From d3e24760b33d6ae20f153d3c144d7d443fb0b69e Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 29 Oct 2014 15:20:54 -0700
Subject: added webapp.forbidden_usernames property to allow configuration of
 usernames to block.

---
 puppet/modules/site_webapp/templates/config.yml.erb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'puppet/modules/site_webapp')

diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 9205438b..0c75f3ca 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -19,6 +19,7 @@ production:
   default_service_level: "<%= @webapp['default_service_level'] %>"
   service_levels: <%= @webapp['service_levels'].to_json %>
   allow_registration: <%= @webapp['allow_registration'].inspect %>
+  handle_blacklist: <%= @webapp['forbidden_usernames'].inspect %>
 <%- if @webapp['engines'] && @webapp['engines'].any? -%>
   engines:
 <%-   @webapp['engines'].each do |engine| -%>
-- 
cgit v1.2.3


From 16c985a1b8e692c0e0f76a30b7ec052c9dc269bd Mon Sep 17 00:00:00 2001
From: guido <guido@bruo.org>
Date: Tue, 28 Oct 2014 21:03:52 -0300
Subject: Adds support for Tor hidden service on webapp (Feature #6273)

Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
---
 .../site_webapp/manifests/hidden_service.pp        | 43 ++++++++++++++++++++++
 puppet/modules/site_webapp/manifests/init.pp       |  6 +++
 2 files changed, 49 insertions(+)
 create mode 100644 puppet/modules/site_webapp/manifests/hidden_service.pp

(limited to 'puppet/modules/site_webapp')

diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
new file mode 100644
index 00000000..ac0e8a37
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -0,0 +1,43 @@
+class site_webapp::hidden_service {
+  $tor              = hiera('tor')
+  $hidden_service   = $tor['hidden_service']
+  $tor_domain       = "${hidden_service['address']}.onion"
+
+  include site_apache::common
+  include site_apache::module::headers
+  include site_apache::module::alias
+  include site_apache::module::expires
+  include site_apache::module::removeip
+
+  include tor::daemon
+  tor::daemon::hidden_service { 'webapp': ports => '80 127.0.0.1:80' }
+
+  file {
+    '/var/lib/tor/webapp/':
+      ensure  => directory,
+      owner   => 'debian-tor',
+      group   => 'debian-tor',
+      mode    => '2700';
+
+    '/var/lib/tor/webapp/private_key':
+      ensure  => present,
+      source  => '/srv/leap/files/nodes/web/tor.key',
+      owner   => 'debian-tor',
+      group   => 'debian-tor',
+      mode    => '0600';
+
+    '/var/lib/tor/webapp/hostname':
+      ensure  => present,
+      content => $tor_domain,
+      owner   => 'debian-tor',
+      group   => 'debian-tor',
+      mode    => '0600';
+  }
+
+  apache::vhost::file {
+    'hidden_service':
+      content => template('site_apache/vhosts.d/hidden_service.conf.erb')
+  }
+
+  include site_shorewall::tor
+}
\ No newline at end of file
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 17b010f3..12c69a39 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -10,6 +10,8 @@ class site_webapp {
   $webapp           = hiera('webapp')
   $api_version      = $webapp['api_version']
   $secret_token     = $webapp['secret_token']
+  $tor              = hiera('tor')
+  $hidden_service   = $tor['hidden_service']
 
   Class['site_config::default'] -> Class['site_webapp']
 
@@ -157,6 +159,10 @@ class site_webapp {
       notify  => Service['apache'];
   }
 
+  if $hidden_service['active'] {
+    include site_webapp::hidden_service
+  }
+
   include site_shorewall::webapp
   include site_check_mk::agent::webapp
 }
-- 
cgit v1.2.3


From 3ec9b173c092f1b582285c3e3573259d289c400e Mon Sep 17 00:00:00 2001
From: guido <guido@bruo.org>
Date: Thu, 6 Nov 2014 12:45:32 -0300
Subject: Better check for tor hidden service on a webapp node.

Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
---
 puppet/modules/site_webapp/manifests/init.pp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'puppet/modules/site_webapp')

diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 12c69a39..752993c1 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -10,8 +10,7 @@ class site_webapp {
   $webapp           = hiera('webapp')
   $api_version      = $webapp['api_version']
   $secret_token     = $webapp['secret_token']
-  $tor              = hiera('tor')
-  $hidden_service   = $tor['hidden_service']
+  $tor              = hiera('tor', false)
 
   Class['site_config::default'] -> Class['site_webapp']
 
@@ -159,8 +158,11 @@ class site_webapp {
       notify  => Service['apache'];
   }
 
-  if $hidden_service['active'] {
-    include site_webapp::hidden_service
+  if $tor {
+    $hidden_service = $tor['hidden_service']
+    if $hidden_service['active'] {
+      include site_webapp::hidden_service
+    }
   }
 
   include site_shorewall::webapp
-- 
cgit v1.2.3