puppet/modules/site_tor/manifests/init.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

class site_tor {
  tag 'leap_service'
  Class['site_config::default'] -> Class['site_tor']

  $tor            = hiera('tor')
  $bandwidth_rate = $tor['bandwidth_rate']
  $tor_type       = $tor['type']
  $nickname       = $tor['nickname']
  $contact_emails = join($tor['contacts'],', ')
  $family         = $tor['family']

  $address        = hiera('ip_address')

  $openvpn        = hiera('openvpn', undef)
  if $openvpn {
    $openvpn_ports = $openvpn['ports']
  }
  else {
    $openvpn_ports = []
  }

  include site_config::default
  class { 'tor::daemon': ensure_version => latest }
  tor::daemon::relay { $nickname:
    port           => 9001,
    address        => $address,
    contact_info   => obfuscate_email($contact_emails),
    bandwidth_rate => $bandwidth_rate,
    my_family      => $family
  }

  if ( $tor_type == 'exit'){
    # Only enable the daemon directory if the node isn't also a webapp node
    # or running openvpn on port 80
    if ! member($::services, 'webapp') and ! member($openvpn_ports, '80') {
      tor::daemon::directory { $::hostname: port => 80 }
    }
  }
  else {
    include site_tor::disable_exit
  }

  include site_shorewall::tor

}