summaryrefslogtreecommitdiff
path: root/puppet/modules/site_tor
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_tor')
-rw-r--r--puppet/modules/site_tor/manifests/disable_exit.pp6
-rw-r--r--puppet/modules/site_tor/manifests/hidden_service.pp13
2 files changed, 19 insertions, 0 deletions
diff --git a/puppet/modules/site_tor/manifests/disable_exit.pp b/puppet/modules/site_tor/manifests/disable_exit.pp
index 078f80ae..85c24bfc 100644
--- a/puppet/modules/site_tor/manifests/disable_exit.pp
+++ b/puppet/modules/site_tor/manifests/disable_exit.pp
@@ -1,7 +1,13 @@
+# ensure that the tor relay is not configured as an exit node
class site_tor::disable_exit {
tor::daemon::exit_policy {
'no_exit_at_all':
reject => [ '*:*' ];
}
+# In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.
+ tor::daemon::snippet {
+ 'disable_exit':
+ content => 'ExitRelay 0';
+ }
}
diff --git a/puppet/modules/site_tor/manifests/hidden_service.pp b/puppet/modules/site_tor/manifests/hidden_service.pp
new file mode 100644
index 00000000..87a7b696
--- /dev/null
+++ b/puppet/modules/site_tor/manifests/hidden_service.pp
@@ -0,0 +1,13 @@
+# This class simply makes sure a base tor is installed and configured
+# It doesn't configure any specific hidden service functionality,
+# instead that is configured in site_webapp::hidden_service and
+# site_static::hidden_service.
+#
+# Those could be factored out to make them more generic.
+class site_tor::hidden_service {
+ tag 'leap_service'
+ Class['site_config::default'] -> Class['site_tor::hidden_service']
+
+ include site_config::default
+ include site_tor
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 02:36:02 +0000