summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2017-04-24 14:38:32 -0400
committerMicah Anderson <micah@riseup.net>2017-04-25 16:58:41 -0400
commitada9645de11d75701db8202f34de5c26a2b749c2 (patch)
tree26f5239a2dd8c3e2ddefccee15839faeae7a16a2 /puppet/modules/site_static
parentc393af8fd5321b8ddf547aed22f833899e56e20e (diff)
Add single-hop hidden service capability.
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
Diffstat (limited to 'puppet/modules/site_static')
-rw-r--r--puppet/modules/site_static/manifests/hidden_service.pp7
-rw-r--r--puppet/modules/site_static/manifests/init.pp3
2 files changed, 6 insertions, 4 deletions
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index 8a10398a..b64a35bc 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -1,8 +1,11 @@
# create hidden service for static sites
-class site_static::hidden_service {
+class site_static::hidden_service ( $single_hop = false ) {
include tor::daemon
- tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] }
+ tor::daemon::hidden_service { 'static':
+ ports => [ '80 127.0.0.1:80'],
+ single_hop => $single_hop
+ }
file {
'/var/lib/tor/webapp/':
ensure => directory,
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index dd3f912d..8be791e5 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -74,8 +74,7 @@ class site_static {
if $tor {
$hidden_service = $tor['hidden_service']
$tor_domain = "${hidden_service['address']}.onion"
- if $hidden_service['active'] {
- include site_static::hidden_service
+ class { 'site_static::hidden_service': single_hop => $hidden_service['single_hop']
}
# Currently, we only support a single hidden service address per server.
# So if there is more than one domain configured, then we need to make sure