6 files changed, 211 insertions, 0 deletions

diff --git a/puppet/modules/obfsproxy/files/obfsproxy_daemon b/puppet/modules/obfsproxy/files/obfsproxy_daemon
new file mode 100755
index 00000000..f5914980
--- /dev/null
+++ b/puppet/modules/obfsproxy/files/obfsproxy_daemon
@@ -0,0 +1,99 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          obfsproxy daemon
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: obfsproxy daemon
+# Description:       obfsproxy daemon
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+DAEMON=/usr/bin/obfsproxy
+NAME=obfsproxy
+DESC="obfsproxy daemon"
+USER=obfsproxy
+PIDFILE=/var/run/obfsproxy.pid
+CONF=/etc/obfsproxy.conf
+
+# If the daemon is not there, then exit.
+test -x $DAEMON || exit 0
+
+if [ -f $CONF ] ; then
+  . $CONF
+else
+  echo "Obfsproxy configuration file is missing, aborting..."
+  exit
+fi
+
+DAEMONARGS=" --log-min-severity=$LOG $TRANSPORT $PARAM \
+             --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT"
+
+start_obfsproxy() {
+  start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \
+		-b -c $USER --startas $DAEMON --$DAEMONARGS
+}
+
+stop_obfsproxy() {
+  start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
+}
+
+status_obfsproxy() {
+  status_of_proc -p $PIDFILE $DAEMON $NAME && status="0" || status="$?"
+}
+
+case $1 in
+ start)
+  if [ -e $PIDFILE ]; then
+   status_obfsproxy
+   if [ $status = "0" ]; then
+    exit
+   fi
+  fi
+  log_begin_msg "Starting $DESC"
+  start_obfsproxy
+  log_end_msg $?
+  ;;
+ stop)
+  if [ -e $PIDFILE ]; then
+   status_obfsproxy
+   if [ $status = "0" ]; then
+     log_begin_msg "Stopping $DESC"
+     stop_obfsproxy
+     rm -f $PIDFILE
+     log_end_msg $?
+   fi
+  else
+     log_daemon_msg "$NAME is not running"
+     log_end_msg $?
+  fi
+  ;;
+ restart)
+  $0 stop && sleep 2 && $0 start
+  ;;
+ status)
+#  if [ -e $PIDFILE ]; then
+#   #status_of_proc -p $PIDFILE $DAEMON "$NAME " && exit 0 || exit $?
+#   status_obfsproxy
+#  else
+#   log_daemon_msg "$NAME is not running"
+#   log_end_msg 0
+#  fi
+  status_obfsproxy
+  ;;
+ reload)
+  if [ -e $PIDFILE ]; then
+   start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME
+   log_success_msg "$DESC reloaded successfully"
+  else
+   log_failure_msg "$PIDFILE does not exists"
+  fi
+  ;;
+ *)
+  echo "Usage: $0 {start|stop|restart|reload|status}"
+  exit 2
+  ;;
+esac
diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp
new file mode 100644
index 00000000..4deebb62
--- /dev/null
+++ b/puppet/modules/obfsproxy/manifests/init.pp
@@ -0,0 +1,64 @@
+class obfsproxy (
+  $transport,
+  $port,
+  $param,
+  $dest_ip,
+  $dest_port
+){
+
+  user { obfsproxy:
+    ensure => present,
+    system => true,
+    gid    => obfsproxy,
+  }
+
+  group { obfsproxy:
+    ensure => present,
+    system => true,
+  }
+
+#  file { '/etc/default/obfsproxy':
+#    path    => '/etc/default/obfsproxy',
+#    owner   => 'root',
+#    group   => 'root',
+#    mode    => '0750',
+#    content => template('obfsproxy/etc_default_conf.erb'),
+#  }
+
+  file { '/etc/init.d/obfsproxy':
+    path      => '/etc/init.d/obfsproxy',
+    ensure    => present,
+    source    => 'puppet:///modules/obfsproxy/obfsproxy_daemon',
+    owner     => 'root',
+    group     => 'root',
+    mode      => '0755',
+    require   => File['/etc/obfsproxy.conf'],
+    subscribe => File['/etc/obfsproxy.conf'],
+    #content  => template('obfsproxy/etc_init_d.erb'),
+  }
+
+  file { '/etc/obfsproxy.conf':
+    path    => '/etc/obfsproxy.conf',
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0750',
+    content => template('obfsproxy/etc_conf.erb'),
+  }
+
+  package { "obfsproxy":
+    ensure => present,
+  }
+
+  service { "obfsproxy":
+    ensure  => running,
+    status  => '/usr/sbin/service obfsproxy status
+                | grep "is running"',
+    require => [
+      Package["obfsproxy"],
+      File["/etc/init.d/obfsproxy"] ]
+  }
+
+
+}
+
diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb
new file mode 100644
index 00000000..3313b326
--- /dev/null
+++ b/puppet/modules/obfsproxy/templates/etc_conf.erb
@@ -0,0 +1,11 @@
+TRANSPORT=<%= @transport %>
+PORT=<%= @port %>
+DEST_IP=<%= @dest_ip %>
+DEST_PORT=<%= @dest_port %>
+<% if @transport == "scramblesuit" %>
+PARAM=--password=<%= @param %>
+<% else %>
+PARAM=<%= @param %>
+<% end %>
+LOG=info
+
diff --git a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp
new file mode 100644
index 00000000..081086e5
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp
@@ -0,0 +1,9 @@
+class site_apt::preferences::obfsproxy {
+
+  apt::preferences_snippet { 'obfsproxy':
+    package  => 'obfsproxy',
+    release  => "${::lsbdistcodename}-backports",
+    priority => 999;
+  }
+
+}
diff --git a/puppet/modules/site_obfsproxy/README b/puppet/modules/site_obfsproxy/README
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/puppet/modules/site_obfsproxy/README
diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp
new file mode 100644
index 00000000..23a8dd30
--- /dev/null
+++ b/puppet/modules/site_obfsproxy/manifests/init.pp
@@ -0,0 +1,28 @@
+class site_obfsproxy {
+  tag 'leap_service'
+  Class['site_config::default'] -> Class['site_obfsproxy']
+
+  $transport = 'scramblesuit'
+
+  $obfsproxy = hiera('obfsproxy')
+  $scramblesuit = $obfsproxy['scramblesuit']
+  $scram_pass = $scramblesuit['password']
+  $scram_port = $scramblesuit['port']
+  $dest_ip   = $obfsproxy['gateway_address']
+  $dest_port = '443'
+
+  include site_apt::preferences::twisted
+  include site_apt::preferences::obfsproxy
+
+  class { 'obfsproxy':
+    transport => $transport,
+    port      => $scram_port,
+    param     => $scram_pass,
+    dest_ip   => $dest_ip,
+    dest_port => $dest_port,
+  }
+
+}
+
+
+