Merge branch 'develop'

Conflicts:
	platform.rb

Change-Id: Ic2e08e594d29a585691341c8667ac0b64933a505

1 files changed, 43 insertions, 0 deletions

diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
new file mode 100644
index 00000000..16b6e2e7
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -0,0 +1,43 @@
+class site_webapp::hidden_service {
+  $tor              = hiera('tor')
+  $hidden_service   = $tor['hidden_service']
+  $tor_domain       = "${hidden_service['address']}.onion"
+
+  include site_apache::common
+  include site_apache::module::headers
+  include site_apache::module::alias
+  include site_apache::module::expires
+  include site_apache::module::removeip
+
+  include tor::daemon
+  tor::daemon::hidden_service { 'webapp': ports => '80 127.0.0.1:80' }
+
+  file {
+    '/var/lib/tor/webapp/':
+      ensure  => directory,
+      owner   => 'debian-tor',
+      group   => 'debian-tor',
+      mode    => '2700';
+
+    '/var/lib/tor/webapp/private_key':
+      ensure  => present,
+      source  => "/srv/leap/files/nodes/${::hostname}/tor.key",
+      owner   => 'debian-tor',
+      group   => 'debian-tor',
+      mode    => '0600';
+
+    '/var/lib/tor/webapp/hostname':
+      ensure  => present,
+      content => $tor_domain,
+      owner   => 'debian-tor',
+      group   => 'debian-tor',
+      mode    => '0600';
+  }
+
+  apache::vhost::file {
+    'hidden_service':
+      content => template('site_apache/vhosts.d/hidden_service.conf.erb')
+  }
+
+  include site_shorewall::tor
+}
\ No newline at end of file