diff options
author | Micah Anderson <micah@riseup.net> | 2017-04-24 14:38:32 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2017-04-25 16:58:41 -0400 |
commit | ada9645de11d75701db8202f34de5c26a2b749c2 (patch) | |
tree | 26f5239a2dd8c3e2ddefccee15839faeae7a16a2 /puppet | |
parent | c393af8fd5321b8ddf547aed22f833899e56e20e (diff) |
Add single-hop hidden service capability.
This cuts the number of hops for a tor onion service from 6 to 3,
speeding it up considerably. This removes the anonymity aspect of the
service, so it must be enabled intentionally, knowing that the server's
location no longer is hidden.
Diffstat (limited to 'puppet')
4 files changed, 11 insertions, 6 deletions
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp index 8a10398a..b64a35bc 100644 --- a/puppet/modules/site_static/manifests/hidden_service.pp +++ b/puppet/modules/site_static/manifests/hidden_service.pp @@ -1,8 +1,11 @@ # create hidden service for static sites -class site_static::hidden_service { +class site_static::hidden_service ( $single_hop = false ) { include tor::daemon - tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'static': + ports => [ '80 127.0.0.1:80'], + single_hop => $single_hop + } file { '/var/lib/tor/webapp/': ensure => directory, diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index dd3f912d..8be791e5 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -74,8 +74,7 @@ class site_static { if $tor { $hidden_service = $tor['hidden_service'] $tor_domain = "${hidden_service['address']}.onion" - if $hidden_service['active'] { - include site_static::hidden_service + class { 'site_static::hidden_service': single_hop => $hidden_service['single_hop'] } # Currently, we only support a single hidden service address per server. # So if there is more than one domain configured, then we need to make sure diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 2207a5a9..8a92a944 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -20,7 +20,7 @@ class site_tor { } include site_config::default - include tor::daemon + class { 'tor::daemon': ensure_version => latest } tor::daemon::relay { $nickname: port => 9001, address => $address, diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 81d431cd..6651df86 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -11,7 +11,10 @@ class site_webapp::hidden_service { include apache::module::removeip include tor::daemon - tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'webapp': + ports => [ '80 127.0.0.1:80'], + single_hop => $hidden_service['single_hop'] + } file { '/var/lib/tor/webapp/': |