The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
--- /dev/null
+{
+ "tor": {
+ "type": "disabled",
+ "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten",
+ "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]",
+ "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')"
+ }
+}
--- /dev/null
+{
+ "tor": {
+ "hidden_service": {
+ "key_type": "RSA",
+ "public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type)",
+ "private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type)",
+ "address": "=> onion_address(:node_tor_pub_key)",
+ "single_hop": false
+ }
+ }
+}
--- /dev/null
+if self.services.include?("tor_exit") || self.services.include?("tor_relay")
+ LeapCli.log :error, "service `hidden_service` is not compatible with tor_exit or tor_relay (node #{self.name})."
+end
+self.tor['type'] = "hidden_service"
\ No newline at end of file
--- /dev/null
+{
+ "tor": {
+ "bandwidth_rate": 6550
+ }
+}
--- /dev/null
+if self.services.include?("hidden_service") || self.services.include?("tor_relay")
+ LeapCli.log :error, "service `tor_exit` is not compatible with tor_relay or hidden_service (node #{self.name})."
+ exit(1)
+end
+apply_partial("_tor_common")
+self.tor['type'] = "exit"
--- /dev/null
+{
+ "tor": {
+ "bandwidth_rate": 6550
+ }
+}
--- /dev/null
+
+if self.services.include?("tor_exit") || self.services.include?("hidden_service")
+ LeapCli.log :error, "service `tor_relay` is not compatible with tor_exit or hidden_service (node #{self.name})."
+end
+apply_partial("_tor_common")
+self.tor['type'] = "relay"
include site_nagios
}
- if member($services, 'tor') {
+ if member($services, 'tor_relay') {
include site_tor::relay
}
+ if member($services, 'tor_exit') {
+ include site_tor::relay
+ }
+
+ if member($services, 'hidden_service') {
+ include site_tor::hidden_service
+ }
+
if member($services, 'mx') {
include site_mx
}
<VirtualHost 127.0.0.1:80>
- ServerName <%= @tor_domain %>
+ ServerName <%= @onion_domain %>
<IfModule mod_headers.c>
Header always unset X-Powered-By
'/var/lib/tor/static/hostname':
ensure => present,
- content => "${::site_static::tor_domain}\n",
+ content => "${::site_static::onion_domain}\n",
owner => 'debian-tor',
group => 'debian-tor',
mode => '0600',
$formats = $static['formats']
$bootstrap = $static['bootstrap_files']
$tor = hiera('tor', false)
- if $tor and member($services, 'tor') and $tor['hidden_service']['active'] == true {
- $tor_active = true
+ if $tor and member($services, 'hidden_service') {
+ $onion_active = true
} else {
- $tor_active = false
+ $onion_active = false
}
file {
}
}
- if $tor_active {
+ if $onion_active {
$hidden_service = $tor['hidden_service']
- $tor_domain = "${hidden_service['address']}.onion"
+ $onion_domain = "${hidden_service['address']}.onion"
class { 'site_static::hidden_service':
single_hop => $hidden_service['single_hop']
}
Require all granted
</Directory>
-<%- if @tor_active && (@always_use_hidden_service || @use_hidden_service) -%>
+<%- if @onion_active && (@always_use_hidden_service || @use_hidden_service) -%>
##
-## Tor
+## Hidden Service
##
<VirtualHost 127.0.0.1:80>
- ServerName <%= @tor_domain %>
+ ServerName <%= @onion_domain %>
<%- if @www_alias -%>
- ServerAlias www.<%= @tor_domain %>
+ ServerAlias www.<%= @onion_domain %>
<%- end -%>
<IfModule mod_headers.c>
<VirtualHost *:80>
ServerName <%= @domain %>
<%- if @www_alias -%>
- ServerAlias www.<%= @tor_domain %>
+ ServerAlias www.<%= @domain %>
<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<VirtualHost *:443>
ServerName <%= @domain %>
<%- if @www_alias -%>
- ServerAlias www.<%= @tor_domain %>
+ ServerAlias www.<%= @domain %>
<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
class site_webapp::hidden_service {
$tor = hiera('tor')
$hidden_service = $tor['hidden_service']
- $tor_domain = "${hidden_service['address']}.onion"
+ $onion_domain = "${hidden_service['address']}.onion"
include site_apache::common
include apache::module::headers
'/var/lib/tor/webapp/hostname':
ensure => present,
- content => "${tor_domain}\n",
+ content => "${onion_domain}\n",
owner => 'debian-tor',
group => 'debian-tor',
mode => '0600',
notify => Service['apache'];
}
- if $tor {
+ if $tor and member($services, 'hidden_service') {
$hidden_service = $tor['hidden_service']
- if $hidden_service['active'] {
- include ::site_webapp::hidden_service
- }
+ include ::site_webapp::hidden_service
}