diff options
| -rw-r--r-- | puppet/modules/site_tor/manifests/disable_exit.pp | 7 | ||||
| -rw-r--r-- | puppet/modules/site_tor/manifests/exit_policy.pp | 8 | ||||
| -rw-r--r-- | puppet/modules/site_tor/manifests/init.pp | 10 |
3 files changed, 12 insertions, 13 deletions
diff --git a/puppet/modules/site_tor/manifests/disable_exit.pp b/puppet/modules/site_tor/manifests/disable_exit.pp new file mode 100644 index 00000000..73016646 --- /dev/null +++ b/puppet/modules/site_tor/manifests/disable_exit.pp @@ -0,0 +1,7 @@ +class site_tor::disable_exit { + tor::daemon::exit_policy { + 'no_exit_at_all': + reject => '*:*'; + } +} + diff --git a/puppet/modules/site_tor/manifests/exit_policy.pp b/puppet/modules/site_tor/manifests/exit_policy.pp deleted file mode 100644 index f2d2d38f..00000000 --- a/puppet/modules/site_tor/manifests/exit_policy.pp +++ /dev/null @@ -1,8 +0,0 @@ -class site_tor::exit_policy { - # exaple policy to allow ssh - tor::daemon::exit_policy { 'ssh_exit_policy': - accept => '*:22', - reject => '*:*'; - } -} - diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 7c25b0e9..654337c7 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -6,22 +6,22 @@ class site_tor { $tor_type = $tor['type'] $contact_email = hiera('contact_email') + $address = hiera('ip_address') class { 'tor::daemon': } tor::daemon::relay { $::hostname: port => 9001, - #listen_addresses => '', + address => $address, contact_info => $contact_email, bandwidth_rate => $bandwidth_rate, } - # we configure the directory later - #tor::daemon::directory { $::hostname: port => 80 } + tor::daemon::directory { $::hostname: port => 80 } include site_shorewall::tor - if ( $tor_type == 'exit' ) { - include site_tor::exit_policy + if ( $tor_type != 'exit' ) { + include site_tor::disable_exit } } |