Merge branch 'develop'

author: Micah Anderson <micah@riseup.net> 2016-11-04 10:54:28 -0400
committer: Micah Anderson <micah@riseup.net> 2016-11-04 10:54:28 -0400
commit: 34a381efa8f6295080c843f86bfa07d4e41056af (patch)
tree: 9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/tor/manifests/daemon
parent: 0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff)
parent: 5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff)
13 files changed, 308 insertions, 0 deletions
diff --git a/puppet/modules/tor b/puppet/modules/tor
deleted file mode 160000
-Subproject 8c936c166b6da1ebd0e8d95e56ceee5167357d6
diff --git a/puppet/modules/tor/manifests/daemon/base.pp b/puppet/modules/tor/manifests/daemon/base.pp
new file mode 100644
index 00000000..63d7bc4d
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/base.pp
@@ -0,0 +1,77 @@
+# extend basic tor things with a snippet based daemon configuration
+class tor::daemon::base inherits tor::base {
+  # packages, user, group
+  Service['tor'] {
+    subscribe => File[$tor::daemon::config_file],
+  }
+
+  Package[ 'tor' ] {
+    require => File[$tor::daemon::data_dir],
+  }
+
+  group { 'debian-tor':
+    ensure    => present,
+    allowdupe => false,
+  }
+
+  user { 'debian-tor':
+    ensure    => present,
+    allowdupe => false,
+    comment   => 'tor user,,,',
+    home      => $tor::daemon::data_dir,
+    shell     => '/bin/false',
+    gid       => 'debian-tor',
+    require   => Group['debian-tor'],
+  }
+
+  # directories
+  file { $tor::daemon::data_dir:
+    ensure  => directory,
+    mode    => '0700',
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    require => User['debian-tor'],
+  }
+
+  file { '/etc/tor':
+    ensure  => directory,
+    mode    => '0755',
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    require => User['debian-tor'],
+  }
+
+  file { '/var/lib/puppet/modules/tor':
+    ensure  => absent,
+    recurse => true,
+    force   => true,
+  }
+
+  # tor configuration file
+  concat { $tor::daemon::config_file:
+    mode   => '0600',
+    owner  => 'debian-tor',
+    group  => 'debian-tor',
+  }
+
+  # config file headers
+  concat::fragment { '00.header':
+    ensure  => present,
+    content => template('tor/torrc.header.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 00,
+    target  => $tor::daemon::config_file,
+  }
+
+  # global configurations
+  concat::fragment { '01.global':
+    content => template('tor/torrc.global.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 01,
+    target  => $tor::daemon::config_file,
+  }
+}
diff --git a/puppet/modules/tor/manifests/daemon/bridge.pp b/puppet/modules/tor/manifests/daemon/bridge.pp
new file mode 100644
index 00000000..063f5656
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/bridge.pp
@@ -0,0 +1,18 @@
+# Bridge definition
+define tor::daemon::bridge(
+  $ip,
+  $port,
+  $fingerprint = false,
+  $ensure      = present ) {
+
+  concat::fragment { "10.bridge.${name}":
+    ensure  => $ensure,
+    content => template('tor/torrc.bridge.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 10,
+    target  => $tor::daemon::config_file,
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/control.pp b/puppet/modules/tor/manifests/daemon/control.pp
new file mode 100644
index 00000000..01726562
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/control.pp
@@ -0,0 +1,27 @@
+# control definition
+define tor::daemon::control(
+  $port                            = 0,
+  $hashed_control_password         = '',
+  $cookie_authentication           = 0,
+  $cookie_auth_file                = '',
+  $cookie_auth_file_group_readable = '',
+  $ensure                          = present ) {
+
+  if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' {
+    fail('You need to define the tor control password')
+  }
+
+  if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') {
+    notice('You set a tor cookie authentication option, but do not have cookie_authentication on')
+  }
+
+  concat::fragment { '04.control':
+    ensure  => $ensure,
+    content => template('tor/torrc.control.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0600',
+    order   => 04,
+    target  => $tor::daemon::config_file,
+  }
+}
diff --git a/puppet/modules/tor/manifests/daemon/directory.pp b/puppet/modules/tor/manifests/daemon/directory.pp
new file mode 100644
index 00000000..d877a861
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/directory.pp
@@ -0,0 +1,27 @@
+# directory advertising
+define tor::daemon::directory (
+  $port             = 0,
+  $listen_addresses = [],
+  $port_front_page  = '/etc/tor/tor-exit-notice.html',
+  $ensure           = present ) {
+
+  concat::fragment { '06.directory':
+    ensure  => $ensure,
+    content => template('tor/torrc.directory.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 06,
+    target  => $tor::daemon::config_file,
+  }
+
+  file { '/etc/tor/tor-exit-notice.html':
+    ensure  => $ensure,
+    source  => 'puppet:///modules/tor/tor-exit-notice.html',
+    require => File['/etc/tor'],
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/dns.pp b/puppet/modules/tor/manifests/daemon/dns.pp
new file mode 100644
index 00000000..4677f24d
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/dns.pp
@@ -0,0 +1,17 @@
+# DNS definition
+define tor::daemon::dns(
+  $port             = 0,
+  $listen_addresses = [],
+  $ensure           = present ) {
+
+  concat::fragment { "08.dns.${name}":
+    ensure  => $ensure,
+    content => template('tor/torrc.dns.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => '08',
+    target  => $tor::daemon::config_file,
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/exit_policy.pp b/puppet/modules/tor/manifests/daemon/exit_policy.pp
new file mode 100644
index 00000000..f459ece7
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/exit_policy.pp
@@ -0,0 +1,18 @@
+# exit policies
+define tor::daemon::exit_policy(
+  $accept         = [],
+  $reject         = [],
+  $reject_private = 1,
+  $ensure         = present ) {
+
+  concat::fragment { "07.exit_policy.${name}":
+    ensure  => $ensure,
+    content => template('tor/torrc.exit_policy.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 07,
+    target  => $tor::daemon::config_file,
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/hidden_service.pp b/puppet/modules/tor/manifests/daemon/hidden_service.pp
new file mode 100644
index 00000000..c8272116
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/hidden_service.pp
@@ -0,0 +1,17 @@
+# hidden services definition
+define tor::daemon::hidden_service(
+  $ports    = [],
+  $data_dir = $tor::daemon::data_dir,
+  $ensure   = present ) {
+
+  concat::fragment { "05.hidden_service.${name}":
+    ensure  => $ensure,
+    content => template('tor/torrc.hidden_service.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 05,
+    target  => $tor::daemon::config_file,
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/map_address.pp b/puppet/modules/tor/manifests/daemon/map_address.pp
new file mode 100644
index 00000000..270eac21
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/map_address.pp
@@ -0,0 +1,17 @@
+# map address definition
+define tor::daemon::map_address(
+  $address    = '',
+  $newaddress = '',
+  $ensure     = 'present') {
+
+  concat::fragment { "08.map_address.${name}":
+    ensure  => $ensure,
+    content => template('tor/torrc.map_address.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => '08',
+    target  => $tor::daemon::config_file,
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/relay.pp b/puppet/modules/tor/manifests/daemon/relay.pp
new file mode 100644
index 00000000..ff528937
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/relay.pp
@@ -0,0 +1,42 @@
+# relay definition
+define tor::daemon::relay(
+  $port                    = 0,
+  $listen_addresses        = [],
+  $outbound_bindaddresses  = [],
+  $portforwarding          = 0,
+  # KB/s, defaulting to using tor's default: 5120KB/s
+  $bandwidth_rate          = '',
+  # KB/s, defaulting to using tor's default: 10240KB/s
+  $bandwidth_burst         = '',
+  # KB/s, 0 for no limit
+  $relay_bandwidth_rate    = 0,
+  # KB/s, 0 for no limit
+  $relay_bandwidth_burst   = 0,
+  # GB, 0 for no limit
+  $accounting_max          = 0,
+  $accounting_start        = [],
+  $contact_info            = '',
+  # TODO: autofill with other relays
+  $my_family               = '',
+  $address                 = "tor.${::domain}",
+  $bridge_relay            = 0,
+  $ensure                  = present ) {
+
+  $nickname = $name
+
+  if $outbound_bindaddresses == [] {
+    $real_outbound_bindaddresses = []
+  } else {
+    $real_outbound_bindaddresses = $outbound_bindaddresses
+  }
+
+  concat::fragment { '03.relay':
+    ensure  => $ensure,
+    content => template('tor/torrc.relay.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 03,
+    target  => $tor::daemon::config_file,
+  }
+}
diff --git a/puppet/modules/tor/manifests/daemon/snippet.pp b/puppet/modules/tor/manifests/daemon/snippet.pp
new file mode 100644
index 00000000..b9089b40
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/snippet.pp
@@ -0,0 +1,16 @@
+# Arbitrary torrc snippet definition
+define tor::daemon::snippet(
+  $content = '',
+  $ensure  = present ) {
+
+  concat::fragment { "99.snippet.${name}":
+    ensure  => $ensure,
+    content => $content,
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 99,
+    target  => $tor::daemon::config_file,
+  }
+}
+
diff --git a/puppet/modules/tor/manifests/daemon/socks.pp b/puppet/modules/tor/manifests/daemon/socks.pp
new file mode 100644
index 00000000..910461c9
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/socks.pp
@@ -0,0 +1,15 @@
+# socks definition
+define tor::daemon::socks(
+  $port = 0,
+  $listen_addresses = [],
+  $policies = [] ) {
+
+  concat::fragment { '02.socks':
+    content => template('tor/torrc.socks.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => 02,
+    target  => $tor::daemon::config_file,
+  }
+}
diff --git a/puppet/modules/tor/manifests/daemon/transparent.pp b/puppet/modules/tor/manifests/daemon/transparent.pp
new file mode 100644
index 00000000..65d744f4
--- /dev/null
+++ b/puppet/modules/tor/manifests/daemon/transparent.pp
@@ -0,0 +1,17 @@
+# Transparent proxy definition
+define tor::daemon::transparent(
+  $port             = 0,
+  $listen_addresses = [],
+  $ensure           = present ) {
+
+  concat::fragment { "09.transparent.${name}":
+    ensure  => $ensure,
+    content => template('tor/torrc.transparent.erb'),
+    owner   => 'debian-tor',
+    group   => 'debian-tor',
+    mode    => '0644',
+    order   => '09',
+    target  => $tor::daemon::config_file,
+  }
+}
+
author	Micah Anderson <micah@riseup.net>	2016-11-04 10:54:28 -0400
committer	Micah Anderson <micah@riseup.net>	2016-11-04 10:54:28 -0400
commit	34a381efa8f6295080c843f86bfa07d4e41056af (patch)
tree	9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/tor/manifests/daemon
parent	0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff)
parent	5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff)