parts of configuration are independent

author drebs <drebs@riseup.net>

Wed, 11 Jan 2012 03:10:36 +0000 (01:10 -0200)

committer drebs <drebs@riseup.net>

Wed, 11 Jan 2012 03:10:36 +0000 (01:10 -0200)
author drebs <drebs@riseup.net>
Wed, 11 Jan 2012 03:10:36 +0000 (01:10 -0200)
committer drebs <drebs@riseup.net>
Wed, 11 Jan 2012 03:10:36 +0000 (01:10 -0200)
diff --git a/manifests/bridge.pp b/manifests/bridge.pp

deleted file mode 100644 (file)

index 81c59f1..0000000
--- a/manifests/bridge.pp
+++ /dev/null
@@ -1,17 +0,0 @@
-class tor::bridge inherits tor::daemon {
-
-  tor::daemon::config { "tor-bridge-$name":
-                        socks_port             => 0,
-                        socks_listen_addresses => [],
-                        socks_policies         => [],
-                        log_rules              => [],
-                        hidden_services        => [],
-                        or_port                => 443,
-                        address                => '',
-                        relay_bandwidth_rate    => 0,
-                        relay_bandwidth_burst   => 0,
-                        exit_policies          => 'reject *:*',
-                        bridge_relay           => 1,
-                      }
-
-}
diff --git a/manifests/daemon.pp b/manifests/daemon.pp

index 578fae711275d9ec8c3f35e4befdbc4029e99fbb..80da4c740dff830b707e0296bc3880379fa46b37 100644 (file)
--- a/manifests/daemon.pp
+++ b/manifests/daemon.pp
@@ -1,86 +1,100 @@
  # tor::daemon
-class tor::daemon inherits tor::polipo {
+class tor::daemon inherits tor {
  
-  group { "debian-tor":
+  # config variables
+  $data_dir = '/var/tor'
+  $config_file = '/etc/tor/torrc'
+  $spool_dir = '/var/lib/puppet/modules/tor/torrc.d'
+
+  # packages, user, group
+  group { 'debian-tor':
      ensure    => present,
      allowdupe => false,
    }
  
-  Package[ "tor", "torsocks" ] {
-    require => File["/var/tor"],
+  Package[ 'tor', 'torsocks' ] {
+    require => File[$data_dir],
    }
  
-  user { "debian-tor":
+  user { 'debian-tor':
      allowdupe => false,
-    comment   => "tor user,,,",
+    comment   => 'tor user,,,',
      ensure    => present,
-    home      => "/var/tor",
-    shell     => "/bin/sh",
-    gid       => "debian-tor",
-    require   => Group["debian-tor"], 
+    home      => $data_dir,
+    shell     => '/bin/sh',
+    gid       => 'debian-tor',
+    require   => Group['debian-tor'], 
    }
  
-  file { "/var/tor":
+  # directories
+  file { "${data_dir}":
      ensure  => directory,
      mode    => 0755,
-    owner   => debian-tor,
-    group   => debian-tor,
-    require => User["debian-tor"],
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    require => User['debian-tor'],
    }
  
-  file { "/etc/tor":
+  file { '/etc/tor':
      ensure  => directory,
      mode    => 0755,
-    owner   => debian-tor,
-    group   => debian-tor,
-    require => User["debian-tor"],
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    require => User['debian-tor'],
    }
  
-  file { "/etc/tor.d":
-    ensure  => directory,
-    mode    => 0755,
-    owner   => debian-tor,
-    group   => debian-tor,
-    require => User["debian-tor"],
+  file {"${spool_dir}":
+    ensure => directory,
+    force => true,
+    owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
    }
  
-  # configuration file
-  define config(                 $log_rules = [ 'notice file /var/log/tor/notices.log' ],
-                 $data_directory = '/var/tor',
-                 $hidden_services = [],
-                 $dir_port = 0,
-                 $dir_listen_address = '',
-                 $dir_port_front_page = '',
-                 $exit_policies = [],
-                 $bridge_relay = 0) {
-
+  # tor configuration file
+  concatenated_file { '${config_file}':
+    dir    => $spool_dir,
+    header => "${spool_dir}/00.header"
+    mode   => 0600,
+    notify => Service['tor'],
+    owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
    }
  
-  concatenated_file { "/etc/tor/torrc":
-    dir    => '/etc/tor.d',
-    mode   => 0600,
-    notify => Service["tor"],
+  # config file headers
+  file { '${spool_dir}/00.header':
+    content => template('tor/header.erb'),
+    require => File['${spool_dir}'],
+    notify  => Exec['concat_${config_file}'],
+    ensure  => present,
+    owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
    }
  
-  exec { "rm -f /etc/tor.d/*":
-      alias => 'clean-tor.d',
+  # global configurations
+  define tor::global_opts( $log_rules = [ 'notice file /var/log/tor/notices.log' ],
+                           $ensure = present ) {
+    file { '${spool_dir}/01.global':
+      content => template('tor/global.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
+      ensure  => $ensure,
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
+    }
    }
  
    # socks definition
-  define tor::socks( $socks_port = 9050,
-                     $socks_listen_addresses = [ '127.0.0.1' ],
-                     $socks_policies = [ 'accept 127.0.0.1/16', 'reject *' ], ) {
-    file { "/etc/tor.d/01.socks":
-      require => File['/etc/tor.d'],
-      notify  => Exec['concat_/etc/tor/torrc'],
+  define tor::socks( $socks_port = 0,
+                     $socks_listen_addresses = [],
+                     $socks_policies = [] ) {
+    file { '${spool_dir}/02.socks':
+      content => template('tor/socks.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
        ensure  => $ensure,
-      require => Exec['clean-tor.d'],
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
      }
    }
  
    # relay definition
    define tor::relay( $port                  = 0,
-                     $listen_address        = '',
+                     $listen_addresses      = [],
                       $nickname              = '',
                       $address               = $hostname,
                       $relay_bandwidth_rate  = 0,  # KB/s, 0 for no limit.
@@ -89,60 +103,67 @@ class tor::daemon inherits tor::polipo {
                       $accounting_start      = [],
                       $contact_info          = '',
                       $my_family             = '',
-                     $ensure                = absent, ) {
+                     $bridge_reay           = 0,
+                     $ensure                = present ) {
  
-    file { "/etc/tor.d/02.relay":
-      require => File['/etc/tor.d'],
-      notify  => Exec['concat_/etc/tor/torrc'],
+    file { '${spool_dir}/03.relay':
+      content => template('tor/relay.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
        ensure  => $ensure,
-      require => Exec['clean-tor.d'],
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
      }
    } 
  
    # control definition
    define tor::control( $port                    = 0,
                         $hashed_control_password = '',
-                       $ensure                  = absent ) {
-    file { "/etc/tor.d/03.control":
-      require => File['/etc/tor.d'],
-      notify  => Exec['concat_/etc/tor/torrc'],
+                       $ensure                  = present ) {
+    file { '${spool_dir}/04.control':
+      content => template('tor/control.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
        ensure  => $ensure,
-      require => Exec['clean-tor.d'],
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
      }
    } 
  
    # hidden services definition
    define tor::hidden_service( $ports = [],
                                $ensure = present ) {
-    file { "/etc/tor.d/04.hidden_service.$name":
-      require => File['/etc/tor.d'],
-      notify  => Exec['concat_/etc/tor/torrc'],
+    file { '${spool_dir}/05.hidden_service.${name}':
+      content => template('tor/hidden_service.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
        ensure  => $ensure,
-      require => Exec['clean-tor.d'],
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
      }
    } 
    
    # directory advertising
-  define tor::directory ( $ports = [],
-                          $hashed_password = '',
-                          $ensure = present, ) {
-    file { "/etc/tor.d/05.directory":
-      require => File['/etc/tor.d'],
-      notify  => Exec['concat_/etc/tor/torrc'],
+  define tor::directory ( $port = 0,
+                          $listen_addresses = [],
+                          $port_front_page = '',
+                          $ensure = present ) {
+    file { '${spool_dir}/06.directory':
+      content => template('tor/directory.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
        ensure  => $ensure,
-      require => Exec['clean-tor.d'],
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
      }
    } 
  
    # exit policies
    define tor::exit_policy( $accept = [],
                             $reject = [],
-                           $ensure = present, ) {
-    file { "/etc/tor.d/06.exit_policy":
-      require => File['/etc/tor.d'],
-      notify  => Exec['concat_/etc/tor/torrc'],
+                           $ensure = present ) {
+    file { '${spool_dir}/07.exit_policy.${name}':
+      content => template('tor/exit_policy.erb'),
+      require => File['${spool_dir}'],
+      notify  => Exec['concat_${config_file}'],
        ensure  => $ensure,
-      require => Exec['clean-tor.d'],
+      owner => 'debian-tor', group => 'debian-tor', mode => 0755, 
      }
    } 
  }
diff --git a/manifests/relay.pp b/manifests/relay.pp

deleted file mode 100644 (file)

index 5d3beb7..0000000
--- a/manifests/relay.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-class tor::relay inherits tor::daemon {
-
-  tor::daemon::config { "tor-relay":
-                        socks_port             => 0,
-                        socks_listen_addresses => [],
-                        socks_policies         => [],
-                        or_port                => 9001,
-                        or_listen_address      => '',
-                        nickname               => '',
-                        address                => '',
-                        relay_bandwidth_rate   => 50,
-                        relay_bandwidth_burst  => 50,
-                        accounting_max         => 0,
-                        accounting_start       => [],
-                        contact_info           => '',
-                        dir_port               => 0,
-                        dir_listen_address     => '',
-                        dir_port_front_page    => '',
-                        my_family              => '',
-                        exit_policies          => [ 'reject *:*' ],
-                      }
-
-} 
diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb

index 56cfae00cadf55613fe4d60d074d2e4acc924376..14712efdb7305d81d4538f6f69600d5f769034ca 100644 (file)
--- a/templates/torrc.directory.erb
+++ b/templates/torrc.directory.erb
@@ -1,12 +1,12 @@
  # directory listing
  
-<%- if dir_port != '0' then -%>
-DirPort <%= dir_port %>
+<%- if port != '0' then -%>
+DirPort <%= port %>
  <%- end -%>
-<%- if dir_listen_address != '' then -%>
-DirListenAddress <%= dir_listen_address %>
+<%- for listen_address in listen_addresses -%>
+DirListenAddress <%= listen_address %>
  <%- end -%>
-<%- if dir_port_front_page != '' then -%>
-DirPortFrontPage <%= dir_port_front_page %>
+<%- if port_front_page != '' then -%>
+DirPortFrontPage <%= port_front_page %>
  <%- end -%>
  
diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb

new file mode 100644 (file)

index 0000000..96ea930
--- /dev/null
+++ b/templates/torrc.global.erb
@@ -0,0 +1,15 @@
+# runtime
+
+RunAsDaemon 1
+DataDirectory <%= data_dir %>
+
+# log
+
+<%- if log_rules != [] then -%>
+<%-   for log_rule in log_rules -%>
+Log <%= log_rule %>
+<%-   end -%>
+<%- else -%>
+Log notice syslog
+<%- end -%>
+
diff --git a/templates/torrc.header.erb b/templates/torrc.header.erb

index b393631d4205b8869f1d690c92ec2cba6b2d1054..79d6da9dcb01cd4721a2cd05bf950bf1285f2d9b 100644 (file)
--- a/templates/torrc.header.erb
+++ b/templates/torrc.header.erb
@@ -1,17 +1,2 @@
  # This file is managed by puppet.
  
-# runtime
-
-RunAsDaemon 1
-DataDirectory <%= data_directory %>
-
-# log
-
-<%- if log_rules != [] then -%>
-<%-   for log_rule in log_rules -%>
-Log <%= log_rule %>
-<%-   end -%>
-<%- else -%>
-Log notice syslog
-<%- end -%>
-
diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb

index 9531c9b1cd50eeec746b69df7f3b99fd99143475..d9f06ae5d08d31f2be7dfe08cd55d11cfe5190d0 100644 (file)
--- a/templates/torrc.relay.erb
+++ b/templates/torrc.relay.erb
@@ -19,9 +19,9 @@ RelayBandwidthBurst <%= relay_bandwidth_burst %> KB
  <%-   end -%>
  <%-   if accounting_max != '0' then -%>
  AccountingMax <%= accounting_max %> GB
-<%-   end -%>
-<%-   for accounting in accounting_start -%>
+<%-     for accounting in accounting_start -%>
  AccountingStart <%= accounting_start %>
+<%-     end -%>
  <%-   end -%>
  <%-   if contact_info != '' then -%>
  ContactInfo <%= contact_info %>
author	drebs <drebs@riseup.net>
	Wed, 11 Jan 2012 03:10:36 +0000 (01:10 -0200)
committer	drebs <drebs@riseup.net>
	Wed, 11 Jan 2012 03:10:36 +0000 (01:10 -0200)
manifests/bridge.pp	[deleted file]	patch \| blob \| history
manifests/daemon.pp		patch \| blob \| history
manifests/relay.pp	[deleted file]	patch \| blob \| history
templates/torrc.directory.erb		patch \| blob \| history
templates/torrc.global.erb	[new file with mode: 0644]	patch \| blob
templates/torrc.header.erb		patch \| blob \| history
templates/torrc.relay.erb		patch \| blob \| history