From 8e0dbb0d9d903fbf89e4263cd29c1b1a7d597075 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Thu, 26 Apr 2012 16:56:35 +0200 Subject: Fix the relay define's outbound_bindaddresses default value setting. Apparently, we have no guarantee $outbound_bindaddresses's value is set *after* $listen_addresses is, so (at least on my setup) it ends up being undef, and then the template parsing fails: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template tor/torrc.relay.erb: undefined method `each' for :undef:Symbol at /etc/puppet/modules/tor/manifests/daemon.pp:117 So, let's set $real_outbound_bindaddresses to $listen_addresses in the define body, as needed. --- templates/torrc.relay.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 2ab34bf..990dfcc 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -4,7 +4,7 @@ ORPort <%= port %> <%- for listen_address in listen_addresses -%> ORListenAddress <%= listen_address %> <%- end -%> -<%- for outbound_bindaddress in outbound_bindaddresses -%> +<%- for outbound_bindaddress in real_outbound_bindaddresses -%> OutboundBindAddress <%= outbound_bindaddress %> <%- end -%> <%- if nickname != '' then -%> -- cgit v1.2.3 From f12bf2ae954aeabb0c75d52801158238931ca0ae Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 03:59:20 +0200 Subject: Add support for DNSPort and DNSListenAddress. --- manifests/daemon.pp | 14 ++++++++++++++ templates/torrc.dns.erb | 5 +++++ 2 files changed, 19 insertions(+) create mode 100644 templates/torrc.dns.erb (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 4911cd0..ac8529c 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -190,5 +190,19 @@ class tor::daemon inherits tor { ensure => $ensure, } } + + # DNS definition + define dns( $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concatenated_file_part { "08.dns.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.dns.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb new file mode 100644 index 0000000..bd1e719 --- /dev/null +++ b/templates/torrc.dns.erb @@ -0,0 +1,5 @@ +# DNS +DNSPort <%= port %> +<%- for listen_address in listen_addresses -%> +DNSListenAddress <%= listen_address %> +<%- end -%> -- cgit v1.2.3 From ebee9da1b3883461b18f9aae86663002195e94e7 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 04:02:13 +0200 Subject: Add support for TransPort and TransListenAddress. --- manifests/daemon.pp | 13 +++++++++++++ templates/torrc.transparent.erb | 5 +++++ 2 files changed, 18 insertions(+) create mode 100644 templates/torrc.transparent.erb (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index ac8529c..0778bce 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -204,5 +204,18 @@ class tor::daemon inherits tor { } } + # Transparent proxy definition + define transparent( $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concatenated_file_part { "09.transparent.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.transparent.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb new file mode 100644 index 0000000..dae97dc --- /dev/null +++ b/templates/torrc.transparent.erb @@ -0,0 +1,5 @@ +# Transparent proxy +TransPort <%= port %> +<%- for listen_address in listen_addresses -%> +TransListenAddress <%= listen_address %> +<%- end -%> -- cgit v1.2.3 From f401daa245495233c3d86d5f955105be564e02b1 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 04:07:31 +0200 Subject: Add support for using bridges. --- manifests/daemon.pp | 17 ++++++++++++++++- templates/torrc.bridge.erb | 3 +++ templates/torrc.global.erb | 1 + 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 templates/torrc.bridge.erb (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 0778bce..2484edf 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -76,7 +76,8 @@ class tor::daemon inherits tor { # global configurations define global_opts( $data_dir = $tor::daemon::data_dir, - $log_rules = [ 'notice file /var/log/tor/notices.log' ] ) { + $log_rules = [ 'notice file /var/log/tor/notices.log' ], + $use_bridges = 0 ) { concatenated_file_part { '01.global': dir => $tor::daemon::snippet_dir, @@ -217,5 +218,19 @@ class tor::daemon inherits tor { } } + # Bridge definition + define bridge( $ip, + $port, + $fingerprint = false, + $ensure = present ) { + + concatenated_file_part { "10.bridge.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.bridge.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + } diff --git a/templates/torrc.bridge.erb b/templates/torrc.bridge.erb new file mode 100644 index 0000000..58ef70d --- /dev/null +++ b/templates/torrc.bridge.erb @@ -0,0 +1,3 @@ +# Bridge <%= name%> +Bridge <%= ip%>:<%= port%><%- if fingerprint -%> <%= fingerprint%><%- end -%> + diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index 6ca49de..84e244d 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -11,3 +11,4 @@ Log <%= log_rule %> Log notice syslog <%- end -%> +UseBridges <%= use_bridges%> -- cgit v1.2.3 From d017a7eee415a1398a0f7e533a5bfba3986e7505 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 19 Jun 2012 04:48:26 +0200 Subject: Add support for AutomapHostsOnResolve. --- manifests/daemon.pp | 5 +++-- templates/torrc.global.erb | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2484edf..d04734d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -77,9 +77,10 @@ class tor::daemon inherits tor { # global configurations define global_opts( $data_dir = $tor::daemon::data_dir, $log_rules = [ 'notice file /var/log/tor/notices.log' ], - $use_bridges = 0 ) { + $use_bridges = 0, + $automap_hosts_on_resolve = 0) { - concatenated_file_part { '01.global': + concatenated_file_part { '01.global': dir => $tor::daemon::snippet_dir, content => template('tor/torrc.global.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index 84e244d..3a3b623 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -11,4 +11,5 @@ Log <%= log_rule %> Log notice syslog <%- end -%> +AutomapHostsOnResolve <%= automap_hosts_on_resolve%> UseBridges <%= use_bridges%> -- cgit v1.2.3 From ed98955cec143ee81b09a525318518825b86a791 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 20 Jun 2012 23:24:30 -0300 Subject: Adding support for MapAddress tor option --- manifests/daemon.pp | 12 ++++++++++++ templates/torrc.map_address.erb | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 templates/torrc.map_address.erb (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 6d8c315..d1d57df 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -184,5 +184,17 @@ class tor::daemon inherits tor { ensure => $ensure, } } + + # map address definition + define map_address( $address = '', + $newaddress = '') { + + concatenated_file_part { "08.map_address.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.map_address.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } } diff --git a/templates/torrc.map_address.erb b/templates/torrc.map_address.erb new file mode 100644 index 0000000..3fb0274 --- /dev/null +++ b/templates/torrc.map_address.erb @@ -0,0 +1,3 @@ +# map address <%= name %> +MapAddress <%= address %> <%= newaddress %> + -- cgit v1.2.3 From 0cc4d9c90911b0117cfd13fbee5e18bcfd9c89c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 30 Jul 2012 22:08:30 -0400 Subject: switch bandwidth_rate and bandwidth_burst to be relay_bandwidth_rate and relay_bandwidth_burst so we can use those variables for their proper tor configuration variables --- manifests/daemon.pp | 8 +++++--- templates/torrc.relay.erb | 14 ++++++++++---- 2 files changed, 15 insertions(+), 7 deletions(-) (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 6d8c315..5150c96 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -101,9 +101,11 @@ class tor::daemon inherits tor { define relay( $port = 0, $listen_addresses = [], $outbound_bindaddresses = $listen_addresses, - $bandwidth_rate = 0, # KB/s, 0 for no limit. - $bandwidth_burst = 0, # KB/s, 0 for no limit. - $accounting_max = 0, # GB, 0 for no limit. + $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s + $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. + $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. $accounting_start = [], $contact_info = '', $my_family = '', # TODO: autofill with other relays diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 2ab34bf..71c94b9 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -13,11 +13,17 @@ Nickname <%= nickname %> <%- if address != '' then -%> Address <%= address %> <%- end -%> -<%- if bandwidth_rate != '0' then -%> -RelayBandwidthRate <%= bandwidth_rate %> KB +<%- if bandwidth_rate != '' then -%> +BandwidthRate <%= bandwidth_rate %> KB <%- end -%> -<%- if bandwidth_burst != '0' then -%> -RelayBandwidthBurst <%= bandwidth_burst %> KB +<%- if bandwidth_burst != '' then -%> +BandwidthBurst <%= bandwidth_burst %> KB +<%- end -%> +<%- if relay_bandwidth_rate != '0' then -%> +RelayBandwidthRate <%= relay_bandwidth_rate %> KB +<%- end -%> +<%- if relay_bandwidth_burst != '0' then -%> +RelayBandwidthBurst <%= relay_bandwidth_burst %> KB <%- end -%> <%- if accounting_max != '0' then -%> AccountingMax <%= accounting_max %> GB -- cgit v1.2.3 From 1591ee0c75565a0109ce4615f78e2bef444e1491 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 3 Aug 2012 15:00:32 -0400 Subject: add $cookie_authentication, $cookie_auth_file and $cookie_auth_file_group_readable variables --- manifests/daemon.pp | 13 ++++++++++--- templates/torrc.control.erb | 10 ++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) (limited to 'templates') diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 5150c96..8f6d80d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -123,13 +123,20 @@ class tor::daemon inherits tor { } # control definition - define control( $port = 0, - $hashed_control_password = '', + define control( $port = 0, + $hashed_control_password = '', + $cookie_authentication = 0, + $cookie_auth_file = '', + $cookie_auth_file_group_readable = '', $ensure = present ) { - if $hashed_control_password == '' and $ensure != 'absent' { + if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { fail("You need to define the tor control password") } + + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + notice("You set a tor cookie authentication option, but do not have cookie_authentication on") + } concatenated_file_part { '04.control': dir => $tor::daemon::snippet_dir, diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb index df9513a..7e10d4d 100644 --- a/templates/torrc.control.erb +++ b/templates/torrc.control.erb @@ -1,6 +1,16 @@ # tor controller <%- if port != '0' then -%> ControlPort <%= port %> +<%- if cookie_authentication != '0' then -%> +CookieAuthentication 1 +<%- if cookie_auth_file != '' then -%> +CookieAuthFile <%= cookie_auth_file %> +<%- end -%> +<%- if cookie_auth_file_group_readable != '' then -%> +CookieAuthFileGroupReadable <%= cookie_auth_file_group_readable %> +<%- end -%> +<%- else %-> HashedControlPassword <%= hashed_control_password %> <%- end -%> +<%- end -%> -- cgit v1.2.3 From d7ec8bf77c55f573138d41d5e24e1fb80e073b25 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 3 Aug 2012 15:08:43 -0400 Subject: fix template syntax error --- templates/torrc.control.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/torrc.control.erb b/templates/torrc.control.erb index 7e10d4d..336c72d 100644 --- a/templates/torrc.control.erb +++ b/templates/torrc.control.erb @@ -9,7 +9,7 @@ CookieAuthFile <%= cookie_auth_file %> <%- if cookie_auth_file_group_readable != '' then -%> CookieAuthFileGroupReadable <%= cookie_auth_file_group_readable %> <%- end -%> -<%- else %-> +<%- else -%> HashedControlPassword <%= hashed_control_password %> <%- end -%> <%- end -%> -- cgit v1.2.3