3 files changed, 30 insertions, 23 deletions

diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp
index 71450370..e1947048 100644
--- a/puppet/modules/site_webapp/manifests/couchdb.pp
+++ b/puppet/modules/site_webapp/manifests/couchdb.pp
@@ -1,9 +1,10 @@
+# Configures webapp couchdb config
 class site_webapp::couchdb {
 
   $webapp                  = hiera('webapp')
-  # haproxy listener on port localhost:4096, see site_webapp::haproxy
+  # stunnel endpoint on port localhost:4000
   $couchdb_host            = 'localhost'
-  $couchdb_port            = '4096'
+  $couchdb_port            = $webapp['couchdb_port']
   $couchdb_webapp_user     = $webapp['couchdb_webapp_user']['username']
   $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password']
   $couchdb_admin_user      = $webapp['couchdb_admin_user']['username']
@@ -22,8 +23,8 @@ class site_webapp::couchdb {
     # couchdb.admin.yml is a symlink to prevent the vcsrepo resource
     # from changing its user permissions every time.
     '/srv/leap/webapp/config/couchdb.admin.yml':
-      ensure => 'link',
-      target => '/etc/leap/couchdb.admin.yml',
+      ensure  => 'link',
+      target  => '/etc/leap/couchdb.admin.yml',
       require => Vcsrepo['/srv/leap/webapp'];
 
     '/etc/leap/couchdb.admin.yml':
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index d2662b65..290f9665 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -1,8 +1,10 @@
 # Configure tor hidden service for webapp
 class site_webapp::hidden_service {
+  Class['site_tor::hidden_service'] -> Class['site_webapp::hidden_service']
+  include site_tor::hidden_service
   $tor              = hiera('tor')
   $hidden_service   = $tor['hidden_service']
-  $tor_domain       = "${hidden_service['address']}.onion"
+  $onion_domain     = "${hidden_service['address']}.onion"
 
   include site_apache::common
   include apache::module::headers
@@ -10,27 +12,30 @@ class site_webapp::hidden_service {
   include apache::module::expires
   include apache::module::removeip
 
-  include tor::daemon
-  tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] }
+  tor::daemon::hidden_service { 'webapp':
+    ports      => [ '80 127.0.0.1:80'],
+    single_hop => $hidden_service['single_hop'],
+    v3         => $hidden_service['v3']
+  }
 
   file {
     '/var/lib/tor/webapp/':
-      ensure  => directory,
-      owner   => 'debian-tor',
-      group   => 'debian-tor',
-      mode    => '2700';
+      ensure => directory,
+      owner  => 'debian-tor',
+      group  => 'debian-tor',
+      mode   => '2700';
 
     '/var/lib/tor/webapp/private_key':
-      ensure  => present,
-      source  => "/srv/leap/files/nodes/${::hostname}/tor.key",
-      owner   => 'debian-tor',
-      group   => 'debian-tor',
-      mode    => '0600',
-      notify  => Service['tor'];
+      ensure => present,
+      source => "/srv/leap/files/nodes/${::hostname}/tor.key",
+      owner  => 'debian-tor',
+      group  => 'debian-tor',
+      mode   => '0600',
+      notify => Service['tor'];
 
     '/var/lib/tor/webapp/hostname':
       ensure  => present,
-      content => "${tor_domain}\n",
+      content => "${onion_domain}\n",
       owner   => 'debian-tor',
       group   => 'debian-tor',
       mode    => '0600',
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 83cf99a9..605d71b3 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -1,6 +1,7 @@
 # configure webapp service
 class site_webapp {
   tag 'leap_service'
+  $services         = hiera('services', [])
   $definition_files = hiera('definition_files')
   $provider         = $definition_files['provider']
   $eip_service      = $definition_files['eip_service']
@@ -10,6 +11,7 @@ class site_webapp {
   $provider_domain  = $node_domain['full_suffix']
   $webapp           = hiera('webapp')
   $api_version      = $webapp['api_version']
+  $secret_key_base  = $webapp['secret_key_base']
   $secret_token     = $webapp['secret_token']
   $tor              = hiera('tor', false)
   $sources          = hiera('sources')
@@ -19,7 +21,6 @@ class site_webapp {
   include ::site_config::ruby::dev
   include ::site_webapp::apache
   include ::site_webapp::couchdb
-  include ::site_haproxy
   include ::site_webapp::cron
   include ::site_config::default
   include ::site_config::x509::cert
@@ -106,7 +107,9 @@ class site_webapp {
     '/srv/leap/webapp/public/ca.crt':
       ensure  => link,
       require => Vcsrepo['/srv/leap/webapp'],
+      # lint:ignore:variable_is_lowercase
       target  => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt";
+      # lint:endignore
 
     "/srv/leap/webapp/public/${api_version}":
       ensure  => directory,
@@ -175,11 +178,9 @@ class site_webapp {
       notify  => Service['apache'];
   }
 
-  if $tor {
+  if $tor and member($services, 'tor_hidden_service') {
     $hidden_service = $tor['hidden_service']
-    if $hidden_service['active'] {
-      include ::site_webapp::hidden_service
-    }
+    include ::site_webapp::hidden_service
   }