Add single-hop hidden service capability.

This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
author: Micah Anderson <micah@riseup.net> 2017-04-24 14:38:32 -0400
committer: Micah Anderson <micah@riseup.net> 2017-04-25 16:58:41 -0400
commit: ada9645de11d75701db8202f34de5c26a2b749c2 (patch)
tree: 26f5239a2dd8c3e2ddefccee15839faeae7a16a2 /puppet
parent: c393af8fd5321b8ddf547aed22f833899e56e20e (diff)
4 files changed, 11 insertions, 6 deletions
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index 8a10398a..b64a35bc 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -1,8 +1,11 @@
 # create hidden service for static sites
-class site_static::hidden_service {
+class site_static::hidden_service ( $single_hop = false ) {
 
   include tor::daemon
-  tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] }
+  tor::daemon::hidden_service { 'static':
+    ports      => [ '80 127.0.0.1:80'],
+    single_hop => $single_hop
+  }
   file {
     '/var/lib/tor/webapp/':
       ensure => directory,
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index dd3f912d..8be791e5 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -74,8 +74,7 @@ class site_static {
   if $tor {
     $hidden_service = $tor['hidden_service']
     $tor_domain     = "${hidden_service['address']}.onion"
-    if $hidden_service['active'] {
-      include site_static::hidden_service
+      class { 'site_static::hidden_service': single_hop => $hidden_service['single_hop']
     }
     # Currently, we only support a single hidden service address per server.
     # So if there is more than one domain configured, then we need to make sure
diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index 2207a5a9..8a92a944 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -20,7 +20,7 @@ class site_tor {
   }
 
   include site_config::default
-  include tor::daemon
+  class { 'tor::daemon': ensure_version => latest }
   tor::daemon::relay { $nickname:
     port           => 9001,
     address        => $address,
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index 81d431cd..6651df86 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -11,7 +11,10 @@ class site_webapp::hidden_service {
   include apache::module::removeip
 
   include tor::daemon
-  tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] }
+  tor::daemon::hidden_service { 'webapp':
+    ports      => [ '80 127.0.0.1:80'],
+    single_hop => $hidden_service['single_hop']
+  }
 
   file {
     '/var/lib/tor/webapp/':
author	Micah Anderson <micah@riseup.net>	2017-04-24 14:38:32 -0400
committer	Micah Anderson <micah@riseup.net>	2017-04-25 16:58:41 -0400
commit	ada9645de11d75701db8202f34de5c26a2b749c2 (patch)
tree	26f5239a2dd8c3e2ddefccee15839faeae7a16a2 /puppet
parent	c393af8fd5321b8ddf547aed22f833899e56e20e (diff)