From c393af8fd5321b8ddf547aed22f833899e56e20e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 24 Apr 2017 12:08:10 -0400 Subject: Lint --- .../modules/site_webapp/manifests/hidden_service.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index d2662b65..81d431cd 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -15,18 +15,18 @@ class site_webapp::hidden_service { file { '/var/lib/tor/webapp/': - ensure => directory, - owner => 'debian-tor', - group => 'debian-tor', - mode => '2700'; + ensure => directory, + owner => 'debian-tor', + group => 'debian-tor', + mode => '2700'; '/var/lib/tor/webapp/private_key': - ensure => present, - source => "/srv/leap/files/nodes/${::hostname}/tor.key", - owner => 'debian-tor', - group => 'debian-tor', - mode => '0600', - notify => Service['tor']; + ensure => present, + source => "/srv/leap/files/nodes/${::hostname}/tor.key", + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600', + notify => Service['tor']; '/var/lib/tor/webapp/hostname': ensure => present, -- cgit v1.2.3 From ada9645de11d75701db8202f34de5c26a2b749c2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 24 Apr 2017 14:38:32 -0400 Subject: Add single-hop hidden service capability. This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden. --- puppet/modules/site_webapp/manifests/hidden_service.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 81d431cd..6651df86 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -11,7 +11,10 @@ class site_webapp::hidden_service { include apache::module::removeip include tor::daemon - tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'webapp': + ports => [ '80 127.0.0.1:80'], + single_hop => $hidden_service['single_hop'] + } file { '/var/lib/tor/webapp/': -- cgit v1.2.3 From 68e9a28da2db4cb494bc19a1aeaa0663cb286414 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 2 May 2017 16:23:20 -0400 Subject: Restructure site_tor to be more clear and re-usable (fixes #8784). This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install. --- puppet/modules/site_webapp/manifests/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 6651df86..3f3f1d0c 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -10,7 +10,7 @@ class site_webapp::hidden_service { include apache::module::expires include apache::module::removeip - include tor::daemon + include site_tor tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'], single_hop => $hidden_service['single_hop'] -- cgit v1.2.3 From 96f8af37b4a3bbd9a15651e27f588073c0601299 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 19 Sep 2017 11:54:27 -0700 Subject: Feat: split tor service into three The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'. --- puppet/modules/site_webapp/manifests/hidden_service.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 3f3f1d0c..658d62f9 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -2,7 +2,7 @@ class site_webapp::hidden_service { $tor = hiera('tor') $hidden_service = $tor['hidden_service'] - $tor_domain = "${hidden_service['address']}.onion" + $onion_domain = "${hidden_service['address']}.onion" include site_apache::common include apache::module::headers @@ -33,7 +33,7 @@ class site_webapp::hidden_service { '/var/lib/tor/webapp/hostname': ensure => present, - content => "${tor_domain}\n", + content => "${onion_domain}\n", owner => 'debian-tor', group => 'debian-tor', mode => '0600', -- cgit v1.2.3 From 5b10def43d134e5735bfcec1237c04cf66e8610b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Sep 2017 15:36:06 -0400 Subject: Feat: Refactor tor services In order to refactor the tor services, we need to split them out into three different services. This adds the hidden service class that is necessary to support the previous commits. Fixes #8864. --- puppet/modules/site_webapp/manifests/hidden_service.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 658d62f9..1f87da6b 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -1,5 +1,7 @@ # Configure tor hidden service for webapp class site_webapp::hidden_service { + Class['site_tor::hidden_service'] -> Class['site_webapp::hidden_service'] + include site_tor::hidden_service $tor = hiera('tor') $hidden_service = $tor['hidden_service'] $onion_domain = "${hidden_service['address']}.onion" @@ -10,7 +12,6 @@ class site_webapp::hidden_service { include apache::module::expires include apache::module::removeip - include site_tor tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'], single_hop => $hidden_service['single_hop'] -- cgit v1.2.3 From 414e36cf11364a9e581eb260b3267078b6cdda44 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 7 Oct 2017 13:50:55 -0400 Subject: feat: add v3 tor hidden service support Resolves: #8879 --- puppet/modules/site_webapp/manifests/hidden_service.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 1f87da6b..290f9665 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -14,7 +14,8 @@ class site_webapp::hidden_service { tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'], - single_hop => $hidden_service['single_hop'] + single_hop => $hidden_service['single_hop'], + v3 => $hidden_service['v3'] } file { -- cgit v1.2.3