Merge tag 'refs/tags/0.10.0' into stable

Release 0.10.0
author: Micah Anderson <micah@riseup.net> 2017-11-28 11:35:01 -0500
committer: Micah Anderson <micah@riseup.net> 2017-11-28 11:35:01 -0500
commit: 0d251e2ceddd3e02ed8bba8725830689dbdd1397 (patch)
tree: 37d7096d9e458ca1e6431dff8a2f571553011c44 /puppet/modules/site_static
parent: 93a181d44e2d8163ae44945aac1b6477e268170d (diff)
parent: bf6c56d86c7ba45e7ca766d990a9e9162025e5ac (diff)
4 files changed, 58 insertions, 35 deletions
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index 6cf2c653..e456c94e 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -1,25 +1,30 @@
 # configure static service for domain
 define site_static::domain (
-  $ca_cert,
+  $ca_cert=undef,
   $key,
   $cert,
   $tls_only=true,
   $use_hidden_service=false,
   $locations=undef,
   $aliases=undef,
-  $apache_config=undef) {
+  $apache_config=undef,
+  $www_alias=false) {
 
   $domain = $name
   $base_dir = '/srv/static'
 
-  $cafile = "${cert}\n${ca_cert}"
+  if ($ca_cert) {
+    $certfile = "${cert}\n${ca_cert}"
+  } else {
+    $certfile = $cert
+  }
 
   if is_hash($locations) {
     create_resources(site_static::location, $locations)
   }
 
   x509::cert { $domain:
-    content => $cafile,
+    content => $certfile,
     notify  => Service[apache]
   }
   x509::key { $domain:
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index f1f15f8e..c5d12c34 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -1,26 +1,32 @@
 # create hidden service for static sites
-class site_static::hidden_service {
+class site_static::hidden_service ( $single_hop = false, $v3 = false ) {
+  Class['site_tor::hidden_service'] -> Class['site_static::hidden_service']
+  include site_tor::hidden_service
+
+  tor::daemon::hidden_service { 'static':
+    ports      => [ '80 127.0.0.1:80'],
+    single_hop => $single_hop,
+    v3         => $v3
+  }
 
-  include tor::daemon
-  tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] }
   file {
-    '/var/lib/tor/webapp/':
-      ensure  => directory,
-      owner   => 'debian-tor',
-      group   => 'debian-tor',
-      mode    => '2700';
+    '/var/lib/tor/static/':
+      ensure => directory,
+      owner  => 'debian-tor',
+      group  => 'debian-tor',
+      mode   => '2700';
 
     '/var/lib/tor/static/private_key':
-      ensure  => present,
-      source  => "/srv/leap/files/nodes/${::hostname}/tor.key",
-      owner   => 'debian-tor',
-      group   => 'debian-tor',
-      mode    => '0600',
-      notify  => Service['tor'];
+      ensure => present,
+      source => "/srv/leap/files/nodes/${::hostname}/tor.key",
+      owner  => 'debian-tor',
+      group  => 'debian-tor',
+      mode   => '0600',
+      notify => Service['tor'];
 
     '/var/lib/tor/static/hostname':
       ensure  => present,
-      content => "${::site_static::tor_domain}\n",
+      content => "${::site_static::onion_domain}\n",
       owner   => 'debian-tor',
       group   => 'debian-tor',
       mode    => '0600',
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index dd3f912d..fdc5782f 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -7,11 +7,17 @@ class site_static {
   include site_config::x509::key
   include site_config::x509::ca_bundle
 
-  $static         = hiera('static')
-  $domains        = $static['domains']
-  $formats        = $static['formats']
-  $bootstrap      = $static['bootstrap_files']
-  $tor            = hiera('tor', false)
+  $services  = hiera('services', [])
+  $static    = hiera('static')
+  $domains   = $static['domains']
+  $formats   = $static['formats']
+  $bootstrap = $static['bootstrap_files']
+  $tor       = hiera('tor', false)
+  if $tor and member($services, 'tor_hidden_service') {
+    $onion_active = true
+  } else {
+    $onion_active = false
+  }
 
   file {
     '/srv/static/':
@@ -54,10 +60,8 @@ class site_static {
   include site_config::ruby::dev
 
   if (member($formats, 'rack')) {
-    include site_apt::preferences::passenger
     class { 'passenger':
       manage_munin => false,
-      require      => Class['site_apt::preferences::passenger']
     }
   }
 
@@ -67,16 +71,18 @@ class site_static {
     }
 
     package { 'zlib1g-dev':
-        ensure => installed
+      ensure => installed
     }
   }
 
-  if $tor {
+  if $onion_active {
     $hidden_service = $tor['hidden_service']
-    $tor_domain     = "${hidden_service['address']}.onion"
-    if $hidden_service['active'] {
-      include site_static::hidden_service
+    $onion_domain     = "${hidden_service['address']}.onion"
+    class { 'site_static::hidden_service':
+      single_hop => $hidden_service['single_hop'],
+      v3         => $hidden_service['v3']
     }
+
     # Currently, we only support a single hidden service address per server.
     # So if there is more than one domain configured, then we need to make sure
     # we don't enable the hidden service for every domain.
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index dd04ca43..716df437 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -74,13 +74,15 @@
   Require all granted
 </Directory>
 
-<%- if @tor && (@always_use_hidden_service || @use_hidden_service) -%>
+<%- if @onion_active && (@always_use_hidden_service || @use_hidden_service) -%>
 ##
-## Tor
+## Hidden Service
 ##
 <VirtualHost 127.0.0.1:80>
-  ServerName <%= @tor_domain %>
-  ServerAlias www.<%= @tor_domain %>
+  ServerName <%= @onion_domain %>
+<%- if @www_alias -%>
+  ServerAlias www.<%= @onion_domain %>
+<%- end -%>
 
   <IfModule mod_headers.c>
     Header set X-Frame-Options "deny"
@@ -102,7 +104,9 @@
 ##
 <VirtualHost *:80>
   ServerName <%= @domain %>
+<%- if @www_alias -%>
   ServerAlias www.<%= @domain %>
+<%- end -%>
 <%- @aliases && @aliases.each do |domain_alias| -%>
   ServerAlias <%= domain_alias %>
 <%- end -%>
@@ -122,7 +126,9 @@
 ##
 <VirtualHost *:443>
   ServerName <%= @domain %>
+<%- if @www_alias -%>
   ServerAlias www.<%= @domain %>
+<%- end -%>
 <%- @aliases && @aliases.each do |domain_alias| -%>
   ServerAlias <%= domain_alias %>
 <%- end -%>
author	Micah Anderson <micah@riseup.net>	2017-11-28 11:35:01 -0500
committer	Micah Anderson <micah@riseup.net>	2017-11-28 11:35:01 -0500
commit	0d251e2ceddd3e02ed8bba8725830689dbdd1397 (patch)
tree	37d7096d9e458ca1e6431dff8a2f571553011c44 /puppet/modules/site_static
parent	93a181d44e2d8163ae44945aac1b6477e268170d (diff)
parent	bf6c56d86c7ba45e7ca766d990a9e9162025e5ac (diff)