diff options
author | Christoph Kluenter <ckluente@thoughtworks.com> | 2014-12-04 12:09:10 +0100 |
---|---|---|
committer | Christoph Kluenter <ckluente@thoughtworks.com> | 2014-12-04 12:09:10 +0100 |
commit | d063e35d3e29b3cedc810b8e5ca1855c841d8f9e (patch) | |
tree | 06e5110632156a35e6e879a9fa0455edf62f05bf /puppet/modules/site_webapp | |
parent | 664dca31dec0c7935ee96359209d9dcefc03e38c (diff) | |
parent | de51b83384d97a67cdbdf1992ba9ad771a292c5d (diff) |
Merge remote-tracking branch 'leap/develop' into check_dhcp
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r-- | puppet/modules/site_webapp/manifests/hidden_service.pp | 43 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 8 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/config.yml.erb | 1 |
3 files changed, 52 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp new file mode 100644 index 00000000..ac0e8a37 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -0,0 +1,43 @@ +class site_webapp::hidden_service { + $tor = hiera('tor') + $hidden_service = $tor['hidden_service'] + $tor_domain = "${hidden_service['address']}.onion" + + include site_apache::common + include site_apache::module::headers + include site_apache::module::alias + include site_apache::module::expires + include site_apache::module::removeip + + include tor::daemon + tor::daemon::hidden_service { 'webapp': ports => '80 127.0.0.1:80' } + + file { + '/var/lib/tor/webapp/': + ensure => directory, + owner => 'debian-tor', + group => 'debian-tor', + mode => '2700'; + + '/var/lib/tor/webapp/private_key': + ensure => present, + source => '/srv/leap/files/nodes/web/tor.key', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600'; + + '/var/lib/tor/webapp/hostname': + ensure => present, + content => $tor_domain, + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600'; + } + + apache::vhost::file { + 'hidden_service': + content => template('site_apache/vhosts.d/hidden_service.conf.erb') + } + + include site_shorewall::tor +}
\ No newline at end of file diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 17b010f3..752993c1 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -10,6 +10,7 @@ class site_webapp { $webapp = hiera('webapp') $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] + $tor = hiera('tor', false) Class['site_config::default'] -> Class['site_webapp'] @@ -157,6 +158,13 @@ class site_webapp { notify => Service['apache']; } + if $tor { + $hidden_service = $tor['hidden_service'] + if $hidden_service['active'] { + include site_webapp::hidden_service + } + } + include site_shorewall::webapp include site_check_mk::agent::webapp } diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 9205438b..0c75f3ca 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -19,6 +19,7 @@ production: default_service_level: "<%= @webapp['default_service_level'] %>" service_levels: <%= @webapp['service_levels'].to_json %> allow_registration: <%= @webapp['allow_registration'].inspect %> + handle_blacklist: <%= @webapp['forbidden_usernames'].inspect %> <%- if @webapp['engines'] && @webapp['engines'].any? -%> engines: <%- @webapp['engines'].each do |engine| -%> |