diff options
| author | mh <mh@immerda.ch> | 2016-11-01 21:29:31 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2016-11-01 21:29:31 +0100 |
| commit | 914df896d915cea5acade2732526d3bbc75b176d (patch) | |
| tree | a4fb70a7ad0664026b267cd8fb67168319f00c2f /manifests/daemon/hidden_service.pp | |
| parent | 720c1670750345e8c361219a58c2722a603e26bb (diff) | |
make it possible to also add pregenerated private keys for onion services or even let them pregenerate on the fly
Diffstat (limited to 'manifests/daemon/hidden_service.pp')
| -rw-r--r-- | manifests/daemon/hidden_service.pp | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index cf316b5..895fc53 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -1,14 +1,56 @@ # hidden services definition define tor::daemon::hidden_service( - $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), order => '05', target => $tor::daemon::config_file, } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => $tor::daemon::params::data_dir_mode, + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } } |