diff options
author | Micah Anderson <micah@riseup.net> | 2017-05-02 16:23:20 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2017-05-06 12:51:51 -0400 |
commit | 68e9a28da2db4cb494bc19a1aeaa0663cb286414 (patch) | |
tree | 05919b4cac4677c22d206b58c583a3e34c55a11e /puppet/modules/site_tor/manifests/relay.pp | |
parent | b7c764341a1d3b112707a90fe6c15a6033605699 (diff) |
Restructure site_tor to be more clear and re-usable (fixes #8784).
This makes a more clear site_tor::relay class that the leap service
includes, and a more generic site_tor class that other classes can
depend on for setting up the initial install.
Diffstat (limited to 'puppet/modules/site_tor/manifests/relay.pp')
-rw-r--r-- | puppet/modules/site_tor/manifests/relay.pp | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/puppet/modules/site_tor/manifests/relay.pp b/puppet/modules/site_tor/manifests/relay.pp new file mode 100644 index 00000000..fcb83bc1 --- /dev/null +++ b/puppet/modules/site_tor/manifests/relay.pp @@ -0,0 +1,45 @@ +class site_tor::relay { + tag 'leap_service' + Class['site_config::default'] -> Class['site_tor::relay'] + + $tor = hiera('tor') + $bandwidth_rate = $tor['bandwidth_rate'] + $tor_type = $tor['type'] + $nickname = $tor['nickname'] + $contact_emails = join($tor['contacts'],', ') + $family = $tor['family'] + + $address = hiera('ip_address') + + $openvpn = hiera('openvpn', undef) + if $openvpn { + $openvpn_ports = $openvpn['ports'] + } + else { + $openvpn_ports = [] + } + + include site_config::default + include site_tor + + tor::daemon::relay { $nickname: + port => 9001, + address => $address, + contact_info => obfuscate_email($contact_emails), + bandwidth_rate => $bandwidth_rate, + my_family => $family + } + + if ( $tor_type == 'exit'){ + # Only enable the daemon directory if the node isn't also a webapp node + # or running openvpn on port 80 + if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') { + tor::daemon::directory { $::hostname: port => 80 } + } + } + else { + include site_tor::disable_exit + } + + include site_shorewall::tor +} |