From 97c5451b0f8b63b4884a9560c0a796f931d059e3 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 10:56:38 +0100 Subject: added submodule tor --- puppet/modules/tor | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/tor (limited to 'puppet') diff --git a/puppet/modules/tor b/puppet/modules/tor new file mode 160000 index 00000000..a780e840 --- /dev/null +++ b/puppet/modules/tor @@ -0,0 +1 @@ +Subproject commit a780e84001177f10a86a7bf824589c0553f513a0 -- cgit v1.2.3 From ab25692d3b8aaf3e71ec3546d1ea9d85f26f7b63 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 18:11:21 +0100 Subject: Restructuring site_shorewall site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns. --- .../modules/site_shorewall/manifests/defaults.pp | 59 +++++++++++++++--- puppet/modules/site_shorewall/manifests/eip.pp | 71 +++------------------- .../modules/site_shorewall/manifests/ip_forward.pp | 10 +++ puppet/modules/site_shorewall/manifests/sshd.pp | 23 +++++++ 4 files changed, 92 insertions(+), 71 deletions(-) create mode 100644 puppet/modules/site_shorewall/manifests/ip_forward.pp create mode 100644 puppet/modules/site_shorewall/manifests/sshd.pp (limited to 'puppet') diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index d5f60ec6..7992406b 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -1,6 +1,17 @@ class site_shorewall::defaults { include shorewall + # be safe for development + #if ( $::virtual == 'virtualbox') { $shorewall_startup='0' } + + $ip_address = hiera('ip_address') + # a special case for vagrant interfaces + $interface = $::virtual ? { + virtualbox => [ 'eth0', 'eth1' ], + default => getvar("interface_${ip_address}") + } + + # If you want logging: shorewall::params { 'LOG': value => 'debug'; @@ -8,14 +19,48 @@ class site_shorewall::defaults { shorewall::zone {'net': type => 'ipv4'; } - include augeas - augeas { 'enable_ip_forwarding': - changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service[shorewall], - require => Class[augeas]; + # define interfaces + shorewall::interface { $interface: + zone => 'net', + options => 'tcpflags,blacklist,nosmurfs'; + } + + shorewall::routestopped { $interface: } + + shorewall::policy { + 'all-to-all': + sourcezone => 'all', + destinationzone => 'all', + policy => 'DROP', + order => 200; + } + + shorewall::rule { + # ping party + 'all2all-ping': + source => 'all', + destination => 'all', + action => 'Ping(ACCEPT)', + order => 200; + + # server to outside + 'fw2all-http': + source => '$FW', + destination => 'all', + action => 'HTTP(ACCEPT)', + order => 200; + 'fw2all-DNS': + source => '$FW', + destination => 'all', + action => 'DNS(ACCEPT)', + order => 200; + 'fw2all-git': + source => '$FW', + destination => 'all', + action => 'Git(ACCEPT)', + order => 200; } + include site_shorewall::sshd } diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index de81aa1d..a6209327 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -1,35 +1,21 @@ class site_shorewall::eip { - # be safe for development - #if ( $::virtual == 'virtualbox') { $shorewall_startup='0' } - include site_shorewall::defaults + include site_shorewall::ip_forward - $ip_address = hiera('ip_address') - # a special case for vagrant interfaces - $interface = $::virtual ? { - virtualbox => [ 'eth0', 'eth1' ], - default => getvar("interface_${ip_address}") - } - $ssh_config = hiera('ssh') - $ssh_port = $ssh_config['port'] $openvpn_config = hiera('openvpn') $openvpn_ports = $openvpn_config['ports'] $openvpn_gateway_address = $site_openvpn::openvpn_gateway_address # define macro for incoming services file { '/etc/shorewall/macro.leap_eip': - content => "PARAM - - tcp 1194,$ssh_port + content => "PARAM - - tcp 1194 PARAM - - udp 1194 -", } - - - # define interfaces - shorewall::interface { $interface: - zone => 'net', - options => 'tcpflags,blacklist,nosmurfs'; +", + notify => Service['shorewall'] } + shorewall::interface { 'tun0': zone => 'eip', @@ -40,11 +26,9 @@ PARAM - - udp 1194 } - shorewall::zone {'eip': + shorewall::zone {'eip': type => 'ipv4'; } - shorewall::routestopped { $interface: } - case $::virtual { 'virtualbox': { shorewall::masq { @@ -56,6 +40,7 @@ PARAM - - udp 1194 source => "${site_openvpn::openvpn_udp_network_prefix}.0/${site_openvpn::openvpn_udp_cidr}"; } } default: { + $interface = $site_shorewall::defaults::interface shorewall::masq { "${interface}_tcp": interface => $interface, @@ -78,56 +63,14 @@ PARAM - - udp 1194 destinationzone => 'all', policy => 'ACCEPT', order => 100; - 'all-to-all': - sourcezone => 'all', - destinationzone => 'all', - policy => 'DROP', - order => 200; } shorewall::rule { - # ping party - 'all2all-ping': - source => 'all', - destination => 'all', - action => 'Ping(ACCEPT)', - order => 200; - - # outside to server - 'net2fw-ssh': - source => 'net', - destination => '$FW', - action => 'SSH(ACCEPT)', - order => 200; 'net2fw-openvpn': source => 'net', destination => '$FW', action => 'leap_eip(ACCEPT)', order => 200; - - # server to outside - 'fw2all-http': - source => '$FW', - destination => 'all', - action => 'HTTP(ACCEPT)', - order => 200; - 'fw2all-DNS': - source => '$FW', - destination => 'all', - action => 'DNS(ACCEPT)', - order => 200; - 'fw2all-git': - source => '$FW', - destination => 'all', - action => 'Git(ACCEPT)', - order => 200; - - # Webfrontend is running on another server - #'eip2fw-https': - # source => 'eip', - # destination => '$FW', - # action => 'HTTPS(ACCEPT)', - # order => 200; } # create dnat rule for each port diff --git a/puppet/modules/site_shorewall/manifests/ip_forward.pp b/puppet/modules/site_shorewall/manifests/ip_forward.pp new file mode 100644 index 00000000..d09d4fd1 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/ip_forward.pp @@ -0,0 +1,10 @@ +class site_shorewall::ip_forward { + include augeas + augeas { 'enable_ip_forwarding': + changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Service[shorewall], + require => Class[augeas]; + } +} diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp new file mode 100644 index 00000000..2cf4fd56 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/sshd.pp @@ -0,0 +1,23 @@ +class site_shorewall::sshd { + + $ssh_config = hiera('ssh') + $ssh_port = $ssh_config['port'] + + include shorewall + + # define macro for incoming sshd + file { '/etc/shorewall/macro.leap_sshd': + content => "PARAM - - tcp $ssh_port", + notify => Service['shorewall'] + } + + + shorewall::rule { + # outside to server + 'net2fw-ssh': + source => 'net', + destination => '$FW', + action => 'leap_sshd(ACCEPT)', + order => 200; + } +} -- cgit v1.2.3 From 07afa7bd4c7dcb941e3984d4fccc1169baf03448 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:33:51 +0100 Subject: allow all outgoing traffic --- .../modules/site_shorewall/manifests/defaults.pp | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index 7992406b..d5639a90 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -29,6 +29,11 @@ class site_shorewall::defaults { shorewall::routestopped { $interface: } shorewall::policy { + 'fw-to-all': + sourcezone => 'fw', + destinationzone => 'all', + policy => 'ACCEPT', + order => 100; 'all-to-all': sourcezone => 'all', destinationzone => 'all', @@ -43,23 +48,6 @@ class site_shorewall::defaults { destination => 'all', action => 'Ping(ACCEPT)', order => 200; - - # server to outside - 'fw2all-http': - source => '$FW', - destination => 'all', - action => 'HTTP(ACCEPT)', - order => 200; - 'fw2all-DNS': - source => '$FW', - destination => 'all', - action => 'DNS(ACCEPT)', - order => 200; - 'fw2all-git': - source => '$FW', - destination => 'all', - action => 'Git(ACCEPT)', - order => 200; } include site_shorewall::sshd -- cgit v1.2.3 From 18a2f385ff1f56f493db5302f5ae51173a65cd86 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:34:29 +0100 Subject: configure shorewall for couchdb, tor, webapp --- puppet/modules/site_shorewall/manifests/couchdb.pp | 22 +++++++++++++++++++++ puppet/modules/site_shorewall/manifests/tor.pp | 23 ++++++++++++++++++++++ puppet/modules/site_shorewall/manifests/webapp.pp | 13 ++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 puppet/modules/site_shorewall/manifests/couchdb.pp create mode 100644 puppet/modules/site_shorewall/manifests/tor.pp create mode 100644 puppet/modules/site_shorewall/manifests/webapp.pp (limited to 'puppet') diff --git a/puppet/modules/site_shorewall/manifests/couchdb.pp b/puppet/modules/site_shorewall/manifests/couchdb.pp new file mode 100644 index 00000000..1b7f791d --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/couchdb.pp @@ -0,0 +1,22 @@ +class site_shorewall::couchdb { + + include site_shorewall::defaults + + $couchdb_port = '6984' + + # define macro for incoming services + file { '/etc/shorewall/macro.leap_couchdb': + content => "PARAM - - tcp $couchdb_port", + notify => Service['shorewall'] + } + + + shorewall::rule { + 'net2fw-couchdb': + source => 'net', + destination => '$FW', + action => 'leap_couchdb(ACCEPT)', + order => 200; + } + +} diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp new file mode 100644 index 00000000..d04adeac --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -0,0 +1,23 @@ +class site_shorewall::tor { + + include site_shorewall::defaults + include site_shorewall::ip_forward + + $tor_port = '9001' + + # define macro for incoming services + file { '/etc/shorewall/macro.leap_tor': + content => "PARAM - - tcp $tor_port ", + notify => Service['shorewall'] + } + + + shorewall::rule { + 'net2fw-tor': + source => 'net', + destination => '$FW', + action => 'leap_tor(ACCEPT)', + order => 200; + } + +} diff --git a/puppet/modules/site_shorewall/manifests/webapp.pp b/puppet/modules/site_shorewall/manifests/webapp.pp new file mode 100644 index 00000000..ff9b7646 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/webapp.pp @@ -0,0 +1,13 @@ +class site_shorewall::webapp { + + include site_shorewall::defaults + + shorewall::rule { + 'net2fw-https': + source => 'net', + destination => '$FW', + action => 'HTTPS(ACCEPT)', + order => 200; + } + +} -- cgit v1.2.3 From 726a652b31ef6c1c2b4b93ec38398d70ba496f8c Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:35:25 +0100 Subject: site_config::default : include site_shorewall::defaults --- puppet/modules/site_config/manifests/default.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index c65c0799..2191e9a1 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -30,4 +30,7 @@ class site_config::default { package { [ 'etckeeper' ]: ensure => installed, } + + # include basic shorewall config + include site_shorewall::defaults } -- cgit v1.2.3 From 68b6e843aa852cdb71fdec4f741150e4daddaac9 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:36:24 +0100 Subject: include shorewall config for webapp and couchdb --- puppet/modules/site_couchdb/manifests/init.pp | 2 ++ puppet/modules/site_webapp/manifests/init.pp | 2 ++ 2 files changed, 4 insertions(+) (limited to 'puppet') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 1789dd55..9ecde5e6 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -59,4 +59,6 @@ class site_couchdb { couchdb::create_db { 'client_certificates': readers => "{ \"names\": [], \"roles\": [\"certs\"] }" } + + include site_shorewall::couchdb } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ff5a3611..f0d6c90a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -112,4 +112,6 @@ class site_webapp { mode => '0600'; } + include site_shorewall::webapp + } -- cgit v1.2.3 From 0f47539146baa793a17739ede0137312d333bb9e Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:37:32 +0100 Subject: nagios: don't check openvpn, check cmd doesn't work --- puppet/modules/site_nagios/manifests/add_service.pp | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_nagios/manifests/add_service.pp b/puppet/modules/site_nagios/manifests/add_service.pp index 280cb010..6ef3cbf5 100644 --- a/puppet/modules/site_nagios/manifests/add_service.pp +++ b/puppet/modules/site_nagios/manifests/add_service.pp @@ -2,14 +2,9 @@ define site_nagios::add_service ( $hostname, $ip_address, $openvpn_gw = '', $service) { case $service { - # don't deploy until we fix 1546 - 'openvpn': { - $check_command = "check_openvpn_server_ip_port!$openvpn_gw!1194" - $service_description = 'Openvpn' - } 'webapp': { - $check_command = 'check_https' - $service_description = 'Website' + $check_command = 'check_https_cert' + $service_description = 'Website Certificate' } default: { #notice ("No Nagios service check for service \"$service\"") -- cgit v1.2.3 From 4642e8a0780f1eb6ba14fdf1f2966101dab993f7 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:58:17 +0100 Subject: add basic tor service --- puppet/manifests/site.pp | 4 ++++ puppet/modules/site_tor/manifests/init.pp | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 puppet/modules/site_tor/manifests/init.pp (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 53b452d1..1ec806d9 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -33,3 +33,7 @@ if 'ca' in $services { if 'monitor' in $services { include site_nagios } + +if 'tor' in $services { + include site_tor +} diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp new file mode 100644 index 00000000..a854a163 --- /dev/null +++ b/puppet/modules/site_tor/manifests/init.pp @@ -0,0 +1,20 @@ +class site_tor { + tag 'leap_service' + + $tor = hiera('tor') + $bandwidth_rate = $tor['bandwidth_rate'] + + $contact_email = hiera('contact_email') + + class { 'tor::daemon': } + tor::daemon::relay { $::hostname: + port => 9001, + #listen_addresses => '', + contact_info => $contact_email, + bandwidth_rate => $bandwidth_rate, + } + tor::daemon::directory { $::hostname: port => 80 } + + include site_shorewall::tor + +} -- cgit v1.2.3 From 27094aa7aa3abf7f8dc0148a8a76ed3fdbf34add Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:58:43 +0100 Subject: allow port 80 to tor server --- puppet/modules/site_shorewall/manifests/tor.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet') diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index d04adeac..a72d9dfc 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -18,6 +18,11 @@ class site_shorewall::tor { destination => '$FW', action => 'leap_tor(ACCEPT)', order => 200; + 'net2fw-http': + source => 'net', + destination => '$FW', + action => 'HTTP(ACCEPT)', + order => 200; } } -- cgit v1.2.3 From dbdbb33ce52cf04798763d488e63acc5a26980f9 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:59:17 +0100 Subject: allow outgoing traffic moved to site_shorewall::defaults --- puppet/modules/site_shorewall/manifests/eip.pp | 5 ----- 1 file changed, 5 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index a6209327..4e5a5d48 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -58,11 +58,6 @@ PARAM - - udp 1194 destinationzone => 'all', policy => 'ACCEPT', order => 100; - 'fw-to-all': - sourcezone => '$FW', - destinationzone => 'all', - policy => 'ACCEPT', - order => 100; } shorewall::rule { -- cgit v1.2.3 From c82b7c8a74ea0154ece5686eac43cab90af77b96 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Feb 2013 00:33:07 +0100 Subject: configure exit policies --- puppet/modules/site_tor/manifests/exit_policy.pp | 8 ++++++++ puppet/modules/site_tor/manifests/init.pp | 9 ++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_tor/manifests/exit_policy.pp (limited to 'puppet') diff --git a/puppet/modules/site_tor/manifests/exit_policy.pp b/puppet/modules/site_tor/manifests/exit_policy.pp new file mode 100644 index 00000000..f2d2d38f --- /dev/null +++ b/puppet/modules/site_tor/manifests/exit_policy.pp @@ -0,0 +1,8 @@ +class site_tor::exit_policy { + # exaple policy to allow ssh + tor::daemon::exit_policy { 'ssh_exit_policy': + accept => '*:22', + reject => '*:*'; + } +} + diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index a854a163..7c25b0e9 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -3,6 +3,7 @@ class site_tor { $tor = hiera('tor') $bandwidth_rate = $tor['bandwidth_rate'] + $tor_type = $tor['type'] $contact_email = hiera('contact_email') @@ -13,8 +14,14 @@ class site_tor { contact_info => $contact_email, bandwidth_rate => $bandwidth_rate, } - tor::daemon::directory { $::hostname: port => 80 } + + # we configure the directory later + #tor::daemon::directory { $::hostname: port => 80 } include site_shorewall::tor + if ( $tor_type == 'exit' ) { + include site_tor::exit_policy + } + } -- cgit v1.2.3 From 08720568f7c00373560379e44695b881fff18af1 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Feb 2013 11:48:29 +0100 Subject: working tor relay --- puppet/modules/site_tor/manifests/disable_exit.pp | 7 +++++++ puppet/modules/site_tor/manifests/exit_policy.pp | 8 -------- puppet/modules/site_tor/manifests/init.pp | 10 +++++----- 3 files changed, 12 insertions(+), 13 deletions(-) create mode 100644 puppet/modules/site_tor/manifests/disable_exit.pp delete mode 100644 puppet/modules/site_tor/manifests/exit_policy.pp (limited to 'puppet') diff --git a/puppet/modules/site_tor/manifests/disable_exit.pp b/puppet/modules/site_tor/manifests/disable_exit.pp new file mode 100644 index 00000000..73016646 --- /dev/null +++ b/puppet/modules/site_tor/manifests/disable_exit.pp @@ -0,0 +1,7 @@ +class site_tor::disable_exit { + tor::daemon::exit_policy { + 'no_exit_at_all': + reject => '*:*'; + } +} + diff --git a/puppet/modules/site_tor/manifests/exit_policy.pp b/puppet/modules/site_tor/manifests/exit_policy.pp deleted file mode 100644 index f2d2d38f..00000000 --- a/puppet/modules/site_tor/manifests/exit_policy.pp +++ /dev/null @@ -1,8 +0,0 @@ -class site_tor::exit_policy { - # exaple policy to allow ssh - tor::daemon::exit_policy { 'ssh_exit_policy': - accept => '*:22', - reject => '*:*'; - } -} - diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 7c25b0e9..654337c7 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -6,22 +6,22 @@ class site_tor { $tor_type = $tor['type'] $contact_email = hiera('contact_email') + $address = hiera('ip_address') class { 'tor::daemon': } tor::daemon::relay { $::hostname: port => 9001, - #listen_addresses => '', + address => $address, contact_info => $contact_email, bandwidth_rate => $bandwidth_rate, } - # we configure the directory later - #tor::daemon::directory { $::hostname: port => 80 } + tor::daemon::directory { $::hostname: port => 80 } include site_shorewall::tor - if ( $tor_type == 'exit' ) { - include site_tor::exit_policy + if ( $tor_type != 'exit' ) { + include site_tor::disable_exit } } -- cgit v1.2.3 From 173b2dc3ecbdab2cacede4e50f6fa3f5daa3c683 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Feb 2013 12:32:02 +0100 Subject: configure tor relay nickname --- puppet/modules/site_tor/manifests/init.pp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 654337c7..dc16f91a 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -1,15 +1,16 @@ class site_tor { tag 'leap_service' - $tor = hiera('tor') + $tor = hiera('tor') $bandwidth_rate = $tor['bandwidth_rate'] - $tor_type = $tor['type'] + $tor_type = $tor['type'] + $nickname = $tor['nickname'] - $contact_email = hiera('contact_email') - $address = hiera('ip_address') + $contact_email = hiera('contact_email') + $address = hiera('ip_address') class { 'tor::daemon': } - tor::daemon::relay { $::hostname: + tor::daemon::relay { $nickname: port => 9001, address => $address, contact_info => $contact_email, -- cgit v1.2.3