Feat: split tor service into three

The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
author: elijah <elijah@riseup.net> 2017-09-19 11:54:27 -0700
committer: Micah Anderson <micah@riseup.net> 2017-10-05 19:24:34 -0400
commit: 96f8af37b4a3bbd9a15651e27f588073c0601299 (patch)
tree: 9f2883b1aa100861bfd8d80c6d645d65d3a5e492 /puppet/modules
parent: 18db08c95b0de9cf1ad511fa1dbb20f5eda8bbac (diff)
6 files changed, 17 insertions, 19 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
index 1d19094e..ddf69a42 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
@@ -1,5 +1,5 @@
 <VirtualHost 127.0.0.1:80>
-  ServerName <%= @tor_domain %>
+  ServerName <%= @onion_domain %>
 
   <IfModule mod_headers.c>
     Header always unset X-Powered-By
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index 31cf328e..dcf3785e 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -23,7 +23,7 @@ class site_static::hidden_service ( $single_hop = false ) {
 
     '/var/lib/tor/static/hostname':
       ensure  => present,
-      content => "${::site_static::tor_domain}\n",
+      content => "${::site_static::onion_domain}\n",
       owner   => 'debian-tor',
       group   => 'debian-tor',
       mode    => '0600',
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 96d92f74..4ddce5ed 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -12,10 +12,10 @@ class site_static {
   $formats        = $static['formats']
   $bootstrap      = $static['bootstrap_files']
   $tor            = hiera('tor', false)
-  if $tor and member($services, 'tor') and $tor['hidden_service']['active'] == true {
-    $tor_active = true
+  if $tor and member($services, 'hidden_service') {
+    $onion_active = true
   } else {
-    $tor_active = false
+    $onion_active = false
   }
 
   file {
@@ -76,9 +76,9 @@ class site_static {
     }
   }
 
-  if $tor_active {
+  if $onion_active {
     $hidden_service = $tor['hidden_service']
-    $tor_domain     = "${hidden_service['address']}.onion"
+    $onion_domain     = "${hidden_service['address']}.onion"
     class { 'site_static::hidden_service':
       single_hop => $hidden_service['single_hop']
     }
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index 75d834e7..716df437 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -74,14 +74,14 @@
   Require all granted
 </Directory>
 
-<%- if @tor_active && (@always_use_hidden_service || @use_hidden_service) -%>
+<%- if @onion_active && (@always_use_hidden_service || @use_hidden_service) -%>
 ##
-## Tor
+## Hidden Service
 ##
 <VirtualHost 127.0.0.1:80>
-  ServerName <%= @tor_domain %>
+  ServerName <%= @onion_domain %>
 <%- if @www_alias -%>
-  ServerAlias www.<%= @tor_domain %>
+  ServerAlias www.<%= @onion_domain %>
 <%- end -%>
 
   <IfModule mod_headers.c>
@@ -105,7 +105,7 @@
 <VirtualHost *:80>
   ServerName <%= @domain %>
 <%- if @www_alias -%>
-  ServerAlias www.<%= @tor_domain %>
+  ServerAlias www.<%= @domain %>
 <%- end -%>
 <%- @aliases && @aliases.each do |domain_alias| -%>
   ServerAlias <%= domain_alias %>
@@ -127,7 +127,7 @@
 <VirtualHost *:443>
   ServerName <%= @domain %>
 <%- if @www_alias -%>
-  ServerAlias www.<%= @tor_domain %>
+  ServerAlias www.<%= @domain %>
 <%- end -%>
 <%- @aliases && @aliases.each do |domain_alias| -%>
   ServerAlias <%= domain_alias %>
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index 3f3f1d0c..658d62f9 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -2,7 +2,7 @@
 class site_webapp::hidden_service {
   $tor              = hiera('tor')
   $hidden_service   = $tor['hidden_service']
-  $tor_domain       = "${hidden_service['address']}.onion"
+  $onion_domain     = "${hidden_service['address']}.onion"
 
   include site_apache::common
   include apache::module::headers
@@ -33,7 +33,7 @@ class site_webapp::hidden_service {
 
     '/var/lib/tor/webapp/hostname':
       ensure  => present,
-      content => "${tor_domain}\n",
+      content => "${onion_domain}\n",
       owner   => 'debian-tor',
       group   => 'debian-tor',
       mode    => '0600',
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index deb8e8c8..968859bf 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -177,11 +177,9 @@ class site_webapp {
       notify  => Service['apache'];
   }
 
-  if $tor {
+  if $tor and member($services, 'hidden_service') {
     $hidden_service = $tor['hidden_service']
-    if $hidden_service['active'] {
-      include ::site_webapp::hidden_service
-    }
+    include ::site_webapp::hidden_service
   }
author	elijah <elijah@riseup.net>	2017-09-19 11:54:27 -0700
committer	Micah Anderson <micah@riseup.net>	2017-10-05 19:24:34 -0400
commit	96f8af37b4a3bbd9a15651e27f588073c0601299 (patch)
tree	9f2883b1aa100861bfd8d80c6d645d65d3a5e492 /puppet/modules
parent	18db08c95b0de9cf1ad511fa1dbb20f5eda8bbac (diff)