summaryrefslogtreecommitdiff
path: root/puppet/modules/site_tor
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_tor')
-rw-r--r--puppet/modules/site_tor/manifests/init.pp41
-rw-r--r--puppet/modules/site_tor/manifests/relay.pp45
2 files changed, 46 insertions, 40 deletions
diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index 8a92a944..356053c1 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -1,45 +1,6 @@
+# generic configuration needed for tor
class site_tor {
- tag 'leap_service'
- Class['site_config::default'] -> Class['site_tor']
- $tor = hiera('tor')
- $bandwidth_rate = $tor['bandwidth_rate']
- $tor_type = $tor['type']
- $nickname = $tor['nickname']
- $contact_emails = join($tor['contacts'],', ')
- $family = $tor['family']
-
- $address = hiera('ip_address')
-
- $openvpn = hiera('openvpn', undef)
- if $openvpn {
- $openvpn_ports = $openvpn['ports']
- }
- else {
- $openvpn_ports = []
- }
-
- include site_config::default
class { 'tor::daemon': ensure_version => latest }
- tor::daemon::relay { $nickname:
- port => 9001,
- address => $address,
- contact_info => obfuscate_email($contact_emails),
- bandwidth_rate => $bandwidth_rate,
- my_family => $family
- }
-
- if ( $tor_type == 'exit'){
- # Only enable the daemon directory if the node isn't also a webapp node
- # or running openvpn on port 80
- if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') {
- tor::daemon::directory { $::hostname: port => 80 }
- }
- }
- else {
- include site_tor::disable_exit
- }
-
- include site_shorewall::tor
}
diff --git a/puppet/modules/site_tor/manifests/relay.pp b/puppet/modules/site_tor/manifests/relay.pp
new file mode 100644
index 00000000..fcb83bc1
--- /dev/null
+++ b/puppet/modules/site_tor/manifests/relay.pp
@@ -0,0 +1,45 @@
+class site_tor::relay {
+ tag 'leap_service'
+ Class['site_config::default'] -> Class['site_tor::relay']
+
+ $tor = hiera('tor')
+ $bandwidth_rate = $tor['bandwidth_rate']
+ $tor_type = $tor['type']
+ $nickname = $tor['nickname']
+ $contact_emails = join($tor['contacts'],', ')
+ $family = $tor['family']
+
+ $address = hiera('ip_address')
+
+ $openvpn = hiera('openvpn', undef)
+ if $openvpn {
+ $openvpn_ports = $openvpn['ports']
+ }
+ else {
+ $openvpn_ports = []
+ }
+
+ include site_config::default
+ include site_tor
+
+ tor::daemon::relay { $nickname:
+ port => 9001,
+ address => $address,
+ contact_info => obfuscate_email($contact_emails),
+ bandwidth_rate => $bandwidth_rate,
+ my_family => $family
+ }
+
+ if ( $tor_type == 'exit'){
+ # Only enable the daemon directory if the node isn't also a webapp node
+ # or running openvpn on port 80
+ if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') {
+ tor::daemon::directory { $::hostname: port => 80 }
+ }
+ }
+ else {
+ include site_tor::disable_exit
+ }
+
+ include site_shorewall::tor
+}