summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2017-11-28 11:35:01 -0500
committerMicah Anderson <micah@riseup.net>2017-11-28 11:35:01 -0500
commit0d251e2ceddd3e02ed8bba8725830689dbdd1397 (patch)
tree37d7096d9e458ca1e6431dff8a2f571553011c44 /puppet/modules/site_static
parent93a181d44e2d8163ae44945aac1b6477e268170d (diff)
parentbf6c56d86c7ba45e7ca766d990a9e9162025e5ac (diff)
Merge tag 'refs/tags/0.10.0' into stable
Release 0.10.0
Diffstat (limited to 'puppet/modules/site_static')
-rw-r--r--puppet/modules/site_static/manifests/domain.pp13
-rw-r--r--puppet/modules/site_static/manifests/hidden_service.pp36
-rw-r--r--puppet/modules/site_static/manifests/init.pp30
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb14
4 files changed, 58 insertions, 35 deletions
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index 6cf2c653..e456c94e 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -1,25 +1,30 @@
# configure static service for domain
define site_static::domain (
- $ca_cert,
+ $ca_cert=undef,
$key,
$cert,
$tls_only=true,
$use_hidden_service=false,
$locations=undef,
$aliases=undef,
- $apache_config=undef) {
+ $apache_config=undef,
+ $www_alias=false) {
$domain = $name
$base_dir = '/srv/static'
- $cafile = "${cert}\n${ca_cert}"
+ if ($ca_cert) {
+ $certfile = "${cert}\n${ca_cert}"
+ } else {
+ $certfile = $cert
+ }
if is_hash($locations) {
create_resources(site_static::location, $locations)
}
x509::cert { $domain:
- content => $cafile,
+ content => $certfile,
notify => Service[apache]
}
x509::key { $domain:
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index f1f15f8e..c5d12c34 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -1,26 +1,32 @@
# create hidden service for static sites
-class site_static::hidden_service {
+class site_static::hidden_service ( $single_hop = false, $v3 = false ) {
+ Class['site_tor::hidden_service'] -> Class['site_static::hidden_service']
+ include site_tor::hidden_service
+
+ tor::daemon::hidden_service { 'static':
+ ports => [ '80 127.0.0.1:80'],
+ single_hop => $single_hop,
+ v3 => $v3
+ }
- include tor::daemon
- tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] }
file {
- '/var/lib/tor/webapp/':
- ensure => directory,
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '2700';
+ '/var/lib/tor/static/':
+ ensure => directory,
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '2700';
'/var/lib/tor/static/private_key':
- ensure => present,
- source => "/srv/leap/files/nodes/${::hostname}/tor.key",
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0600',
- notify => Service['tor'];
+ ensure => present,
+ source => "/srv/leap/files/nodes/${::hostname}/tor.key",
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0600',
+ notify => Service['tor'];
'/var/lib/tor/static/hostname':
ensure => present,
- content => "${::site_static::tor_domain}\n",
+ content => "${::site_static::onion_domain}\n",
owner => 'debian-tor',
group => 'debian-tor',
mode => '0600',
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index dd3f912d..fdc5782f 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -7,11 +7,17 @@ class site_static {
include site_config::x509::key
include site_config::x509::ca_bundle
- $static = hiera('static')
- $domains = $static['domains']
- $formats = $static['formats']
- $bootstrap = $static['bootstrap_files']
- $tor = hiera('tor', false)
+ $services = hiera('services', [])
+ $static = hiera('static')
+ $domains = $static['domains']
+ $formats = $static['formats']
+ $bootstrap = $static['bootstrap_files']
+ $tor = hiera('tor', false)
+ if $tor and member($services, 'tor_hidden_service') {
+ $onion_active = true
+ } else {
+ $onion_active = false
+ }
file {
'/srv/static/':
@@ -54,10 +60,8 @@ class site_static {
include site_config::ruby::dev
if (member($formats, 'rack')) {
- include site_apt::preferences::passenger
class { 'passenger':
manage_munin => false,
- require => Class['site_apt::preferences::passenger']
}
}
@@ -67,16 +71,18 @@ class site_static {
}
package { 'zlib1g-dev':
- ensure => installed
+ ensure => installed
}
}
- if $tor {
+ if $onion_active {
$hidden_service = $tor['hidden_service']
- $tor_domain = "${hidden_service['address']}.onion"
- if $hidden_service['active'] {
- include site_static::hidden_service
+ $onion_domain = "${hidden_service['address']}.onion"
+ class { 'site_static::hidden_service':
+ single_hop => $hidden_service['single_hop'],
+ v3 => $hidden_service['v3']
}
+
# Currently, we only support a single hidden service address per server.
# So if there is more than one domain configured, then we need to make sure
# we don't enable the hidden service for every domain.
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index dd04ca43..716df437 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -74,13 +74,15 @@
Require all granted
</Directory>
-<%- if @tor && (@always_use_hidden_service || @use_hidden_service) -%>
+<%- if @onion_active && (@always_use_hidden_service || @use_hidden_service) -%>
##
-## Tor
+## Hidden Service
##
<VirtualHost 127.0.0.1:80>
- ServerName <%= @tor_domain %>
- ServerAlias www.<%= @tor_domain %>
+ ServerName <%= @onion_domain %>
+<%- if @www_alias -%>
+ ServerAlias www.<%= @onion_domain %>
+<%- end -%>
<IfModule mod_headers.c>
Header set X-Frame-Options "deny"
@@ -102,7 +104,9 @@
##
<VirtualHost *:80>
ServerName <%= @domain %>
+<%- if @www_alias -%>
ServerAlias www.<%= @domain %>
+<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<%- end -%>
@@ -122,7 +126,9 @@
##
<VirtualHost *:443>
ServerName <%= @domain %>
+<%- if @www_alias -%>
ServerAlias www.<%= @domain %>
+<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<%- end -%>