summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp2
-rw-r--r--puppet/modules/site_static/manifests/hidden_service.pp6
-rw-r--r--puppet/modules/site_static/manifests/init.pp13
-rw-r--r--puppet/modules/site_tor/manifests/hidden_service.pp13
-rw-r--r--puppet/modules/site_webapp/manifests/hidden_service.pp3
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp3
6 files changed, 29 insertions, 11 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index f3e752cc..1f80c47c 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -52,7 +52,7 @@ node default {
include site_tor::relay
}
- if member($services, 'hidden_service') {
+ if member($services, 'tor_hidden_service') {
include site_tor::hidden_service
}
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp
index dcf3785e..f23727f7 100644
--- a/puppet/modules/site_static/manifests/hidden_service.pp
+++ b/puppet/modules/site_static/manifests/hidden_service.pp
@@ -1,13 +1,15 @@
# create hidden service for static sites
class site_static::hidden_service ( $single_hop = false ) {
+ Class['site_tor::hidden_service'] -> Class['site_static::hidden_service']
+ include site_tor::hidden_service
- include site_tor
tor::daemon::hidden_service { 'static':
ports => [ '80 127.0.0.1:80'],
single_hop => $single_hop
}
+
file {
- '/var/lib/tor/webapp/':
+ '/var/lib/tor/static/':
ensure => directory,
owner => 'debian-tor',
group => 'debian-tor',
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 4ddce5ed..40c6a28b 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -7,12 +7,13 @@ class site_static {
include site_config::x509::key
include site_config::x509::ca_bundle
- $static = hiera('static')
- $domains = $static['domains']
- $formats = $static['formats']
- $bootstrap = $static['bootstrap_files']
- $tor = hiera('tor', false)
- if $tor and member($services, 'hidden_service') {
+ $services = hiera('services', [])
+ $static = hiera('static')
+ $domains = $static['domains']
+ $formats = $static['formats']
+ $bootstrap = $static['bootstrap_files']
+ $tor = hiera('tor', false)
+ if $tor and member($services, 'tor_hidden_service') {
$onion_active = true
} else {
$onion_active = false
diff --git a/puppet/modules/site_tor/manifests/hidden_service.pp b/puppet/modules/site_tor/manifests/hidden_service.pp
new file mode 100644
index 00000000..87a7b696
--- /dev/null
+++ b/puppet/modules/site_tor/manifests/hidden_service.pp
@@ -0,0 +1,13 @@
+# This class simply makes sure a base tor is installed and configured
+# It doesn't configure any specific hidden service functionality,
+# instead that is configured in site_webapp::hidden_service and
+# site_static::hidden_service.
+#
+# Those could be factored out to make them more generic.
+class site_tor::hidden_service {
+ tag 'leap_service'
+ Class['site_config::default'] -> Class['site_tor::hidden_service']
+
+ include site_config::default
+ include site_tor
+}
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index 658d62f9..1f87da6b 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -1,5 +1,7 @@
# Configure tor hidden service for webapp
class site_webapp::hidden_service {
+ Class['site_tor::hidden_service'] -> Class['site_webapp::hidden_service']
+ include site_tor::hidden_service
$tor = hiera('tor')
$hidden_service = $tor['hidden_service']
$onion_domain = "${hidden_service['address']}.onion"
@@ -10,7 +12,6 @@ class site_webapp::hidden_service {
include apache::module::expires
include apache::module::removeip
- include site_tor
tor::daemon::hidden_service { 'webapp':
ports => [ '80 127.0.0.1:80'],
single_hop => $hidden_service['single_hop']
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 968859bf..605d71b3 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -1,6 +1,7 @@
# configure webapp service
class site_webapp {
tag 'leap_service'
+ $services = hiera('services', [])
$definition_files = hiera('definition_files')
$provider = $definition_files['provider']
$eip_service = $definition_files['eip_service']
@@ -177,7 +178,7 @@ class site_webapp {
notify => Service['apache'];
}
- if $tor and member($services, 'hidden_service') {
+ if $tor and member($services, 'tor_hidden_service') {
$hidden_service = $tor['hidden_service']
include ::site_webapp::hidden_service
}