From fc78e094919257f523707ec02d897505d7107699 Mon Sep 17 00:00:00 2001
From: Micah <micah@leap.se>
Date: Thu, 23 Jun 2016 12:08:54 -0400
Subject: Make static tor hidden services work (#8212).

When tor hidden services were enabled for static sites, only a very
basic configuration was setup and it didn't take into account the
different location configurations that can be configured for a
static site.

This commit resolves that by making a site_static::hidden_service class
similar to the site_webapp::hidden_service class, and fixes up the
apache vhost template to properly create the location blocks for the
hidden service vhost.

Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a
---
 puppet/modules/site_static/manifests/init.pp | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'puppet/modules/site_static/manifests/init.pp')

diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 4a722d62..5b432f29 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -7,11 +7,14 @@ class site_static {
   include site_config::x509::key
   include site_config::x509::ca_bundle
 
-  $static        = hiera('static')
-  $domains       = $static['domains']
-  $formats       = $static['formats']
-  $bootstrap     = $static['bootstrap_files']
-  $tor           = hiera('tor', false)
+  $static         = hiera('static')
+  $domains        = $static['domains']
+  $formats        = $static['formats']
+  $bootstrap      = $static['bootstrap_files']
+
+  $tor            = hiera('tor', false)
+  $hidden_service = $tor['hidden_service']
+  $tor_domain     = "${hidden_service['address']}.onion"
 
   if $bootstrap['enabled'] {
     $bootstrap_domain  = $bootstrap['domain']
@@ -57,15 +60,14 @@ class site_static {
     }
   }
 
-  create_resources(site_static::domain, $domains)
-
   if $tor {
-    $hidden_service = $tor['hidden_service']
     if $hidden_service['active'] {
-      include site_webapp::hidden_service
+      include site_static::hidden_service
     }
   }
 
+  create_resources(site_static::domain, $domains)
+
   include site_shorewall::defaults
   include site_shorewall::service::http
   include site_shorewall::service::https
-- 
cgit v1.2.3