Add data directory to save scramblesuit's state.

Also clean up a little the obfsproxy puppet class, create appropriate
directories, restrict permissions.

1 files changed, 20 insertions, 10 deletions

diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp
index 4deebb62..c15a0dc8 100644
--- a/puppet/modules/obfsproxy/manifests/init.pp
+++ b/puppet/modules/obfsproxy/manifests/init.pp
@@ -6,13 +6,16 @@ class obfsproxy (
   $dest_port
 ){
 
-  user { obfsproxy:
+  $user = 'obfsproxy'
+  $conf = '/etc/obfsproxy/obfsproxy.conf'
+
+  user { $user:
     ensure => present,
     system => true,
-    gid    => obfsproxy,
+    gid    => $user,
   }
 
-  group { obfsproxy:
+  group { $user:
     ensure => present,
     system => true,
   }
@@ -31,19 +34,26 @@ class obfsproxy (
     source    => 'puppet:///modules/obfsproxy/obfsproxy_daemon',
     owner     => 'root',
     group     => 'root',
-    mode      => '0755',
-    require   => File['/etc/obfsproxy.conf'],
-    subscribe => File['/etc/obfsproxy.conf'],
-    #content  => template('obfsproxy/etc_init_d.erb'),
+    mode      => '0750',
+    require   => File[$conf],
+    subscribe => File[$conf],
   }
 
-  file { '/etc/obfsproxy.conf':
-    path    => '/etc/obfsproxy.conf',
+  file { $conf :
+    path    => $conf,
     ensure  => present,
     owner   => 'root',
     group   => 'root',
-    mode    => '0750',
+    mode    => '0600',
     content => template('obfsproxy/etc_conf.erb'),
+    require => File['/etc/obfsproxy'],
+  }
+
+  file { '/etc/obfsproxy':
+    ensure => directory,
+    owner  => $user,
+    group  => $user,
+    mode   => '0700',
   }
 
   package { "obfsproxy":