summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2017-09-19 11:54:27 -0700
committerMicah Anderson <micah@riseup.net>2017-10-05 19:24:34 -0400
commit96f8af37b4a3bbd9a15651e27f588073c0601299 (patch)
tree9f2883b1aa100861bfd8d80c6d645d65d3a5e492 /puppet
parent18db08c95b0de9cf1ad511fa1dbb20f5eda8bbac (diff)
Feat: split tor service into three
The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp10
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb2
-rw-r--r--puppet/modules/site_static/manifests/hidden_service.pp2
-rw-r--r--puppet/modules/site_static/manifests/init.pp10
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb12
-rw-r--r--puppet/modules/site_webapp/manifests/hidden_service.pp4
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp6
7 files changed, 26 insertions, 20 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index e243c5df..f3e752cc 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -44,10 +44,18 @@ node default {
include site_nagios
}
- if member($services, 'tor') {
+ if member($services, 'tor_relay') {
include site_tor::relay
}
+ if member($services, 'tor_exit') {
+ include site_tor::relay
+ }
+
+ if member($services, 'hidden_service') {
+ include site_tor::hidden_service
+ }
+
if member($services, 'mx') {
include site_mx
}
diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
index 1d19094e..ddf69a42 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
@@ -1,5 +1,5 @@
<VirtualHost 127.0.0.1:80>
- ServerName <%= @tor_domain %>
+ ServerName <%= @onion_domain %>
<IfModule mod_headers.c>
Header always unset X-Powered-By
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index 31cf328e..dcf3785e 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -23,7 +23,7 @@ class site_static::hidden_service ( $single_hop = false ) {
'/var/lib/tor/static/hostname':
ensure => present,
- content => "${::site_static::tor_domain}\n",
+ content => "${::site_static::onion_domain}\n",
owner => 'debian-tor',
group => 'debian-tor',
mode => '0600',
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 96d92f74..4ddce5ed 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -12,10 +12,10 @@ class site_static {
$formats = $static['formats']
$bootstrap = $static['bootstrap_files']
$tor = hiera('tor', false)
- if $tor and member($services, 'tor') and $tor['hidden_service']['active'] == true {
- $tor_active = true
+ if $tor and member($services, 'hidden_service') {
+ $onion_active = true
} else {
- $tor_active = false
+ $onion_active = false
}
file {
@@ -76,9 +76,9 @@ class site_static {
}
}
- if $tor_active {
+ if $onion_active {
$hidden_service = $tor['hidden_service']
- $tor_domain = "${hidden_service['address']}.onion"
+ $onion_domain = "${hidden_service['address']}.onion"
class { 'site_static::hidden_service':
single_hop => $hidden_service['single_hop']
}
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index 75d834e7..716df437 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -74,14 +74,14 @@
Require all granted
</Directory>
-<%- if @tor_active && (@always_use_hidden_service || @use_hidden_service) -%>
+<%- if @onion_active && (@always_use_hidden_service || @use_hidden_service) -%>
##
-## Tor
+## Hidden Service
##
<VirtualHost 127.0.0.1:80>
- ServerName <%= @tor_domain %>
+ ServerName <%= @onion_domain %>
<%- if @www_alias -%>
- ServerAlias www.<%= @tor_domain %>
+ ServerAlias www.<%= @onion_domain %>
<%- end -%>
<IfModule mod_headers.c>
@@ -105,7 +105,7 @@
<VirtualHost *:80>
ServerName <%= @domain %>
<%- if @www_alias -%>
- ServerAlias www.<%= @tor_domain %>
+ ServerAlias www.<%= @domain %>
<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
@@ -127,7 +127,7 @@
<VirtualHost *:443>
ServerName <%= @domain %>
<%- if @www_alias -%>
- ServerAlias www.<%= @tor_domain %>
+ ServerAlias www.<%= @domain %>
<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index 3f3f1d0c..658d62f9 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -2,7 +2,7 @@
class site_webapp::hidden_service {
$tor = hiera('tor')
$hidden_service = $tor['hidden_service']
- $tor_domain = "${hidden_service['address']}.onion"
+ $onion_domain = "${hidden_service['address']}.onion"
include site_apache::common
include apache::module::headers
@@ -33,7 +33,7 @@ class site_webapp::hidden_service {
'/var/lib/tor/webapp/hostname':
ensure => present,
- content => "${tor_domain}\n",
+ content => "${onion_domain}\n",
owner => 'debian-tor',
group => 'debian-tor',
mode => '0600',
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index deb8e8c8..968859bf 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -177,11 +177,9 @@ class site_webapp {
notify => Service['apache'];
}
- if $tor {
+ if $tor and member($services, 'hidden_service') {
$hidden_service = $tor['hidden_service']
- if $hidden_service['active'] {
- include ::site_webapp::hidden_service
- }
+ include ::site_webapp::hidden_service
}