leap_platform.git/puppet/modules/site_tor/manifests, branch master [leap_platform] Feat: Refactor tor services 2017-10-05T23:24:50+00:00 Micah Anderson micah@riseup.net 2017-09-19T19:36:06+00:00 5b10def43d134e5735bfcec1237c04cf66e8610b In order to refactor the tor services, we need to split them out into three different services. This adds the hidden service class that is necessary to support the previous commits. Fixes #8864. 
In order to refactor the tor services, we need to split them out into three
different services. This adds the hidden service class that is necessary to
support the previous commits. Fixes #8864.
Bug: Ensure tor exit is disabled properly 2017-10-05T23:24:42+00:00 Micah Anderson micah@riseup.net 2017-09-14T14:33:41+00:00 fdb58381afa317ab9639dffa59f4155395b68718 Simply disabling exit policies is not enough to disable an exit node, it also needs to be explicitly disabled. This may change in future versions of tor, but for now, explicitly adding 'ExitRelay 0' to the configuration is needed. This fixes #8863. 
Simply disabling exit policies is not enough to disable an exit node, it also
needs to be explicitly disabled. This may change in future versions of tor, but
for now, explicitly adding 'ExitRelay 0' to the configuration is needed. This
fixes #8863.
Install tor from backports (fixes #8783). 2017-05-06T16:52:00+00:00 Micah Anderson micah@riseup.net 2017-05-02T20:24:15+00:00 449d6169b8d0c7f31279b445f5dd103b244d7382 The newer version is needed for the single-hop functionality. 
The newer version is needed for the single-hop functionality.
Restructure site_tor to be more clear and re-usable (fixes #8784). 2017-05-06T16:51:51+00:00 Micah Anderson micah@riseup.net 2017-05-02T20:23:20+00:00 68e9a28da2db4cb494bc19a1aeaa0663cb286414 This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install. 
This makes a more clear site_tor::relay class that the leap service
includes, and a more generic site_tor class that other classes can
depend on for setting up the initial install.
Add single-hop hidden service capability. 2017-04-25T20:58:41+00:00 Micah Anderson micah@riseup.net 2017-04-24T18:38:32+00:00 ada9645de11d75701db8202f34de5c26a2b749c2 This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden. 
This cuts the number of hops for a tor onion service from 6 to 3,
speeding it up considerably. This removes the anonymity aspect of the
service, so it must be enabled intentionally, knowing that the server's
location no longer is hidden.
restructured site.pp, now only one class gets included in site.pp per service (Bug #6851) 2016-01-22T08:50:33+00:00 varac varacanero@zeromail.org 2015-04-13T21:16:00+00:00 150579fb14716892cc3e4d7d9c0f81b30d56f03a Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd 
Also, moved global Exec{} defaults to site.pp

Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
Make the reject parameter an array to fix the following (#7822): 2016-01-19T22:50:10+00:00 Micah micah@leap.se 2016-01-19T21:56:52+00:00 fb2d35ae441bce0496e274b2339589f5b8f84252 failed to parse template tor/torrc.exit_policy.erb, undefined method `each' for "*:*":String Change-Id: I2b7b444187376dbc2f3cc5095391ae54bf8321b3 
failed to parse template tor/torrc.exit_policy.erb, undefined method
`each' for "*:*":String

Change-Id: I2b7b444187376dbc2f3cc5095391ae54bf8321b3
Use include to avoid redeclaration of class { 'tor::daemon': }. Fixes #6479 2014-12-02T16:12:58+00:00 guido guido@bruo.org 2014-12-02T14:41:46+00:00 8578cf78aca62636cd80bf1302d2946f2d62dbfe Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6 
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6
don't enable Tor DirPort if openvpn is running on port 80 (Bug #6377) 2014-11-15T18:36:51+00:00 Micah Anderson micah@leap.se 2014-11-15T18:36:51+00:00 7521958cc6c210d65009aa87c6c7297fd9be3dd2 We need to check the openvpn hiera value, which may or may not be set. If it is not set, then we need to not lookup the $openvpn['ports]' values or we will get an error because it wont be the correct type. If we do have it, then $openvpn_ports gets set with the hash, otherwise it gets set to an empty hash (otherwise puppet will complain when we try to query the member() later with "member(): Requires array to work with"). Finally, if it is set to port 80, we don't include the tor::daemon::directory Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241 
We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.

If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").

Finally, if it is set to port 80, we don't include the
tor::daemon::directory

Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
minor linting, arrow lining up 2014-11-08T05:46:00+00:00 Micah Anderson micah@leap.se 2014-11-08T05:46:00+00:00 51d581583ca354232f6ccbfb771c1cad00ec2db3 Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24 
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24