| Age | Commit message (Collapse) | Author |
|---|
|
In order to refactor the tor services, we need to split them out into three
different services. This adds the hidden service class that is necessary to
support the previous commits. Fixes #8864.
|
|
Simply disabling exit policies is not enough to disable an exit node, it also
needs to be explicitly disabled. This may change in future versions of tor, but
for now, explicitly adding 'ExitRelay 0' to the configuration is needed. This
fixes #8863.
|
|
The newer version is needed for the single-hop functionality.
|
|
This makes a more clear site_tor::relay class that the leap service
includes, and a more generic site_tor class that other classes can
depend on for setting up the initial install.
|
|
This cuts the number of hops for a tor onion service from 6 to 3,
speeding it up considerably. This removes the anonymity aspect of the
service, so it must be enabled intentionally, knowing that the server's
location no longer is hidden.
|
|
service (Bug #6851)
Also, moved global Exec{} defaults to site.pp
Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
|
|
failed to parse template tor/torrc.exit_policy.erb, undefined method
`each' for "*:*":String
Change-Id: I2b7b444187376dbc2f3cc5095391ae54bf8321b3
|
|
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6
|
|
We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.
If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").
Finally, if it is set to port 80, we don't include the
tor::daemon::directory
Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
|
|
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24
|
|
webapp node (#6336)
Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16
|
|
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174
|
|
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a
static 'family' and instead provide a comma separated list of node tor
nicknames. (#5220)
Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a
|
|
|
|
See leap.se/code/issues/5241
|
|
tor.contacts has been a string, and is now an array of email addresses
this change needed to be adopted also in
stdlib/lib/puppet/parser/functions/obfuscate_email.rb (see #4193).
|
|
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782)
Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
