From 16c985a1b8e692c0e0f76a30b7ec052c9dc269bd Mon Sep 17 00:00:00 2001 From: guido Date: Tue, 28 Oct 2014 21:03:52 -0300 Subject: Adds support for Tor hidden service on webapp (Feature #6273) Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5 --- .../site_webapp/manifests/hidden_service.pp | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/hidden_service.pp (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp new file mode 100644 index 00000000..ac0e8a37 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -0,0 +1,43 @@ +class site_webapp::hidden_service { + $tor = hiera('tor') + $hidden_service = $tor['hidden_service'] + $tor_domain = "${hidden_service['address']}.onion" + + include site_apache::common + include site_apache::module::headers + include site_apache::module::alias + include site_apache::module::expires + include site_apache::module::removeip + + include tor::daemon + tor::daemon::hidden_service { 'webapp': ports => '80 127.0.0.1:80' } + + file { + '/var/lib/tor/webapp/': + ensure => directory, + owner => 'debian-tor', + group => 'debian-tor', + mode => '2700'; + + '/var/lib/tor/webapp/private_key': + ensure => present, + source => '/srv/leap/files/nodes/web/tor.key', + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600'; + + '/var/lib/tor/webapp/hostname': + ensure => present, + content => $tor_domain, + owner => 'debian-tor', + group => 'debian-tor', + mode => '0600'; + } + + apache::vhost::file { + 'hidden_service': + content => template('site_apache/vhosts.d/hidden_service.conf.erb') + } + + include site_shorewall::tor +} \ No newline at end of file -- cgit v1.2.3 From 172ad4bc7dd5b82629bfa776ec4164f902569fdb Mon Sep 17 00:00:00 2001 From: guido Date: Tue, 2 Dec 2014 11:40:04 -0300 Subject: Use $hostname to locate tor.key. Fixes #6478 Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d --- puppet/modules/site_webapp/manifests/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index ac0e8a37..16b6e2e7 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -21,7 +21,7 @@ class site_webapp::hidden_service { '/var/lib/tor/webapp/private_key': ensure => present, - source => '/srv/leap/files/nodes/web/tor.key', + source => "/srv/leap/files/nodes/${::hostname}/tor.key", owner => 'debian-tor', group => 'debian-tor', mode => '0600'; -- cgit v1.2.3