diff options
author | irregulator <irregulator@riseup.net> | 2014-05-21 21:52:14 +0300 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-07-01 16:05:40 -0700 |
commit | 94e0791cff9a3ce47e66c56a921e41b83b52b3d9 (patch) | |
tree | 2d01e15f003cf4a2484ca7710eee75d1e6542878 | |
parent | 156c2e1194c65d2f7813b946ac8baa90ffdf1f39 (diff) |
Add data directory to save scramblesuit's state.
Also clean up a little the obfsproxy puppet class, create appropriate
directories, restrict permissions.
-rwxr-xr-x | puppet/modules/obfsproxy/files/obfsproxy_daemon | 7 | ||||
-rw-r--r-- | puppet/modules/obfsproxy/manifests/init.pp | 30 |
2 files changed, 24 insertions, 13 deletions
diff --git a/puppet/modules/obfsproxy/files/obfsproxy_daemon b/puppet/modules/obfsproxy/files/obfsproxy_daemon index f5914980..4c9bcedc 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_daemon +++ b/puppet/modules/obfsproxy/files/obfsproxy_daemon @@ -16,8 +16,9 @@ DAEMON=/usr/bin/obfsproxy NAME=obfsproxy DESC="obfsproxy daemon" USER=obfsproxy +DATDIR=/etc/obfsproxy PIDFILE=/var/run/obfsproxy.pid -CONF=/etc/obfsproxy.conf +CONF=$DATDIR/obfsproxy.conf # If the daemon is not there, then exit. test -x $DAEMON || exit 0 @@ -29,8 +30,8 @@ else exit fi -DAEMONARGS=" --log-min-severity=$LOG $TRANSPORT $PARAM \ - --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" +DAEMONARGS=" --log-min-severity=$LOG --data-dir=$DATDIR $TRANSPORT \ + $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" start_obfsproxy() { start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 4deebb62..c15a0dc8 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -6,13 +6,16 @@ class obfsproxy ( $dest_port ){ - user { obfsproxy: + $user = 'obfsproxy' + $conf = '/etc/obfsproxy/obfsproxy.conf' + + user { $user: ensure => present, system => true, - gid => obfsproxy, + gid => $user, } - group { obfsproxy: + group { $user: ensure => present, system => true, } @@ -31,19 +34,26 @@ class obfsproxy ( source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', owner => 'root', group => 'root', - mode => '0755', - require => File['/etc/obfsproxy.conf'], - subscribe => File['/etc/obfsproxy.conf'], - #content => template('obfsproxy/etc_init_d.erb'), + mode => '0750', + require => File[$conf], + subscribe => File[$conf], } - file { '/etc/obfsproxy.conf': - path => '/etc/obfsproxy.conf', + file { $conf : + path => $conf, ensure => present, owner => 'root', group => 'root', - mode => '0750', + mode => '0600', content => template('obfsproxy/etc_conf.erb'), + require => File['/etc/obfsproxy'], + } + + file { '/etc/obfsproxy': + ensure => directory, + owner => $user, + group => $user, + mode => '0700', } package { "obfsproxy": |