summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
diff options
context:
space:
mode:
authorChristoph Kluenter <ckluente@thoughtworks.com>2014-12-04 12:09:10 +0100
committerChristoph Kluenter <ckluente@thoughtworks.com>2014-12-04 12:09:10 +0100
commitd063e35d3e29b3cedc810b8e5ca1855c841d8f9e (patch)
tree06e5110632156a35e6e879a9fa0455edf62f05bf /puppet/modules/site_webapp
parent664dca31dec0c7935ee96359209d9dcefc03e38c (diff)
parentde51b83384d97a67cdbdf1992ba9ad771a292c5d (diff)
Merge remote-tracking branch 'leap/develop' into check_dhcp
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r--puppet/modules/site_webapp/manifests/hidden_service.pp43
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp8
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb1
3 files changed, 52 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
new file mode 100644
index 00000000..ac0e8a37
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -0,0 +1,43 @@
+class site_webapp::hidden_service {
+ $tor = hiera('tor')
+ $hidden_service = $tor['hidden_service']
+ $tor_domain = "${hidden_service['address']}.onion"
+
+ include site_apache::common
+ include site_apache::module::headers
+ include site_apache::module::alias
+ include site_apache::module::expires
+ include site_apache::module::removeip
+
+ include tor::daemon
+ tor::daemon::hidden_service { 'webapp': ports => '80 127.0.0.1:80' }
+
+ file {
+ '/var/lib/tor/webapp/':
+ ensure => directory,
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '2700';
+
+ '/var/lib/tor/webapp/private_key':
+ ensure => present,
+ source => '/srv/leap/files/nodes/web/tor.key',
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0600';
+
+ '/var/lib/tor/webapp/hostname':
+ ensure => present,
+ content => $tor_domain,
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => '0600';
+ }
+
+ apache::vhost::file {
+ 'hidden_service':
+ content => template('site_apache/vhosts.d/hidden_service.conf.erb')
+ }
+
+ include site_shorewall::tor
+} \ No newline at end of file
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 17b010f3..752993c1 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -10,6 +10,7 @@ class site_webapp {
$webapp = hiera('webapp')
$api_version = $webapp['api_version']
$secret_token = $webapp['secret_token']
+ $tor = hiera('tor', false)
Class['site_config::default'] -> Class['site_webapp']
@@ -157,6 +158,13 @@ class site_webapp {
notify => Service['apache'];
}
+ if $tor {
+ $hidden_service = $tor['hidden_service']
+ if $hidden_service['active'] {
+ include site_webapp::hidden_service
+ }
+ }
+
include site_shorewall::webapp
include site_check_mk::agent::webapp
}
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 9205438b..0c75f3ca 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -19,6 +19,7 @@ production:
default_service_level: "<%= @webapp['default_service_level'] %>"
service_levels: <%= @webapp['service_levels'].to_json %>
allow_registration: <%= @webapp['allow_registration'].inspect %>
+ handle_blacklist: <%= @webapp['forbidden_usernames'].inspect %>
<%- if @webapp['engines'] && @webapp['engines'].any? -%>
engines:
<%- @webapp['engines'].each do |engine| -%>