configure exit policies

2 files changed, 16 insertions, 1 deletions

diff --git a/puppet/modules/site_tor/manifests/exit_policy.pp b/puppet/modules/site_tor/manifests/exit_policy.pp
new file mode 100644
index 00000000..f2d2d38f
--- /dev/null
+++ b/puppet/modules/site_tor/manifests/exit_policy.pp
@@ -0,0 +1,8 @@
+class site_tor::exit_policy {
+  # exaple policy to allow ssh
+  tor::daemon::exit_policy { 'ssh_exit_policy':
+    accept => '*:22',
+    reject => '*:*';
+  }
+}
+
diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index a854a163..7c25b0e9 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -3,6 +3,7 @@ class site_tor {
 
   $tor = hiera('tor')
   $bandwidth_rate = $tor['bandwidth_rate']
+  $tor_type = $tor['type']
 
   $contact_email = hiera('contact_email')
 
@@ -13,8 +14,14 @@ class site_tor {
     contact_info     => $contact_email,
     bandwidth_rate   => $bandwidth_rate,
   }
-  tor::daemon::directory { $::hostname: port => 80 }
+
+  # we configure the directory later
+  #tor::daemon::directory { $::hostname: port => 80 }
 
   include site_shorewall::tor
 
+  if ( $tor_type == 'exit' ) {
+    include site_tor::exit_policy
+  }
+
 }