summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/tor/.gitrepo6
-rw-r--r--puppet/modules/tor/README2
-rw-r--r--puppet/modules/tor/manifests/daemon/base.pp14
-rw-r--r--puppet/modules/tor/manifests/daemon/bridge.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/control.pp18
-rw-r--r--puppet/modules/tor/manifests/daemon/directory.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/dns.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/exit_policy.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/hidden_service.pp18
-rw-r--r--puppet/modules/tor/manifests/daemon/map_address.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/relay.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/snippet.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/socks.pp3
-rw-r--r--puppet/modules/tor/manifests/daemon/transparent.pp3
-rw-r--r--puppet/modules/tor/manifests/munin.pp2
-rw-r--r--puppet/modules/tor/manifests/repo.pp3
-rw-r--r--puppet/modules/tor/manifests/repo/debian.pp2
-rw-r--r--puppet/modules/tor/templates/torrc.directory.erb4
-rw-r--r--puppet/modules/tor/templates/torrc.global.erb4
-rw-r--r--puppet/modules/tor/templates/torrc.hidden_service.erb6
20 files changed, 42 insertions, 64 deletions
diff --git a/puppet/modules/tor/.gitrepo b/puppet/modules/tor/.gitrepo
index dfc1b3d9..5e3e3c1f 100644
--- a/puppet/modules/tor/.gitrepo
+++ b/puppet/modules/tor/.gitrepo
@@ -6,6 +6,6 @@
[subrepo]
remote = https://leap.se/git/puppet_tor
branch = master
- commit = 9981a70f7ba1f9e4fe33e4eb46654295287c1fc1
- parent = 26aac7ccf240b06d65616bdd00ae472d980aaea9
- cmdver = 0.3.0
+ commit = 5ef29012dccc90e68afc215be9521629a0903bc6
+ parent = 747d3e9b55c8b7b7d98a63474b6de82d7114c389
+ cmdver = 0.4.0
diff --git a/puppet/modules/tor/README b/puppet/modules/tor/README
index 7777438a..188accac 100644
--- a/puppet/modules/tor/README
+++ b/puppet/modules/tor/README
@@ -113,7 +113,7 @@ Installing torsocks
To install torsocks, simply include the 'torsocks' class in your manifests:
- class { 'torsocks': }
+ class { 'tor::torsocks': }
You can specify the $ensure_version class parameter to get a specific
version installed.
diff --git a/puppet/modules/tor/manifests/daemon/base.pp b/puppet/modules/tor/manifests/daemon/base.pp
index 63d7bc4d..c0c82ac6 100644
--- a/puppet/modules/tor/manifests/daemon/base.pp
+++ b/puppet/modules/tor/manifests/daemon/base.pp
@@ -2,7 +2,7 @@
class tor::daemon::base inherits tor::base {
# packages, user, group
Service['tor'] {
- subscribe => File[$tor::daemon::config_file],
+ subscribe => Concat[$tor::daemon::config_file],
}
Package[ 'tor' ] {
@@ -49,18 +49,15 @@ class tor::daemon::base inherits tor::base {
# tor configuration file
concat { $tor::daemon::config_file:
- mode => '0600',
- owner => 'debian-tor',
- group => 'debian-tor',
+ mode => '0600',
+ owner => 'debian-tor',
+ group => 'debian-tor',
}
# config file headers
concat::fragment { '00.header':
ensure => present,
content => template('tor/torrc.header.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 00,
target => $tor::daemon::config_file,
}
@@ -68,9 +65,6 @@ class tor::daemon::base inherits tor::base {
# global configurations
concat::fragment { '01.global':
content => template('tor/torrc.global.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 01,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/bridge.pp b/puppet/modules/tor/manifests/daemon/bridge.pp
index 063f5656..83d74e07 100644
--- a/puppet/modules/tor/manifests/daemon/bridge.pp
+++ b/puppet/modules/tor/manifests/daemon/bridge.pp
@@ -8,9 +8,6 @@ define tor::daemon::bridge(
concat::fragment { "10.bridge.${name}":
ensure => $ensure,
content => template('tor/torrc.bridge.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 10,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/control.pp b/puppet/modules/tor/manifests/daemon/control.pp
index 01726562..ee425f33 100644
--- a/puppet/modules/tor/manifests/daemon/control.pp
+++ b/puppet/modules/tor/manifests/daemon/control.pp
@@ -7,20 +7,20 @@ define tor::daemon::control(
$cookie_auth_file_group_readable = '',
$ensure = present ) {
- if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' {
- fail('You need to define the tor control password')
- }
+ if $cookie_authentication == '0'
+ and $hashed_control_password == ''
+ and $ensure != 'absent' {
+ fail('You need to define the tor control password')
+ }
- if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') {
- notice('You set a tor cookie authentication option, but do not have cookie_authentication on')
- }
+ if $cookie_authentication == 0
+ and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') {
+ notice('You set a tor cookie authentication option, but do not have cookie_authentication on') # lint:ignore:80chars
+ }
concat::fragment { '04.control':
ensure => $ensure,
content => template('tor/torrc.control.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0600',
order => 04,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/directory.pp b/puppet/modules/tor/manifests/daemon/directory.pp
index d877a861..e2e405da 100644
--- a/puppet/modules/tor/manifests/daemon/directory.pp
+++ b/puppet/modules/tor/manifests/daemon/directory.pp
@@ -8,9 +8,6 @@ define tor::daemon::directory (
concat::fragment { '06.directory':
ensure => $ensure,
content => template('tor/torrc.directory.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 06,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/dns.pp b/puppet/modules/tor/manifests/daemon/dns.pp
index 4677f24d..e8d4fc88 100644
--- a/puppet/modules/tor/manifests/daemon/dns.pp
+++ b/puppet/modules/tor/manifests/daemon/dns.pp
@@ -7,9 +7,6 @@ define tor::daemon::dns(
concat::fragment { "08.dns.${name}":
ensure => $ensure,
content => template('tor/torrc.dns.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => '08',
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/exit_policy.pp b/puppet/modules/tor/manifests/daemon/exit_policy.pp
index f459ece7..df0fb999 100644
--- a/puppet/modules/tor/manifests/daemon/exit_policy.pp
+++ b/puppet/modules/tor/manifests/daemon/exit_policy.pp
@@ -8,9 +8,6 @@ define tor::daemon::exit_policy(
concat::fragment { "07.exit_policy.${name}":
ensure => $ensure,
content => template('tor/torrc.exit_policy.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 07,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/hidden_service.pp b/puppet/modules/tor/manifests/daemon/hidden_service.pp
index c8272116..07121bd6 100644
--- a/puppet/modules/tor/manifests/daemon/hidden_service.pp
+++ b/puppet/modules/tor/manifests/daemon/hidden_service.pp
@@ -1,17 +1,21 @@
# hidden services definition
define tor::daemon::hidden_service(
- $ports = [],
- $data_dir = $tor::daemon::data_dir,
- $ensure = present ) {
+ $ports = [],
+ $single_hop = false,
+ $data_dir = $tor::daemon::data_dir,
+ $ensure = present ) {
+
+
+ if $single_hop {
+ file { "${$data_dir}/${$name}/onion_service_non_anonymous":
+ ensure => 'present',
+ }
+ }
concat::fragment { "05.hidden_service.${name}":
ensure => $ensure,
content => template('tor/torrc.hidden_service.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 05,
target => $tor::daemon::config_file,
}
}
-
diff --git a/puppet/modules/tor/manifests/daemon/map_address.pp b/puppet/modules/tor/manifests/daemon/map_address.pp
index 270eac21..ac624a0a 100644
--- a/puppet/modules/tor/manifests/daemon/map_address.pp
+++ b/puppet/modules/tor/manifests/daemon/map_address.pp
@@ -7,9 +7,6 @@ define tor::daemon::map_address(
concat::fragment { "08.map_address.${name}":
ensure => $ensure,
content => template('tor/torrc.map_address.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => '08',
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/relay.pp b/puppet/modules/tor/manifests/daemon/relay.pp
index ff528937..555587cd 100644
--- a/puppet/modules/tor/manifests/daemon/relay.pp
+++ b/puppet/modules/tor/manifests/daemon/relay.pp
@@ -33,9 +33,6 @@ define tor::daemon::relay(
concat::fragment { '03.relay':
ensure => $ensure,
content => template('tor/torrc.relay.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 03,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/snippet.pp b/puppet/modules/tor/manifests/daemon/snippet.pp
index b9089b40..7e1494c5 100644
--- a/puppet/modules/tor/manifests/daemon/snippet.pp
+++ b/puppet/modules/tor/manifests/daemon/snippet.pp
@@ -6,9 +6,6 @@ define tor::daemon::snippet(
concat::fragment { "99.snippet.${name}":
ensure => $ensure,
content => $content,
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 99,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/socks.pp b/puppet/modules/tor/manifests/daemon/socks.pp
index 910461c9..54c8b6a2 100644
--- a/puppet/modules/tor/manifests/daemon/socks.pp
+++ b/puppet/modules/tor/manifests/daemon/socks.pp
@@ -6,9 +6,6 @@ define tor::daemon::socks(
concat::fragment { '02.socks':
content => template('tor/torrc.socks.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => 02,
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/daemon/transparent.pp b/puppet/modules/tor/manifests/daemon/transparent.pp
index 65d744f4..6ac7b44c 100644
--- a/puppet/modules/tor/manifests/daemon/transparent.pp
+++ b/puppet/modules/tor/manifests/daemon/transparent.pp
@@ -7,9 +7,6 @@ define tor::daemon::transparent(
concat::fragment { "09.transparent.${name}":
ensure => $ensure,
content => template('tor/torrc.transparent.erb'),
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => '0644',
order => '09',
target => $tor::daemon::config_file,
}
diff --git a/puppet/modules/tor/manifests/munin.pp b/puppet/modules/tor/manifests/munin.pp
index 4412337a..2a01175c 100644
--- a/puppet/modules/tor/manifests/munin.pp
+++ b/puppet/modules/tor/manifests/munin.pp
@@ -8,7 +8,7 @@ class tor::munin {
}
Munin::Plugin::Deploy {
- config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051"
+ config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" # lint:ignore:80chars
}
munin::plugin::deploy {
'tor_connections':
diff --git a/puppet/modules/tor/manifests/repo.pp b/puppet/modules/tor/manifests/repo.pp
index f6255995..95492191 100644
--- a/puppet/modules/tor/manifests/repo.pp
+++ b/puppet/modules/tor/manifests/repo.pp
@@ -1,3 +1,4 @@
+# setup repository for tor
class tor::repo (
$ensure = present,
$source_name = 'torproject.org',
@@ -10,7 +11,7 @@ class tor::repo (
class { 'tor::repo::debian': }
}
default: {
- fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu")
+ fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu") # lint:ignore:80chars
}
}
}
diff --git a/puppet/modules/tor/manifests/repo/debian.pp b/puppet/modules/tor/manifests/repo/debian.pp
index 174c3310..81976a2e 100644
--- a/puppet/modules/tor/manifests/repo/debian.pp
+++ b/puppet/modules/tor/manifests/repo/debian.pp
@@ -1,6 +1,6 @@
# PRIVATE CLASS: do not use directly
class tor::repo::debian inherits tor::repo {
- apt::source { $source_name:
+ apt::source { $tor::repo::source_name:
ensure => $::tor::repo::ensure,
location => $::tor::repo::location,
key => $::tor::repo::key,
diff --git a/puppet/modules/tor/templates/torrc.directory.erb b/puppet/modules/tor/templates/torrc.directory.erb
index 1af9f40f..c7dc4ab5 100644
--- a/puppet/modules/tor/templates/torrc.directory.erb
+++ b/puppet/modules/tor/templates/torrc.directory.erb
@@ -1,11 +1,11 @@
# directory listing
-<% if port != '0' -%>
+<% if @port != '0' -%>
DirPort <%= @port %>
<% end -%>
<% listen_addresses.each do |listen_address| -%>
DirListenAddress <%= listen_address %>
<% end -%>
<% if @port_front_page != '' -%>
-DirPortFrontPage <%= port_front_page %>
+DirPortFrontPage <%= @port_front_page %>
<%- end -%>
diff --git a/puppet/modules/tor/templates/torrc.global.erb b/puppet/modules/tor/templates/torrc.global.erb
index f577673d..a02afc8e 100644
--- a/puppet/modules/tor/templates/torrc.global.erb
+++ b/puppet/modules/tor/templates/torrc.global.erb
@@ -12,8 +12,8 @@ Log notice syslog
Log <%= log_rule %>
<% end -%>
<% end -%>
-<%- if @safe_logging != 1 then -%>
-SafeLogging <%= @safe_logging %>
+<%- if (v=scope.lookupvar('tor::daemon::safe_logging')) != '1' then -%>
+SafeLogging <%= v %>
<%- end -%>
<% if (v=scope.lookupvar('tor::daemon::automap_hosts_on_resolve')) != '0' -%>
diff --git a/puppet/modules/tor/templates/torrc.hidden_service.erb b/puppet/modules/tor/templates/torrc.hidden_service.erb
index 4dec0b25..5b6afe1c 100644
--- a/puppet/modules/tor/templates/torrc.hidden_service.erb
+++ b/puppet/modules/tor/templates/torrc.hidden_service.erb
@@ -1,3 +1,9 @@
+<% if @single_hop != false %>
+HiddenServiceSingleHopMode 1
+HiddenServiceNonAnonymousMode 1
+SOCKSPort 0
+<% end %>
+
# hidden service <%= @name %>
HiddenServiceDir <%= @data_dir %>/<%= @name %>
<% @ports.each do |port| -%>
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 21:24:37 +0000