: Get a lost part of the fix for outbound_bindaddresses back. The fix was implemented in 8e0dbb0, but apparently I've managed to lose it as part of one of the numerous merge conflicts I've dealt with when merging everyone's branch. --- manifests/daemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 9351b3c..28d257d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -99,7 +99,7 @@ class tor::daemon ( # relay definition define relay( $port = 0, $listen_addresses = [], - $outbound_bindaddresses = $listen_addresses, + $outbound_bindaddresses = [], $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. -- cgit v1.2.3 From 1ee285d39980512b506084368f4f2208aa4d7c1f Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 21:43:03 +0100 Subject: Use single-quotes for strings that do not contain variables. Puppet style guide, section "8. Quoting", reads: "All strings that do not contain variables should be enclosed in single quotes." --- manifests/daemon.pp | 6 +++--- manifests/init.pp | 2 +- manifests/munin.pp | 16 ++++++++-------- manifests/polipo/base.pp | 12 ++++++------ manifests/polipo/debian.pp | 6 +++--- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 28d257d..683d2c6 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -136,11 +136,11 @@ class tor::daemon ( $ensure = present ) { if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { - fail("You need to define the tor control password") + fail('You need to define the tor control password') } if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { - notice("You set a tor cookie authentication option, but do not have cookie_authentication on") + notice('You set a tor cookie authentication option, but do not have cookie_authentication on') } concatenated_file_part { '04.control': @@ -178,7 +178,7 @@ class tor::daemon ( } file { '/etc/tor/tor.html': - source => "puppet:///modules/tor/tor.html", + source => 'puppet:///modules/tor/tor.html', require => File['/etc/tor'], ensure => $ensure, owner => 'debian-tor', group => 'debian-tor', mode => 0644, diff --git a/manifests/init.pp b/manifests/init.pp index 613eb29..b8e1917 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,7 +3,7 @@ class tor ( $use_munin = false, ){ - package { [ "tor", "tor-geoipdb" ]: + package { [ 'tor', 'tor-geoipdb' ]: ensure => $ensure_version, } diff --git a/manifests/munin.pp b/manifests/munin.pp index 8504f89..24ea53e 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,23 +1,23 @@ class tor::munin { file { - "/usr/local/share/munin-plugins/tor_connections": - source => "puppet:///modules/tor/munin/tor_connections", + '/usr/local/share/munin-plugins/tor_connections': + source => 'puppet:///modules/tor/munin/tor_connections', mode => 0755, owner => root, group => root; - "/usr/local/share/munin-plugins/tor_routers": - source => "puppet:///modules/tor/munin/tor_routers", + '/usr/local/share/munin-plugins/tor_routers': + source => 'puppet:///modules/tor/munin/tor_routers', mode => 0755, owner => root, group => root; - "/usr/local/share/munin-plugins/tor_traffic": - source => "puppet:///modules/tor/munin/tor_traffic", + '/usr/local/share/munin-plugins/tor_traffic': + source => 'puppet:///modules/tor/munin/tor_traffic', mode => 0755, owner => root, group => root; } munin::plugin { - [ "tor_connections", "tor_routers", "tor_traffic" ]: + [ 'tor_connections', 'tor_routers', 'tor_traffic' ]: ensure => present, config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie", - script_path_in => "/usr/local/share/munin-plugins"; + script_path_in => '/usr/local/share/munin-plugins'; } } diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp index fca4b21..8c1dd1c 100644 --- a/manifests/polipo/base.pp +++ b/manifests/polipo/base.pp @@ -3,19 +3,19 @@ class tor::polipo::base { ensure => present, } - file { "/etc/polipo/config": + file { '/etc/polipo/config': ensure => present, owner => root, group => root, mode => 0644, - source => "puppet:///modules/tor/polipo/polipo.conf", - require => Package["polipo"], - notify => Service["polipo"], + source => 'puppet:///modules/tor/polipo/polipo.conf', + require => Package['polipo'], + notify => Service['polipo'], } - service { "polipo": + service { 'polipo': ensure => running, enable => true, - require => [ Package["polipo"], Service["tor"] ], + require => [ Package['polipo'], Service['tor'] ], } } diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp index 1986119..0a8aa93 100644 --- a/manifests/polipo/debian.pp +++ b/manifests/polipo/debian.pp @@ -1,12 +1,12 @@ class tor::polipo::debian inherits tor::polipo::base { # TODO: restore file to original state after the following bug is solved: # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { "/etc/cron.daily/polipo": + file { '/etc/cron.daily/polipo': ensure => present, owner => root, group => root, mode => 0755, - require => Package["polipo"], - source => "puppet:///modules/tor/polipo/polipo.cron", + require => Package['polipo'], + source => 'puppet:///modules/tor/polipo/polipo.cron', } } -- cgit v1.2.3 From 6255a818641c07b20d7e718eeff5e5f92953bd09 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 21:48:58 +0100 Subject: Quote and enclose in braces variables in strings. Puppet style guide "8. Quoting" reads: "Double quotes should be used when variable interpolation is required. [...] All variables should be enclosed in braces when interpolated in a string." --- manifests/daemon.pp | 42 +++++++++++++++++++++--------------------- manifests/polipo.pp | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 683d2c6..bd6de31 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -12,11 +12,11 @@ class tor::daemon ( # packages, user, group Service['tor'] { - subscribe => File[$config_file], + subscribe => File["${config_file}"], } Package[ 'tor' ] { - require => File[$data_dir], + require => File["${data_dir}"], } group { 'debian-tor': @@ -28,7 +28,7 @@ class tor::daemon ( allowdupe => false, comment => 'tor user,,,', ensure => present, - home => $data_dir, + home => "${data_dir}", shell => '/bin/bash', gid => 'debian-tor', require => Group['debian-tor'], @@ -59,19 +59,19 @@ class tor::daemon ( file { "${snippet_dir}": ensure => directory, owner => 'debian-tor', group => 'debian-tor', mode => 0755, - require => File[$spool_dir], + require => File["${spool_dir}"], } # tor configuration file concatenated_file { "${config_file}": - dir => $snippet_dir, + dir => "${snippet_dir}", mode => 0600, owner => 'debian-tor', group => 'debian-tor', } # config file headers concatenated_file_part { '00.header': - dir => $snippet_dir, + dir => "${snippet_dir}", content => template('tor/torrc.header.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => present, @@ -79,7 +79,7 @@ class tor::daemon ( # global configurations concatenated_file_part { '01.global': - dir => $snippet_dir, + dir => "${snippet_dir}", content => template('tor/torrc.global.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, } @@ -90,7 +90,7 @@ class tor::daemon ( $policies = [] ) { concatenated_file_part { '02.socks': - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.socks.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, } @@ -120,7 +120,7 @@ class tor::daemon ( } concatenated_file_part { '03.relay': - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.relay.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -139,12 +139,12 @@ class tor::daemon ( fail('You need to define the tor control password') } - if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + if $cookie_authentication == 0 and ("${cookie_auth_file}" != '' or "${cookie_auth_file_group_readable}" != '') { notice('You set a tor cookie authentication option, but do not have cookie_authentication on') } concatenated_file_part { '04.control': - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.control.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0600, ensure => $ensure, @@ -153,11 +153,11 @@ class tor::daemon ( # hidden services definition define hidden_service( $ports = [], - $data_dir = $tor::daemon::data_dir, + $data_dir = "${tor::daemon::data_dir}", $ensure = present ) { concatenated_file_part { "05.hidden_service.${name}": - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.hidden_service.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -171,7 +171,7 @@ class tor::daemon ( $ensure = present ) { concatenated_file_part { '06.directory': - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.directory.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -192,7 +192,7 @@ class tor::daemon ( $ensure = present ) { concatenated_file_part { "07.exit_policy.${name}": - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.exit_policy.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -205,7 +205,7 @@ class tor::daemon ( $ensure = present ) { concatenated_file_part { "08.dns.${name}": - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.dns.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -218,7 +218,7 @@ class tor::daemon ( $ensure = present ) { concatenated_file_part { "09.transparent.${name}": - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.transparent.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -232,7 +232,7 @@ class tor::daemon ( $ensure = present ) { concatenated_file_part { "10.bridge.${name}": - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.bridge.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -244,7 +244,7 @@ class tor::daemon ( $newaddress = '') { concatenated_file_part { "08.map_address.${name}": - dir => $tor::daemon::snippet_dir, + dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.map_address.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, @@ -256,8 +256,8 @@ class tor::daemon ( $ensure = present ) { concatenated_file_part { "99.snippet.${name}": - dir => $tor::daemon::snippet_dir, - content => $content, + dir => "${tor::daemon::snippet_dir}", + content => "${content}", owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, } diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 8563347..9a8fdb5 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,7 +1,7 @@ class tor::polipo { include ::tor - case $::operatingsystem { + case "${::operatingsystem}" { 'debian': { include tor::polipo::debian } default: { include tor::polipo::base } } -- cgit v1.2.3 From 8c4ec63f85294dd4e83e5701bf15bd9c97905b02 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 21:53:10 +0100 Subject: Align all fat arrows in resource’s attribute/value list. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Puppet style guide "9.2. Arrow Alignment" reads: "All of the fat comma arrows (=>) in a resource’s attribute/value list should be aligned. The arrows should be placed one space ahead of the longest attribute name." --- manifests/init.pp | 8 ++++---- manifests/munin.pp | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b8e1917..82820f5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,11 +8,11 @@ class tor ( } service { 'tor': - ensure => running, - enable => true, + ensure => running, + enable => true, hasrestart => true, - hasstatus => true, - require => Package['tor'], + hasstatus => true, + require => Package['tor'], } if $use_munin { diff --git a/manifests/munin.pp b/manifests/munin.pp index 24ea53e..ecb13d9 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -16,8 +16,8 @@ class tor::munin { munin::plugin { [ 'tor_connections', 'tor_routers', 'tor_traffic' ]: - ensure => present, - config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie", + ensure => present, + config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie", script_path_in => '/usr/local/share/munin-plugins'; } } -- cgit v1.2.3 From b0d72fca2fef6b9db7c1d3f5b7100d6228766d8f Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 22:10:54 +0100 Subject: Indentation fixes. --- manifests/daemon.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index bd6de31..bbf83dd 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -204,7 +204,7 @@ class tor::daemon ( $listen_addresses = [], $ensure = present ) { - concatenated_file_part { "08.dns.${name}": + concatenated_file_part { "08.dns.${name}": dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.dns.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, @@ -217,7 +217,7 @@ class tor::daemon ( $listen_addresses = [], $ensure = present ) { - concatenated_file_part { "09.transparent.${name}": + concatenated_file_part { "09.transparent.${name}": dir => "${tor::daemon::snippet_dir}", content => template('tor/torrc.transparent.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, -- cgit v1.2.3 From e24b353ad6d7e1a6cfec104f8946a4b0e9786a0d Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 22:15:08 +0100 Subject: Give the debian-tor user /bin/false as a shell. This is the Debian package default, and I've never seen the need to give it a real shell. --- manifests/daemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index bbf83dd..28b14d1 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -29,7 +29,7 @@ class tor::daemon ( comment => 'tor user,,,', ensure => present, home => "${data_dir}", - shell => '/bin/bash', + shell => '/bin/false', gid => 'debian-tor', require => Group['debian-tor'], } -- cgit v1.2.3 From 62a02519915bc3d61a17ec5e1f5ca8927d5bcf4a Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 22:26:31 +0100 Subject: Use the concat module instead of the obsolete concatenated_file define. ... and cleanup the now unused spool_dir. --- README | 7 +++++ manifests/daemon.pp | 80 ++++++++++++++++++++++++++++------------------------- 2 files changed, 50 insertions(+), 37 deletions(-) diff --git a/README b/README index 9c040a3..49b91f0 100644 --- a/README +++ b/README @@ -30,6 +30,13 @@ policies, etc. removed accordingly. +Dependencies +============ + +This module needs: + +- the concat module: git://labs.riseup.net/shared-concat + Usage ===== diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 28b14d1..5385f39 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -8,7 +8,6 @@ class tor::daemon ( # constants $spool_dir = '/var/lib/puppet/modules/tor' - $snippet_dir = "${spool_dir}/torrc.d" # packages, user, group Service['tor'] { @@ -52,36 +51,32 @@ class tor::daemon ( } file { "${spool_dir}": - ensure => directory, - owner => 'debian-tor', group => 'debian-tor', mode => 0755, - } - - file { "${snippet_dir}": - ensure => directory, - owner => 'debian-tor', group => 'debian-tor', mode => 0755, - require => File["${spool_dir}"], + ensure => absent, + recurse => true, + force => true, } # tor configuration file - concatenated_file { "${config_file}": - dir => "${snippet_dir}", + concat { "${config_file}": mode => 0600, owner => 'debian-tor', group => 'debian-tor', } # config file headers - concatenated_file_part { '00.header': - dir => "${snippet_dir}", + concat::fragment { '00.header': content => template('tor/torrc.header.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => present, + order => 00, + target => "${config_file}", } # global configurations - concatenated_file_part { '01.global': - dir => "${snippet_dir}", + concat::fragment { '01.global': content => template('tor/torrc.global.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, + order => 01, + target => "${config_file}", } # socks definition @@ -89,10 +84,11 @@ class tor::daemon ( $listen_addresses = [], $policies = [] ) { - concatenated_file_part { '02.socks': - dir => "${tor::daemon::snippet_dir}", + concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, + order => 02, + target => "${tor::daemon::config_file}", } } @@ -119,11 +115,12 @@ class tor::daemon ( $real_outbound_bindaddresses = $outbound_bindaddresses } - concatenated_file_part { '03.relay': - dir => "${tor::daemon::snippet_dir}", + concat::fragment { '03.relay': content => template('tor/torrc.relay.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 03, + target => "${tor::daemon::config_file}", } } @@ -143,11 +140,12 @@ class tor::daemon ( notice('You set a tor cookie authentication option, but do not have cookie_authentication on') } - concatenated_file_part { '04.control': - dir => "${tor::daemon::snippet_dir}", + concat::fragment { '04.control': content => template('tor/torrc.control.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0600, ensure => $ensure, + order => 04, + target => "${tor::daemon::config_file}", } } @@ -156,11 +154,12 @@ class tor::daemon ( $data_dir = "${tor::daemon::data_dir}", $ensure = present ) { - concatenated_file_part { "05.hidden_service.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "05.hidden_service.${name}": content => template('tor/torrc.hidden_service.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 05, + target => "${tor::daemon::config_file}", } } @@ -170,11 +169,12 @@ class tor::daemon ( $port_front_page = '/etc/tor/tor.html', $ensure = present ) { - concatenated_file_part { '06.directory': - dir => "${tor::daemon::snippet_dir}", + concat::fragment { '06.directory': content => template('tor/torrc.directory.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 06, + target => "${tor::daemon::config_file}", } file { '/etc/tor/tor.html': @@ -191,11 +191,12 @@ class tor::daemon ( $reject_private = 1, $ensure = present ) { - concatenated_file_part { "07.exit_policy.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "07.exit_policy.${name}": content => template('tor/torrc.exit_policy.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 07, + target => "${tor::daemon::config_file}", } } @@ -204,11 +205,12 @@ class tor::daemon ( $listen_addresses = [], $ensure = present ) { - concatenated_file_part { "08.dns.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "08.dns.${name}": content => template('tor/torrc.dns.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 08, + target => "${tor::daemon::config_file}", } } @@ -217,11 +219,12 @@ class tor::daemon ( $listen_addresses = [], $ensure = present ) { - concatenated_file_part { "09.transparent.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "09.transparent.${name}": content => template('tor/torrc.transparent.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 09, + target => "${tor::daemon::config_file}", } } @@ -231,11 +234,12 @@ class tor::daemon ( $fingerprint = false, $ensure = present ) { - concatenated_file_part { "10.bridge.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "10.bridge.${name}": content => template('tor/torrc.bridge.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 10, + target => "${tor::daemon::config_file}", } } @@ -243,11 +247,12 @@ class tor::daemon ( define map_address( $address = '', $newaddress = '') { - concatenated_file_part { "08.map_address.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "08.map_address.${name}": content => template('tor/torrc.map_address.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 08, + target => "${tor::daemon::config_file}", } } @@ -255,11 +260,12 @@ class tor::daemon ( define snippet( $content = '', $ensure = present ) { - concatenated_file_part { "99.snippet.${name}": - dir => "${tor::daemon::snippet_dir}", + concat::fragment { "99.snippet.${name}": content => "${content}", owner => 'debian-tor', group => 'debian-tor', mode => 0644, ensure => $ensure, + order => 99, + target => "${tor::daemon::config_file}", } } -- cgit v1.2.3 From 1627732475fa126d8eb3cb437994df1f14f96766 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 22:42:23 +0100 Subject: Move ensure attributes to the first place. Puppet style guide "9.3. Attribute Ordering" reads: If a resource declaration includes an ensure attribute, it should be the first attribute specified. --- manifests/daemon.pp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 5385f39..2dcdccf 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -24,9 +24,9 @@ class tor::daemon ( } user { 'debian-tor': + ensure => present, allowdupe => false, comment => 'tor user,,,', - ensure => present, home => "${data_dir}", shell => '/bin/false', gid => 'debian-tor', @@ -64,9 +64,9 @@ class tor::daemon ( # config file headers concat::fragment { '00.header': + ensure => present, content => template('tor/torrc.header.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => present, order => 00, target => "${config_file}", } @@ -116,9 +116,9 @@ class tor::daemon ( } concat::fragment { '03.relay': + ensure => $ensure, content => template('tor/torrc.relay.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 03, target => "${tor::daemon::config_file}", } @@ -141,9 +141,9 @@ class tor::daemon ( } concat::fragment { '04.control': + ensure => $ensure, content => template('tor/torrc.control.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0600, - ensure => $ensure, order => 04, target => "${tor::daemon::config_file}", } @@ -155,9 +155,9 @@ class tor::daemon ( $ensure = present ) { concat::fragment { "05.hidden_service.${name}": + ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 05, target => "${tor::daemon::config_file}", } @@ -170,17 +170,17 @@ class tor::daemon ( $ensure = present ) { concat::fragment { '06.directory': + ensure => $ensure, content => template('tor/torrc.directory.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 06, target => "${tor::daemon::config_file}", } file { '/etc/tor/tor.html': + ensure => $ensure, source => 'puppet:///modules/tor/tor.html', require => File['/etc/tor'], - ensure => $ensure, owner => 'debian-tor', group => 'debian-tor', mode => 0644, } } @@ -192,9 +192,9 @@ class tor::daemon ( $ensure = present ) { concat::fragment { "07.exit_policy.${name}": + ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 07, target => "${tor::daemon::config_file}", } @@ -206,9 +206,9 @@ class tor::daemon ( $ensure = present ) { concat::fragment { "08.dns.${name}": + ensure => $ensure, content => template('tor/torrc.dns.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 08, target => "${tor::daemon::config_file}", } @@ -220,9 +220,9 @@ class tor::daemon ( $ensure = present ) { concat::fragment { "09.transparent.${name}": + ensure => $ensure, content => template('tor/torrc.transparent.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 09, target => "${tor::daemon::config_file}", } @@ -235,9 +235,9 @@ class tor::daemon ( $ensure = present ) { concat::fragment { "10.bridge.${name}": + ensure => $ensure, content => template('tor/torrc.bridge.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 10, target => "${tor::daemon::config_file}", } @@ -248,9 +248,9 @@ class tor::daemon ( $newaddress = '') { concat::fragment { "08.map_address.${name}": + ensure => $ensure, content => template('tor/torrc.map_address.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 08, target => "${tor::daemon::config_file}", } @@ -261,9 +261,9 @@ class tor::daemon ( $ensure = present ) { concat::fragment { "99.snippet.${name}": + ensure => $ensure, content => "${content}", owner => 'debian-tor', group => 'debian-tor', mode => 0644, - ensure => $ensure, order => 99, target => "${tor::daemon::config_file}", } -- cgit v1.2.3 From 6153fcd9fd2469ab3521843defd7d61d790bb6c5 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 22:46:25 +0100 Subject: Specify file modes as single-quoted strings. Puppet style guide "9.6. File Modes" reads: In addition, file modes should be specified as single-quoted strings instead of bare word numbers. --- manifests/daemon.pp | 34 +++++++++++++++++----------------- manifests/munin.pp | 6 +++--- manifests/polipo/base.pp | 2 +- manifests/polipo/debian.pp | 2 +- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2dcdccf..e280593 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -36,7 +36,7 @@ class tor::daemon ( # directories file { "${data_dir}": ensure => directory, - mode => 0700, + mode => '0700', owner => 'debian-tor', group => 'debian-tor', require => User['debian-tor'], @@ -44,7 +44,7 @@ class tor::daemon ( file { '/etc/tor': ensure => directory, - mode => 0755, + mode => '0755', owner => 'debian-tor', group => 'debian-tor', require => User['debian-tor'], @@ -58,7 +58,7 @@ class tor::daemon ( # tor configuration file concat { "${config_file}": - mode => 0600, + mode => '0600', owner => 'debian-tor', group => 'debian-tor', } @@ -66,7 +66,7 @@ class tor::daemon ( concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 00, target => "${config_file}", } @@ -74,7 +74,7 @@ class tor::daemon ( # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 01, target => "${config_file}", } @@ -86,7 +86,7 @@ class tor::daemon ( concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 02, target => "${tor::daemon::config_file}", } @@ -118,7 +118,7 @@ class tor::daemon ( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 03, target => "${tor::daemon::config_file}", } @@ -143,7 +143,7 @@ class tor::daemon ( concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0600, + owner => 'debian-tor', group => 'debian-tor', mode => '0600', order => 04, target => "${tor::daemon::config_file}", } @@ -157,7 +157,7 @@ class tor::daemon ( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 05, target => "${tor::daemon::config_file}", } @@ -172,7 +172,7 @@ class tor::daemon ( concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 06, target => "${tor::daemon::config_file}", } @@ -181,7 +181,7 @@ class tor::daemon ( ensure => $ensure, source => 'puppet:///modules/tor/tor.html', require => File['/etc/tor'], - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', } } @@ -194,7 +194,7 @@ class tor::daemon ( concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 07, target => "${tor::daemon::config_file}", } @@ -208,7 +208,7 @@ class tor::daemon ( concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 08, target => "${tor::daemon::config_file}", } @@ -222,7 +222,7 @@ class tor::daemon ( concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 09, target => "${tor::daemon::config_file}", } @@ -237,7 +237,7 @@ class tor::daemon ( concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 10, target => "${tor::daemon::config_file}", } @@ -250,7 +250,7 @@ class tor::daemon ( concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 08, target => "${tor::daemon::config_file}", } @@ -263,7 +263,7 @@ class tor::daemon ( concat::fragment { "99.snippet.${name}": ensure => $ensure, content => "${content}", - owner => 'debian-tor', group => 'debian-tor', mode => 0644, + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 99, target => "${tor::daemon::config_file}", } diff --git a/manifests/munin.pp b/manifests/munin.pp index ecb13d9..2974195 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -3,15 +3,15 @@ class tor::munin { file { '/usr/local/share/munin-plugins/tor_connections': source => 'puppet:///modules/tor/munin/tor_connections', - mode => 0755, owner => root, group => root; + mode => '0755', owner => root, group => root; '/usr/local/share/munin-plugins/tor_routers': source => 'puppet:///modules/tor/munin/tor_routers', - mode => 0755, owner => root, group => root; + mode => '0755', owner => root, group => root; '/usr/local/share/munin-plugins/tor_traffic': source => 'puppet:///modules/tor/munin/tor_traffic', - mode => 0755, owner => root, group => root; + mode => '0755', owner => root, group => root; } munin::plugin { diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp index 8c1dd1c..f988e55 100644 --- a/manifests/polipo/base.pp +++ b/manifests/polipo/base.pp @@ -7,7 +7,7 @@ class tor::polipo::base { ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/tor/polipo/polipo.conf', require => Package['polipo'], notify => Service['polipo'], diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp index 0a8aa93..db29fe6 100644 --- a/manifests/polipo/debian.pp +++ b/manifests/polipo/debian.pp @@ -5,7 +5,7 @@ class tor::polipo::debian inherits tor::polipo::base { ensure => present, owner => root, group => root, - mode => 0755, + mode => '0755', require => Package['polipo'], source => 'puppet:///modules/tor/polipo/polipo.cron', } -- cgit v1.2.3 From 27e960c83b26d036a940dff0fc61737fc4ed5af5 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 11 Nov 2012 22:49:15 +0100 Subject: Cleanup: remove now useless variable. --- manifests/daemon.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index e280593..8af53bf 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -6,9 +6,6 @@ class tor::daemon ( $log_rules = [ 'notice file /var/log/tor/notices.log' ], ) inherits tor { - # constants - $spool_dir = '/var/lib/puppet/modules/tor' - # packages, user, group Service['tor'] { subscribe => File["${config_file}"], @@ -50,7 +47,7 @@ class tor::daemon ( require => User['debian-tor'], } - file { "${spool_dir}": + file { '/var/lib/puppet/modules/tor': ensure => absent, recurse => true, force => true, -- cgit v1.2.3 From 332bed5098758e5a2767246c4224b25f650c794f Mon Sep 17 00:00:00 2001 From: intrigeri Date: Wed, 2 Jan 2013 12:30:55 +0100 Subject: Linting. --- manifests/daemon.pp | 225 +++++++++++++++++++++++++++++++--------------------- manifests/munin.pp | 14 +++- manifests/polipo.pp | 4 +- 3 files changed, 145 insertions(+), 98 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 8af53bf..2bee67b 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -8,11 +8,11 @@ class tor::daemon ( # packages, user, group Service['tor'] { - subscribe => File["${config_file}"], + subscribe => File[$config_file], } Package[ 'tor' ] { - require => File["${data_dir}"], + require => File[$data_dir], } group { 'debian-tor': @@ -24,14 +24,14 @@ class tor::daemon ( ensure => present, allowdupe => false, comment => 'tor user,,,', - home => "${data_dir}", + home => $data_dir, shell => '/bin/false', gid => 'debian-tor', - require => Group['debian-tor'], + require => Group['debian-tor'], } # directories - file { "${data_dir}": + file { $data_dir: ensure => directory, mode => '0700', owner => 'debian-tor', @@ -54,56 +54,66 @@ class tor::daemon ( } # tor configuration file - concat { "${config_file}": + concat { $config_file: mode => '0600', - owner => 'debian-tor', group => 'debian-tor', + owner => 'debian-tor', + group => 'debian-tor', } # config file headers concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 00, - target => "${config_file}", + target => $config_file, } # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 01, - target => "${config_file}", + target => $config_file, } # socks definition - define socks( $port = 0, - $listen_addresses = [], - $policies = [] ) { + define socks( + $port = 0, + $listen_addresses = [], + $policies = [] ) { concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', group => 'debian-tor', mode => '0644', order => 02, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # relay definition - define relay( $port = 0, - $listen_addresses = [], - $outbound_bindaddresses = [], - $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s - $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s - $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. - $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. - $accounting_start = [], - $contact_info = '', - $my_family = '', # TODO: autofill with other relays - $address = "tor.${domain}", - $bridge_relay = 0, - $ensure = present ) { + define relay( + $port = 0, + $listen_addresses = [], + $outbound_bindaddresses = [], + # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_rate = '', + # KB/s, defaulting to using tor's default: 10240KB/s + $bandwidth_burst = '', + # KB/s, 0 for no limit + $relay_bandwidth_rate = 0, + # KB/s, 0 for no limit + $relay_bandwidth_burst = 0, + # GB, 0 for no limit + $accounting_max = 0, + $accounting_start = [], + $contact_info = '', + # TODO: autofill with other relays + $my_family = '', + $address = "tor.${::domain}", + $bridge_relay = 0, + $ensure = present ) { + $nickname = $name if $outbound_bindaddresses == [] { @@ -115,154 +125,185 @@ class tor::daemon ( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 03, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } + } # control definition - define control( $port = 0, - $hashed_control_password = '', - $cookie_authentication = 0, - $cookie_auth_file = '', - $cookie_auth_file_group_readable = '', - $ensure = present ) { + define control( + $port = 0, + $hashed_control_password = '', + $cookie_authentication = 0, + $cookie_auth_file = '', + $cookie_auth_file_group_readable = '', + $ensure = present ) { if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { fail('You need to define the tor control password') } - if $cookie_authentication == 0 and ("${cookie_auth_file}" != '' or "${cookie_auth_file_group_readable}" != '') { + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { notice('You set a tor cookie authentication option, but do not have cookie_authentication on') } - + concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0600', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600', order => 04, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } + } # hidden services definition - define hidden_service( $ports = [], - $data_dir = "${tor::daemon::data_dir}", - $ensure = present ) { + define hidden_service( + $ports = [], + $data_dir = $tor::daemon::data_dir, + $ensure = present ) { concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 05, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } - + } + # directory advertising - define directory ( $port = 0, - $listen_addresses = [], - $port_front_page = '/etc/tor/tor.html', - $ensure = present ) { + define directory ( + $port = 0, + $listen_addresses = [], + $port_front_page = '/etc/tor/tor.html', + $ensure = present ) { concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 06, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - + file { '/etc/tor/tor.html': ensure => $ensure, source => 'puppet:///modules/tor/tor.html', require => File['/etc/tor'], - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', } - } + } # exit policies - define exit_policy( $accept = [], - $reject = [], - $reject_private = 1, - $ensure = present ) { + define exit_policy( + $accept = [], + $reject = [], + $reject_private = 1, + $ensure = present ) { concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 07, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } - } + } # DNS definition - define dns( $port = 0, - $listen_addresses = [], - $ensure = present ) { + define dns( + $port = 0, + $listen_addresses = [], + $ensure = present ) { concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 08, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # Transparent proxy definition - define transparent( $port = 0, - $listen_addresses = [], - $ensure = present ) { + define transparent( + $port = 0, + $listen_addresses = [], + $ensure = present ) { concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 09, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # Bridge definition - define bridge( $ip, - $port, - $fingerprint = false, - $ensure = present ) { + define bridge( + $ip, + $port, + $fingerprint = false, + $ensure = present ) { concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 10, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # map address definition - define map_address( $address = '', - $newaddress = '') { + define map_address( + $address = '', + $newaddress = '') { concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 08, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } # Arbitrary torrc snippet definition - define snippet( $content = '', - $ensure = present ) { + define snippet( + $content = '', + $ensure = present ) { concat::fragment { "99.snippet.${name}": ensure => $ensure, - content => "${content}", - owner => 'debian-tor', group => 'debian-tor', mode => '0644', + content => $content, + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', order => 99, - target => "${tor::daemon::config_file}", + target => $tor::daemon::config_file, } } diff --git a/manifests/munin.pp b/manifests/munin.pp index 2974195..2f0d5c2 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -3,15 +3,21 @@ class tor::munin { file { '/usr/local/share/munin-plugins/tor_connections': source => 'puppet:///modules/tor/munin/tor_connections', - mode => '0755', owner => root, group => root; - + mode => '0755', + owner => root, + group => root; + '/usr/local/share/munin-plugins/tor_routers': source => 'puppet:///modules/tor/munin/tor_routers', - mode => '0755', owner => root, group => root; + mode => '0755', + owner => root, + group => root; '/usr/local/share/munin-plugins/tor_traffic': source => 'puppet:///modules/tor/munin/tor_traffic', - mode => '0755', owner => root, group => root; + mode => '0755', + owner => root, + group => root; } munin::plugin { diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 9a8fdb5..1201e55 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,8 +1,8 @@ class tor::polipo { include ::tor - case "${::operatingsystem}" { + case $::operatingsystem { 'debian': { include tor::polipo::debian } - default: { include tor::polipo::base } + default: { include tor::polipo::base } } } -- cgit v1.2.3 From b421d5d7936a7e2f93f1c62322a669d91693b9b6 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Jan 2013 13:05:57 +0100 Subject: make it working on 2.6 - can't end with a , on 2.6 --- manifests/daemon.pp | 2 +- manifests/init.pp | 2 +- manifests/torsocks.pp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2bee67b..623aa22 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -3,7 +3,7 @@ class tor::daemon ( $config_file = '/etc/tor/torrc', $use_bridges = 0, $automap_hosts_on_resolve = 0, - $log_rules = [ 'notice file /var/log/tor/notices.log' ], + $log_rules = [ 'notice file /var/log/tor/notices.log' ] ) inherits tor { # packages, user, group diff --git a/manifests/init.pp b/manifests/init.pp index 82820f5..c620718 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,6 +1,6 @@ class tor ( $ensure_version = 'installed', - $use_munin = false, + $use_munin = false ){ package { [ 'tor', 'tor-geoipdb' ]: diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp index 452b4f1..b4c3ad6 100644 --- a/manifests/torsocks.pp +++ b/manifests/torsocks.pp @@ -1,5 +1,5 @@ class tor::torsocks ( - $ensure_version = 'installed', + $ensure_version = 'installed' ){ include ::tor package{'torsocks': -- cgit v1.2.3 From 3fb09572cbbef20a72feb3e3a50711ba7eba1cea Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Jan 2013 13:41:56 +0100 Subject: split out defines into their own files --- manifests/daemon.pp | 231 ------------------------------------- manifests/daemon/bridge.pp | 18 +++ manifests/daemon/control.pp | 27 +++++ manifests/daemon/directory.pp | 27 +++++ manifests/daemon/dns.pp | 17 +++ manifests/daemon/exit_policy.pp | 18 +++ manifests/daemon/hidden_service.pp | 17 +++ manifests/daemon/map_address.pp | 16 +++ manifests/daemon/relay.pp | 41 +++++++ manifests/daemon/snippet.pp | 16 +++ manifests/daemon/socks.pp | 15 +++ manifests/daemon/transparent.pp | 17 +++ 12 files changed, 229 insertions(+), 231 deletions(-) create mode 100644 manifests/daemon/bridge.pp create mode 100644 manifests/daemon/control.pp create mode 100644 manifests/daemon/directory.pp create mode 100644 manifests/daemon/dns.pp create mode 100644 manifests/daemon/exit_policy.pp create mode 100644 manifests/daemon/hidden_service.pp create mode 100644 manifests/daemon/map_address.pp create mode 100644 manifests/daemon/relay.pp create mode 100644 manifests/daemon/snippet.pp create mode 100644 manifests/daemon/socks.pp create mode 100644 manifests/daemon/transparent.pp diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 623aa22..1f4ea49 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -76,235 +76,4 @@ class tor::daemon ( order => 01, target => $config_file, } - - # socks definition - define socks( - $port = 0, - $listen_addresses = [], - $policies = [] ) { - - concat::fragment { '02.socks': - content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', - order => 02, - target => $tor::daemon::config_file, - } - } - - # relay definition - define relay( - $port = 0, - $listen_addresses = [], - $outbound_bindaddresses = [], - # KB/s, defaulting to using tor's default: 5120KB/s - $bandwidth_rate = '', - # KB/s, defaulting to using tor's default: 10240KB/s - $bandwidth_burst = '', - # KB/s, 0 for no limit - $relay_bandwidth_rate = 0, - # KB/s, 0 for no limit - $relay_bandwidth_burst = 0, - # GB, 0 for no limit - $accounting_max = 0, - $accounting_start = [], - $contact_info = '', - # TODO: autofill with other relays - $my_family = '', - $address = "tor.${::domain}", - $bridge_relay = 0, - $ensure = present ) { - - $nickname = $name - - if $outbound_bindaddresses == [] { - $real_outbound_bindaddresses = $listen_addresses - } else { - $real_outbound_bindaddresses = $outbound_bindaddresses - } - - concat::fragment { '03.relay': - ensure => $ensure, - content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 03, - target => $tor::daemon::config_file, - } - } - - # control definition - define control( - $port = 0, - $hashed_control_password = '', - $cookie_authentication = 0, - $cookie_auth_file = '', - $cookie_auth_file_group_readable = '', - $ensure = present ) { - - if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { - fail('You need to define the tor control password') - } - - if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { - notice('You set a tor cookie authentication option, but do not have cookie_authentication on') - } - - concat::fragment { '04.control': - ensure => $ensure, - content => template('tor/torrc.control.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0600', - order => 04, - target => $tor::daemon::config_file, - } - } - - # hidden services definition - define hidden_service( - $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { - - concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, - content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 05, - target => $tor::daemon::config_file, - } - } - - # directory advertising - define directory ( - $port = 0, - $listen_addresses = [], - $port_front_page = '/etc/tor/tor.html', - $ensure = present ) { - - concat::fragment { '06.directory': - ensure => $ensure, - content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 06, - target => $tor::daemon::config_file, - } - - file { '/etc/tor/tor.html': - ensure => $ensure, - source => 'puppet:///modules/tor/tor.html', - require => File['/etc/tor'], - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - } - } - - # exit policies - define exit_policy( - $accept = [], - $reject = [], - $reject_private = 1, - $ensure = present ) { - - concat::fragment { "07.exit_policy.${name}": - ensure => $ensure, - content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 07, - target => $tor::daemon::config_file, - } - } - - # DNS definition - define dns( - $port = 0, - $listen_addresses = [], - $ensure = present ) { - - concat::fragment { "08.dns.${name}": - ensure => $ensure, - content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 08, - target => $tor::daemon::config_file, - } - } - - # Transparent proxy definition - define transparent( - $port = 0, - $listen_addresses = [], - $ensure = present ) { - - concat::fragment { "09.transparent.${name}": - ensure => $ensure, - content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 09, - target => $tor::daemon::config_file, - } - } - - # Bridge definition - define bridge( - $ip, - $port, - $fingerprint = false, - $ensure = present ) { - - concat::fragment { "10.bridge.${name}": - ensure => $ensure, - content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 10, - target => $tor::daemon::config_file, - } - } - - # map address definition - define map_address( - $address = '', - $newaddress = '') { - - concat::fragment { "08.map_address.${name}": - ensure => $ensure, - content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 08, - target => $tor::daemon::config_file, - } - } - - # Arbitrary torrc snippet definition - define snippet( - $content = '', - $ensure = present ) { - - concat::fragment { "99.snippet.${name}": - ensure => $ensure, - content => $content, - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', - order => 99, - target => $tor::daemon::config_file, - } - } - } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp new file mode 100644 index 0000000..063f565 --- /dev/null +++ b/manifests/daemon/bridge.pp @@ -0,0 +1,18 @@ +# Bridge definition +define tor::daemon::bridge( + $ip, + $port, + $fingerprint = false, + $ensure = present ) { + + concat::fragment { "10.bridge.${name}": + ensure => $ensure, + content => template('tor/torrc.bridge.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 10, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp new file mode 100644 index 0000000..0172656 --- /dev/null +++ b/manifests/daemon/control.pp @@ -0,0 +1,27 @@ +# control definition +define tor::daemon::control( + $port = 0, + $hashed_control_password = '', + $cookie_authentication = 0, + $cookie_auth_file = '', + $cookie_auth_file_group_readable = '', + $ensure = present ) { + + if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { + fail('You need to define the tor control password') + } + + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + notice('You set a tor cookie authentication option, but do not have cookie_authentication on') + } + + concat::fragment { '04.control': + ensure => $ensure, + content => template('tor/torrc.control.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600', + order => 04, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp new file mode 100644 index 0000000..b71b6e6 --- /dev/null +++ b/manifests/daemon/directory.pp @@ -0,0 +1,27 @@ +# directory advertising +define tor::daemon::directory ( + $port = 0, + $listen_addresses = [], + $port_front_page = '/etc/tor/tor.html', + $ensure = present ) { + + concat::fragment { '06.directory': + ensure => $ensure, + content => template('tor/torrc.directory.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 06, + target => $tor::daemon::config_file, + } + + file { '/etc/tor/tor.html': + ensure => $ensure, + source => 'puppet:///modules/tor/tor.html', + require => File['/etc/tor'], + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + } +} + diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp new file mode 100644 index 0000000..f3a7027 --- /dev/null +++ b/manifests/daemon/dns.pp @@ -0,0 +1,17 @@ +# DNS definition +define tor::daemon::dns( + $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concat::fragment { "08.dns.${name}": + ensure => $ensure, + content => template('tor/torrc.dns.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 08, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp new file mode 100644 index 0000000..f459ece --- /dev/null +++ b/manifests/daemon/exit_policy.pp @@ -0,0 +1,18 @@ +# exit policies +define tor::daemon::exit_policy( + $accept = [], + $reject = [], + $reject_private = 1, + $ensure = present ) { + + concat::fragment { "07.exit_policy.${name}": + ensure => $ensure, + content => template('tor/torrc.exit_policy.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 07, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp new file mode 100644 index 0000000..c827211 --- /dev/null +++ b/manifests/daemon/hidden_service.pp @@ -0,0 +1,17 @@ +# hidden services definition +define tor::daemon::hidden_service( + $ports = [], + $data_dir = $tor::daemon::data_dir, + $ensure = present ) { + + concat::fragment { "05.hidden_service.${name}": + ensure => $ensure, + content => template('tor/torrc.hidden_service.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 05, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp new file mode 100644 index 0000000..6cb0956 --- /dev/null +++ b/manifests/daemon/map_address.pp @@ -0,0 +1,16 @@ +# map address definition +define tor::daemon::map_address( + $address = '', + $newaddress = '') { + + concat::fragment { "08.map_address.${name}": + ensure => $ensure, + content => template('tor/torrc.map_address.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 08, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp new file mode 100644 index 0000000..d5296de --- /dev/null +++ b/manifests/daemon/relay.pp @@ -0,0 +1,41 @@ +# relay definition +define tor::daemon::relay( + $port = 0, + $listen_addresses = [], + $outbound_bindaddresses = [], + # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_rate = '', + # KB/s, defaulting to using tor's default: 10240KB/s + $bandwidth_burst = '', + # KB/s, 0 for no limit + $relay_bandwidth_rate = 0, + # KB/s, 0 for no limit + $relay_bandwidth_burst = 0, + # GB, 0 for no limit + $accounting_max = 0, + $accounting_start = [], + $contact_info = '', + # TODO: autofill with other relays + $my_family = '', + $address = "tor.${::domain}", + $bridge_relay = 0, + $ensure = present ) { + + $nickname = $name + + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = $listen_addresses + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } + + concat::fragment { '03.relay': + ensure => $ensure, + content => template('tor/torrc.relay.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 03, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp new file mode 100644 index 0000000..b9089b4 --- /dev/null +++ b/manifests/daemon/snippet.pp @@ -0,0 +1,16 @@ +# Arbitrary torrc snippet definition +define tor::daemon::snippet( + $content = '', + $ensure = present ) { + + concat::fragment { "99.snippet.${name}": + ensure => $ensure, + content => $content, + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 99, + target => $tor::daemon::config_file, + } +} + diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp new file mode 100644 index 0000000..910461c --- /dev/null +++ b/manifests/daemon/socks.pp @@ -0,0 +1,15 @@ +# socks definition +define tor::daemon::socks( + $port = 0, + $listen_addresses = [], + $policies = [] ) { + + concat::fragment { '02.socks': + content => template('tor/torrc.socks.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 02, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp new file mode 100644 index 0000000..74fed4f --- /dev/null +++ b/manifests/daemon/transparent.pp @@ -0,0 +1,17 @@ +# Transparent proxy definition +define tor::daemon::transparent( + $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concat::fragment { "09.transparent.${name}": + ensure => $ensure, + content => template('tor/torrc.transparent.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 09, + target => $tor::daemon::config_file, + } +} + -- cgit v1.2.3 From 225adb9f30bff4064e3a166498f147bfd9a9f6eb Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Jan 2013 13:54:57 +0100 Subject: refactor daemon and main class for better design By extracting the resources to their own class we can avoid a bug in puppet that makes it hard to deal with inherited parametrized classes. --- README | 8 ++--- manifests/base.pp | 14 ++++++++ manifests/compact.pp | 2 ++ manifests/daemon.pp | 77 +++++------------------------------------ manifests/daemon/base.pp | 77 +++++++++++++++++++++++++++++++++++++++++ manifests/daemon/map_address.pp | 3 +- manifests/init.pp | 13 ++----- manifests/munin.pp | 1 + manifests/polipo.pp | 1 + manifests/polipo/base.pp | 1 + manifests/polipo/debian.pp | 1 + manifests/torsocks.pp | 1 + 12 files changed, 113 insertions(+), 86 deletions(-) create mode 100644 manifests/base.pp create mode 100644 manifests/daemon/base.pp diff --git a/README b/README index 49b91f0..c241118 100644 --- a/README +++ b/README @@ -81,14 +81,12 @@ config, for example the following will use syslog: } If you want to set specific options for the tor class, -you need to define it before tor::daemon in your manifests, +you may pass them directly to the tor::daemon in your manifests, e.g.: - class { '::tor': - use_munin => true, - } class { '::tor::daemon': - automap_hosts_on_resolve => 1, + use_munin => true, + automap_hosts_on_resolve => 1, } Configuring socks diff --git a/manifests/base.pp b/manifests/base.pp new file mode 100644 index 0000000..b98451b --- /dev/null +++ b/manifests/base.pp @@ -0,0 +1,14 @@ +# basic management of resources for tor +class tor::base { + package { [ 'tor', 'tor-geoipdb' ]: + ensure => $tor::ensure_version, + } + + service { 'tor': + ensure => running, + enable => true, + hasrestart => true, + hasstatus => true, + require => Package['tor'], + } +} diff --git a/manifests/compact.pp b/manifests/compact.pp index 472a4a6..c0f5919 100644 --- a/manifests/compact.pp +++ b/manifests/compact.pp @@ -1,3 +1,5 @@ +# manage a complete tor +# installation with all the basics class tor::compact { include ::tor include tor::polipo diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 1f4ea49..000c959 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,79 +1,18 @@ +# manage a snippet based tor installation class tor::daemon ( + $ensure_version = 'installed', + $use_munin = false, $data_dir = '/var/lib/tor', $config_file = '/etc/tor/torrc', $use_bridges = 0, $automap_hosts_on_resolve = 0, $log_rules = [ 'notice file /var/log/tor/notices.log' ] -) inherits tor { +) { - # packages, user, group - Service['tor'] { - subscribe => File[$config_file], + class{'tor': + ensure_version => $ensure_version, + use_munin => $use_munin, } - Package[ 'tor' ] { - require => File[$data_dir], - } - - group { 'debian-tor': - ensure => present, - allowdupe => false, - } - - user { 'debian-tor': - ensure => present, - allowdupe => false, - comment => 'tor user,,,', - home => $data_dir, - shell => '/bin/false', - gid => 'debian-tor', - require => Group['debian-tor'], - } - - # directories - file { $data_dir: - ensure => directory, - mode => '0700', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { '/etc/tor': - ensure => directory, - mode => '0755', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { '/var/lib/puppet/modules/tor': - ensure => absent, - recurse => true, - force => true, - } - - # tor configuration file - concat { $config_file: - mode => '0600', - owner => 'debian-tor', - group => 'debian-tor', - } - - # config file headers - concat::fragment { '00.header': - ensure => present, - content => template('tor/torrc.header.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', - order => 00, - target => $config_file, - } - - # global configurations - concat::fragment { '01.global': - content => template('tor/torrc.global.erb'), - owner => 'debian-tor', group => 'debian-tor', mode => '0644', - order => 01, - target => $config_file, - } + include tor::daemon::base } diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp new file mode 100644 index 0000000..63d7bc4 --- /dev/null +++ b/manifests/daemon/base.pp @@ -0,0 +1,77 @@ +# extend basic tor things with a snippet based daemon configuration +class tor::daemon::base inherits tor::base { + # packages, user, group + Service['tor'] { + subscribe => File[$tor::daemon::config_file], + } + + Package[ 'tor' ] { + require => File[$tor::daemon::data_dir], + } + + group { 'debian-tor': + ensure => present, + allowdupe => false, + } + + user { 'debian-tor': + ensure => present, + allowdupe => false, + comment => 'tor user,,,', + home => $tor::daemon::data_dir, + shell => '/bin/false', + gid => 'debian-tor', + require => Group['debian-tor'], + } + + # directories + file { $tor::daemon::data_dir: + ensure => directory, + mode => '0700', + owner => 'debian-tor', + group => 'debian-tor', + require => User['debian-tor'], + } + + file { '/etc/tor': + ensure => directory, + mode => '0755', + owner => 'debian-tor', + group => 'debian-tor', + require => User['debian-tor'], + } + + file { '/var/lib/puppet/modules/tor': + ensure => absent, + recurse => true, + force => true, + } + + # tor configuration file + concat { $tor::daemon::config_file: + mode => '0600', + owner => 'debian-tor', + group => 'debian-tor', + } + + # config file headers + concat::fragment { '00.header': + ensure => present, + content => template('tor/torrc.header.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 00, + target => $tor::daemon::config_file, + } + + # global configurations + concat::fragment { '01.global': + content => template('tor/torrc.global.erb'), + owner => 'debian-tor', + group => 'debian-tor', + mode => '0644', + order => 01, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index 6cb0956..e970fe5 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -1,7 +1,8 @@ # map address definition define tor::daemon::map_address( $address = '', - $newaddress = '') { + $newaddress = '' + $ensure = 'present') { concat::fragment { "08.map_address.${name}": ensure => $ensure, diff --git a/manifests/init.pp b/manifests/init.pp index c620718..3653c89 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,19 +1,10 @@ +# manage a basic tor installation class tor ( $ensure_version = 'installed', $use_munin = false ){ - package { [ 'tor', 'tor-geoipdb' ]: - ensure => $ensure_version, - } - - service { 'tor': - ensure => running, - enable => true, - hasrestart => true, - hasstatus => true, - require => Package['tor'], - } + include tor::base if $use_munin { include tor::munin diff --git a/manifests/munin.pp b/manifests/munin.pp index 2f0d5c2..ecc3130 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,3 +1,4 @@ +# munin plugins for puppet class tor::munin { file { diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 1201e55..73dc226 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,3 +1,4 @@ +# manage the polipo proxy service class tor::polipo { include ::tor diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp index f988e55..df2d6ea 100644 --- a/manifests/polipo/base.pp +++ b/manifests/polipo/base.pp @@ -1,3 +1,4 @@ +# manage polipo resources class tor::polipo::base { package{'polipo': ensure => present, diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp index db29fe6..e39f603 100644 --- a/manifests/polipo/debian.pp +++ b/manifests/polipo/debian.pp @@ -1,3 +1,4 @@ +# manage polipo on debian class tor::polipo::debian inherits tor::polipo::base { # TODO: restore file to original state after the following bug is solved: # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp index b4c3ad6..e9fc75b 100644 --- a/manifests/torsocks.pp +++ b/manifests/torsocks.pp @@ -1,3 +1,4 @@ +# manage torsocks class tor::torsocks ( $ensure_version = 'installed' ){ -- cgit v1.2.3 From e5a89865b70d694ebf978ed9743476b511974d92 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Jan 2013 13:59:50 +0100 Subject: use the deploy mechanism of the munin module --- manifests/munin.pp | 34 +++++++++------------------------- 1 file changed, 9 insertions(+), 25 deletions(-) diff --git a/manifests/munin.pp b/manifests/munin.pp index ecc3130..e1b369a 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,30 +1,14 @@ # munin plugins for puppet class tor::munin { - - file { - '/usr/local/share/munin-plugins/tor_connections': - source => 'puppet:///modules/tor/munin/tor_connections', - mode => '0755', - owner => root, - group => root; - - '/usr/local/share/munin-plugins/tor_routers': - source => 'puppet:///modules/tor/munin/tor_routers', - mode => '0755', - owner => root, - group => root; - - '/usr/local/share/munin-plugins/tor_traffic': - source => 'puppet:///modules/tor/munin/tor_traffic', - mode => '0755', - owner => root, - group => root; + Munin::Plugin::Deploy { + config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie" } - - munin::plugin { - [ 'tor_connections', 'tor_routers', 'tor_traffic' ]: - ensure => present, - config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie", - script_path_in => '/usr/local/share/munin-plugins'; + munin::plugin::deploy { + 'tor_connections': + source => 'tor/munin/tor_connections'; + 'tor_routers': + source => 'tor/munin/tor_routers'; + 'tor_traffic': + source => 'tor/munin/tor_traffic'; } } -- cgit v1.2.3 From e0cf3dc7de751df2b51e4a00cf397537da147e32 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Jan 2013 14:14:28 +0100 Subject: manage a dedicated control port for munin --- manifests/daemon.pp | 5 ++++- manifests/init.pp | 5 ----- manifests/munin.pp | 9 ++++++++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 000c959..2440180 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -11,8 +11,11 @@ class tor::daemon ( class{'tor': ensure_version => $ensure_version, - use_munin => $use_munin, } include tor::daemon::base + + if $use_munin { + include tor::munin + } } diff --git a/manifests/init.pp b/manifests/init.pp index 3653c89..c6e4e04 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,12 +1,7 @@ # manage a basic tor installation class tor ( $ensure_version = 'installed', - $use_munin = false ){ include tor::base - - if $use_munin { - include tor::munin - } } diff --git a/manifests/munin.pp b/manifests/munin.pp index e1b369a..4412337 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,7 +1,14 @@ # munin plugins for puppet class tor::munin { + tor::daemon::control{ + 'control_port_for_munin': + port => 19051, + cookie_authentication => 1, + cookie_auth_file => '/var/run/tor/control.authcookie', + } + Munin::Plugin::Deploy { - config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie" + config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" } munin::plugin::deploy { 'tor_connections': -- cgit v1.2.3 From a780e84001177f10a86a7bf824589c0553f513a0 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Jan 2013 14:16:11 +0100 Subject: fix typo on 2.6 --- manifests/init.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index c6e4e04..9c19c64 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,6 @@ # manage a basic tor installation class tor ( - $ensure_version = 'installed', + $ensure_version = 'installed' ){ - include tor::base } -- cgit v1.2.3