summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2017-09-19 15:36:06 -0400
committerMicah Anderson <micah@riseup.net>2017-10-05 19:24:50 -0400
commit5b10def43d134e5735bfcec1237c04cf66e8610b (patch)
tree72c1caf4facd3e2433b0dab8d46128f0ac2bf5c3 /puppet
parentfdb58381afa317ab9639dffa59f4155395b68718 (diff)
Feat: Refactor tor services
In order to refactor the tor services, we need to split them out into three different services. This adds the hidden service class that is necessary to support the previous commits. Fixes #8864.
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp2
-rw-r--r--puppet/modules/site_static/manifests/hidden_service.pp6
-rw-r--r--puppet/modules/site_static/manifests/init.pp13
-rw-r--r--puppet/modules/site_tor/manifests/hidden_service.pp13
-rw-r--r--puppet/modules/site_webapp/manifests/hidden_service.pp3
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp3
6 files changed, 29 insertions, 11 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index f3e752cc..1f80c47c 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -52,7 +52,7 @@ node default {
include site_tor::relay
}
- if member($services, 'hidden_service') {
+ if member($services, 'tor_hidden_service') {
include site_tor::hidden_service
}
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index dcf3785e..f23727f7 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -1,13 +1,15 @@
# create hidden service for static sites
class site_static::hidden_service ( $single_hop = false ) {
+ Class['site_tor::hidden_service'] -> Class['site_static::hidden_service']
+ include site_tor::hidden_service
- include site_tor
tor::daemon::hidden_service { 'static':
ports => [ '80 127.0.0.1:80'],
single_hop => $single_hop
}
+
file {
- '/var/lib/tor/webapp/':
+ '/var/lib/tor/static/':
ensure => directory,
owner => 'debian-tor',
group => 'debian-tor',
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 4ddce5ed..40c6a28b 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -7,12 +7,13 @@ class site_static {
include site_config::x509::key
include site_config::x509::ca_bundle
- $static = hiera('static')
- $domains = $static['domains']
- $formats = $static['formats']
- $bootstrap = $static['bootstrap_files']
- $tor = hiera('tor', false)
- if $tor and member($services, 'hidden_service') {
+ $services = hiera('services', [])
+ $static = hiera('static')
+ $domains = $static['domains']
+ $formats = $static['formats']
+ $bootstrap = $static['bootstrap_files']
+ $tor = hiera('tor', false)
+ if $tor and member($services, 'tor_hidden_service') {
$onion_active = true
} else {
$onion_active = false
diff --git a/puppet/modules/site_tor/manifests/hidden_service.pp b/puppet/modules/site_tor/manifests/hidden_service.pp
new file mode 100644
index 00000000..87a7b696
--- /dev/null
+++ b/puppet/modules/site_tor/manifests/hidden_service.pp
@@ -0,0 +1,13 @@
+# This class simply makes sure a base tor is installed and configured
+# It doesn't configure any specific hidden service functionality,
+# instead that is configured in site_webapp::hidden_service and
+# site_static::hidden_service.
+#
+# Those could be factored out to make them more generic.
+class site_tor::hidden_service {
+ tag 'leap_service'
+ Class['site_config::default'] -> Class['site_tor::hidden_service']
+
+ include site_config::default
+ include site_tor
+}
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index 658d62f9..1f87da6b 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -1,5 +1,7 @@
# Configure tor hidden service for webapp
class site_webapp::hidden_service {
+ Class['site_tor::hidden_service'] -> Class['site_webapp::hidden_service']
+ include site_tor::hidden_service
$tor = hiera('tor')
$hidden_service = $tor['hidden_service']
$onion_domain = "${hidden_service['address']}.onion"
@@ -10,7 +12,6 @@ class site_webapp::hidden_service {
include apache::module::expires
include apache::module::removeip
- include site_tor
tor::daemon::hidden_service { 'webapp':
ports => [ '80 127.0.0.1:80'],
single_hop => $hidden_service['single_hop']
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 968859bf..605d71b3 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -1,6 +1,7 @@
# configure webapp service
class site_webapp {
tag 'leap_service'
+ $services = hiera('services', [])
$definition_files = hiera('definition_files')
$provider = $definition_files['provider']
$eip_service = $definition_files['eip_service']
@@ -177,7 +178,7 @@ class site_webapp {
notify => Service['apache'];
}
- if $tor and member($services, 'hidden_service') {
+ if $tor and member($services, 'tor_hidden_service') {
$hidden_service = $tor['hidden_service']
include ::site_webapp::hidden_service
}