From 4642e8a0780f1eb6ba14fdf1f2966101dab993f7 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:58:17 +0100 Subject: add basic tor service --- puppet/modules/site_tor/manifests/init.pp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 puppet/modules/site_tor/manifests/init.pp (limited to 'puppet/modules/site_tor') diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp new file mode 100644 index 00000000..a854a163 --- /dev/null +++ b/puppet/modules/site_tor/manifests/init.pp @@ -0,0 +1,20 @@ +class site_tor { + tag 'leap_service' + + $tor = hiera('tor') + $bandwidth_rate = $tor['bandwidth_rate'] + + $contact_email = hiera('contact_email') + + class { 'tor::daemon': } + tor::daemon::relay { $::hostname: + port => 9001, + #listen_addresses => '', + contact_info => $contact_email, + bandwidth_rate => $bandwidth_rate, + } + tor::daemon::directory { $::hostname: port => 80 } + + include site_shorewall::tor + +} -- cgit v1.2.3 From c82b7c8a74ea0154ece5686eac43cab90af77b96 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Feb 2013 00:33:07 +0100 Subject: configure exit policies --- puppet/modules/site_tor/manifests/exit_policy.pp | 8 ++++++++ puppet/modules/site_tor/manifests/init.pp | 9 ++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_tor/manifests/exit_policy.pp (limited to 'puppet/modules/site_tor') diff --git a/puppet/modules/site_tor/manifests/exit_policy.pp b/puppet/modules/site_tor/manifests/exit_policy.pp new file mode 100644 index 00000000..f2d2d38f --- /dev/null +++ b/puppet/modules/site_tor/manifests/exit_policy.pp @@ -0,0 +1,8 @@ +class site_tor::exit_policy { + # exaple policy to allow ssh + tor::daemon::exit_policy { 'ssh_exit_policy': + accept => '*:22', + reject => '*:*'; + } +} + diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index a854a163..7c25b0e9 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -3,6 +3,7 @@ class site_tor { $tor = hiera('tor') $bandwidth_rate = $tor['bandwidth_rate'] + $tor_type = $tor['type'] $contact_email = hiera('contact_email') @@ -13,8 +14,14 @@ class site_tor { contact_info => $contact_email, bandwidth_rate => $bandwidth_rate, } - tor::daemon::directory { $::hostname: port => 80 } + + # we configure the directory later + #tor::daemon::directory { $::hostname: port => 80 } include site_shorewall::tor + if ( $tor_type == 'exit' ) { + include site_tor::exit_policy + } + } -- cgit v1.2.3 From 08720568f7c00373560379e44695b881fff18af1 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Feb 2013 11:48:29 +0100 Subject: working tor relay --- puppet/modules/site_tor/manifests/disable_exit.pp | 7 +++++++ puppet/modules/site_tor/manifests/exit_policy.pp | 8 -------- puppet/modules/site_tor/manifests/init.pp | 10 +++++----- 3 files changed, 12 insertions(+), 13 deletions(-) create mode 100644 puppet/modules/site_tor/manifests/disable_exit.pp delete mode 100644 puppet/modules/site_tor/manifests/exit_policy.pp (limited to 'puppet/modules/site_tor') diff --git a/puppet/modules/site_tor/manifests/disable_exit.pp b/puppet/modules/site_tor/manifests/disable_exit.pp new file mode 100644 index 00000000..73016646 --- /dev/null +++ b/puppet/modules/site_tor/manifests/disable_exit.pp @@ -0,0 +1,7 @@ +class site_tor::disable_exit { + tor::daemon::exit_policy { + 'no_exit_at_all': + reject => '*:*'; + } +} + diff --git a/puppet/modules/site_tor/manifests/exit_policy.pp b/puppet/modules/site_tor/manifests/exit_policy.pp deleted file mode 100644 index f2d2d38f..00000000 --- a/puppet/modules/site_tor/manifests/exit_policy.pp +++ /dev/null @@ -1,8 +0,0 @@ -class site_tor::exit_policy { - # exaple policy to allow ssh - tor::daemon::exit_policy { 'ssh_exit_policy': - accept => '*:22', - reject => '*:*'; - } -} - diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 7c25b0e9..654337c7 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -6,22 +6,22 @@ class site_tor { $tor_type = $tor['type'] $contact_email = hiera('contact_email') + $address = hiera('ip_address') class { 'tor::daemon': } tor::daemon::relay { $::hostname: port => 9001, - #listen_addresses => '', + address => $address, contact_info => $contact_email, bandwidth_rate => $bandwidth_rate, } - # we configure the directory later - #tor::daemon::directory { $::hostname: port => 80 } + tor::daemon::directory { $::hostname: port => 80 } include site_shorewall::tor - if ( $tor_type == 'exit' ) { - include site_tor::exit_policy + if ( $tor_type != 'exit' ) { + include site_tor::disable_exit } } -- cgit v1.2.3 From 173b2dc3ecbdab2cacede4e50f6fa3f5daa3c683 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Feb 2013 12:32:02 +0100 Subject: configure tor relay nickname --- puppet/modules/site_tor/manifests/init.pp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_tor') diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 654337c7..dc16f91a 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -1,15 +1,16 @@ class site_tor { tag 'leap_service' - $tor = hiera('tor') + $tor = hiera('tor') $bandwidth_rate = $tor['bandwidth_rate'] - $tor_type = $tor['type'] + $tor_type = $tor['type'] + $nickname = $tor['nickname'] - $contact_email = hiera('contact_email') - $address = hiera('ip_address') + $contact_email = hiera('contact_email') + $address = hiera('ip_address') class { 'tor::daemon': } - tor::daemon::relay { $::hostname: + tor::daemon::relay { $nickname: port => 9001, address => $address, contact_info => $contact_email, -- cgit v1.2.3