+# tor::daemon
class tor::daemon inherits tor::polipo {
group { "debian-tor":
require => User["debian-tor"],
}
- define config( $socks_port = 9050,
- $socks_listen_addresses = [ '127.0.0.1' ],
- $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ],
- $log_rules = [ 'notice file /var/log/tor/notices.log' ],
+ file { "/etc/tor":
+ ensure => directory,
+ mode => 0755,
+ owner => debian-tor,
+ group => debian-tor,
+ require => User["debian-tor"],
+ }
+
+ file { "/etc/tor.d":
+ ensure => directory,
+ mode => 0755,
+ owner => debian-tor,
+ group => debian-tor,
+ require => User["debian-tor"],
+ }
+
+ # configuration file
+ define config( $log_rules = [ 'notice file /var/log/tor/notices.log' ],
$data_directory = '/var/tor',
- $control_port = 0,
- $hashed_control_password = '',
$hidden_services = [],
- $or_port = 0,
- $or_listen_address = '',
- $nickname = '',
- $address = $hostname,
- $relay_bandwidth_rate = 0, # KB/s, 0 for no limit.
- $relay_bandwidth_burst = 0, # KB/s, 0 for no limit.
- $accounting_max = 0, # GB, 0 for no limit.
- $accounting_start = [],
- $contact_info = '',
$dir_port = 0,
$dir_listen_address = '',
$dir_port_front_page = '',
- $my_family = '',
$exit_policies = [],
$bridge_relay = 0) {
- file { "/etc/tor/torrc":
- ensure => present,
- content => template('tor/torrc.erb'),
- owner => root,
- group => root,
- mode => 0644,
- notify => Service["tor"],
+ }
+
+ concatenated_file { "/etc/tor/torrc":
+ dir => '/etc/tor.d',
+ mode => 0600,
+ notify => Service["tor"],
+ }
+
+ exec { "rm -f /etc/tor.d/*":
+ alias => 'clean-tor.d',
+ }
+
+ # socks definition
+ define tor::socks( $socks_port = 9050,
+ $socks_listen_addresses = [ '127.0.0.1' ],
+ $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], ) {
+ file { "/etc/tor.d/01.socks":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
}
}
+ # relay definition
+ define tor::relay( $port = 0,
+ $listen_address = '',
+ $nickname = '',
+ $address = $hostname,
+ $relay_bandwidth_rate = 0, # KB/s, 0 for no limit.
+ $relay_bandwidth_burst = 0, # KB/s, 0 for no limit.
+ $accounting_max = 0, # GB, 0 for no limit.
+ $accounting_start = [],
+ $contact_info = '',
+ $my_family = '',
+ $ensure = absent, ) {
+
+ file { "/etc/tor.d/02.relay":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # control definition
+ define tor::control( $port = 0,
+ $hashed_control_password = '',
+ $ensure = absent ) {
+ file { "/etc/tor.d/03.control":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # hidden services definition
+ define tor::hidden_service( $ports = [],
+ $ensure = present ) {
+ file { "/etc/tor.d/04.hidden_service.$name":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # directory advertising
+ define tor::directory ( $ports = [],
+ $hashed_password = '',
+ $ensure = present, ) {
+ file { "/etc/tor.d/05.directory":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
+
+ # exit policies
+ define tor::exit_policy( $accept = [],
+ $reject = [],
+ $ensure = present, ) {
+ file { "/etc/tor.d/06.exit_policy":
+ require => File['/etc/tor.d'],
+ notify => Exec['concat_/etc/tor/torrc'],
+ ensure => $ensure,
+ require => Exec['clean-tor.d'],
+ }
+ }
}
+
+++ /dev/null
-## This file is managed by puppet.
-
-## socks
-SocksPort <%= socks_port %>
-<%- for add in socks_listen_addresses -%>
-SocksListenAddress <%= add %>
-<%- end -%>
-<%- for policy in socks_policies -%>
-SocksPolicy <%= policy %>
-<%- end -%>
-
-## log
-<%- if log_rules != [] then -%>
-<%- for log_rule in log_rules -%>
-Log <%= log_rule %>
-<%- end -%>
-<%- else -%>
-Log notice syslog
-<%- end -%>
-
-## runtime
-RunAsDaemon 1
-DataDirectory <%= data_directory %>
-
-## tor controller
-<%- if control_port != '0' then -%>
-ControlPort <%= control_port %>
-HashedControlPassword <%= hashed_control_password %>
-<%- end -%>
-
-## hidden services
-<%- for service in hidden_services -%>
-HiddenServiceDir /var/tor/<%= service[:name] %>/<%= service[:dir] %>
-<%- for port in service[:ports] -%>
-HiddenServicePort <%= port %>
-<%- end -%>
-<%- end -%>
-
-## relay
-<%- if or_port != 0 then -%>
-ORPort <%= or_port %>
-<%- end -%>
-<%- if or_listen_address != '' then -%>
-ORListenAddress <%= or_listen_address %>
-<%- end -%>
-<%- if nickname != '' then -%>
-Nickname <%= nickname %>
-<%- end -%>
-<%- if address != '' then -%>
-Address <%= address %>
-<%- end -%>
-<%- if relay_bandwidth_rate != '0' then -%>
-RelayBandwidthRate <%= relay_bandwidth_rate %> KB
-<%- end -%>
-<%- if relay_bandwidth_burst != '0' then -%>
-RelayBandwidthBurst <%= relay_bandwidth_burst %> KB
-<%- end -%>
-<%- if accounting_max != '0' then -%>
-AccountingMax <%= accounting_max %> GB
-<%- end -%>
-<%- for accounting in accounting_start -%>
-AccountingStart <%= accounting_start %>
-<%- end -%>
-<%- if contact_info != '' then -%>
-ContactInfo <%= contact_info %>
-<%- end -%>
-
-## directory listing
-<%- if dir_port != '0' then -%>
-DirPort <%= dir_port %>
-<%- end -%>
-<%- if dir_listen_address != '' then -%>
-DirListenAddress <%= dir_listen_address %>
-<%- end -%>
-<%- if dir_port_front_page != '' then -%>
-DirPortFrontPage <%= dir_port_front_page %>
-<%- end -%>
-
-## relay family
-<%- if my_family != '' then -%>
-MyFamily <%= my_family %>
-<%- end -%>
-
-## bridge relay
-<%- if bridge_relay != '0' then -%>
-BridgeRelay <%= bridge_relay %>
-<%- end -%>
-
-## exit policies
-<%- for policy in exit_policies -%>
-ExitPolicy <%= policy %>
-<%- end -%>
--- /dev/null
+# relay
+
+<%- if port != 0 then -%>
+ORPort <%= port %>
+<%- for listen_address in listen_addresses -%>
+ORListenAddress <%= listen_address %>
+<%- end -%>
+<%- if nickname != '' then -%>
+Nickname <%= nickname %>
+<%- end -%>
+<%- if address != '' then -%>
+Address <%= address %>
+<%- end -%>
+<%- if relay_bandwidth_rate != '0' then -%>
+RelayBandwidthRate <%= relay_bandwidth_rate %> KB
+<%- end -%>
+<%- if relay_bandwidth_burst != '0' then -%>
+RelayBandwidthBurst <%= relay_bandwidth_burst %> KB
+<%- end -%>
+<%- if accounting_max != '0' then -%>
+AccountingMax <%= accounting_max %> GB
+<%- end -%>
+<%- for accounting in accounting_start -%>
+AccountingStart <%= accounting_start %>
+<%- end -%>
+<%- if contact_info != '' then -%>
+ContactInfo <%= contact_info %>
+<%- end -%>
+<%- end -%>
+<%- if my_family != '' then -%>
+MyFamily <%= my_family %>
+<%- end -%>
+<%- if bridge_relay != '0' then -%>
+BridgeRelay <%= bridge_relay %>
+<%- end -%>
+
projects / puppet-tor.git / commitdiff