From 180f32512a4c47444ea9e4f36d7376a894a83a4b Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Sat, 8 Nov 2014 00:44:30 -0500
Subject: Don't configure the tor DirPort options if the node is not an exit
 (#6335)

Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174
---
 puppet/modules/site_tor/manifests/init.pp | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'puppet/modules/site_tor/manifests/init.pp')

diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index e62cb12d..58f9e971 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -24,10 +24,6 @@ class site_tor {
     tor::daemon::directory { $::hostname: port => 80 }
   }
   else {
-    tor::daemon::directory { $::hostname:
-      port            => 80,
-      port_front_page => '';
-    }
     include site_tor::disable_exit
   }
 
-- 
cgit v1.2.3


From fe23f66f0cff5af71c10aeefdbb0b1131d871219 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Sat, 8 Nov 2014 00:45:14 -0500
Subject: Only enable the tor DirPort options on an exit if the node isn't also
 a webapp node (#6336)

Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16
---
 puppet/modules/site_tor/manifests/init.pp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'puppet/modules/site_tor/manifests/init.pp')

diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index 58f9e971..8f68a4e4 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -21,7 +21,10 @@ class site_tor {
   }
 
   if ( $tor_type == 'exit'){
-    tor::daemon::directory { $::hostname: port => 80 }
+    # Only enable the daemon directory if the node isn't also a webapp node
+    if ! member($::services, 'webapp') {
+      tor::daemon::directory { $::hostname: port => 80 }
+    }
   }
   else {
     include site_tor::disable_exit
-- 
cgit v1.2.3


From 51d581583ca354232f6ccbfb771c1cad00ec2db3 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Sat, 8 Nov 2014 00:46:00 -0500
Subject: minor linting, arrow lining up

Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24
---
 puppet/modules/site_tor/manifests/init.pp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'puppet/modules/site_tor/manifests/init.pp')

diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index 8f68a4e4..9944bb2b 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -13,11 +13,11 @@ class site_tor {
 
   class { 'tor::daemon': }
   tor::daemon::relay { $nickname:
-    port             => 9001,
-    address          => $address,
-    contact_info     => obfuscate_email($contact_emails),
-    bandwidth_rate   => $bandwidth_rate,
-    my_family        => $family
+    port           => 9001,
+    address        => $address,
+    contact_info   => obfuscate_email($contact_emails),
+    bandwidth_rate => $bandwidth_rate,
+    my_family      => $family
   }
 
   if ( $tor_type == 'exit'){
-- 
cgit v1.2.3


From 7521958cc6c210d65009aa87c6c7297fd9be3dd2 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Sat, 15 Nov 2014 13:36:51 -0500
Subject: don't enable Tor DirPort if openvpn is running on port 80 (Bug #6377)

We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.

If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").

Finally, if it is set to port 80, we don't include the
tor::daemon::directory

Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
---
 puppet/modules/site_tor/manifests/init.pp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'puppet/modules/site_tor/manifests/init.pp')

diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index 9944bb2b..d14e813d 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -11,6 +11,14 @@ class site_tor {
 
   $address        = hiera('ip_address')
 
+  $openvpn        = hiera('openvpn', undef)
+  if $openvpn {
+    $openvpn_ports = $openvpn['ports']
+  }
+  else {
+    $openvpn_ports = []
+  }
+  
   class { 'tor::daemon': }
   tor::daemon::relay { $nickname:
     port           => 9001,
@@ -22,7 +30,8 @@ class site_tor {
 
   if ( $tor_type == 'exit'){
     # Only enable the daemon directory if the node isn't also a webapp node
-    if ! member($::services, 'webapp') {
+    # or running openvpn on port 80
+    if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') {
       tor::daemon::directory { $::hostname: port => 80 }
     }
   }
-- 
cgit v1.2.3