diff options
| author | mh <mh@immerda.ch> | 2016-11-04 18:52:39 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2016-11-04 18:52:39 +0100 |
| commit | d91d70dd378a4a91c740b03b0852432ef128b24a (patch) | |
| tree | 35f503702086f85a96bfd5fca73d70c701323908 /manifests/daemon/onion_service.pp | |
| parent | bf16597ec2c0ad155527742fe07e655f555d7f62 (diff) | |
store key & hostname
Diffstat (limited to 'manifests/daemon/onion_service.pp')
| -rw-r--r-- | manifests/daemon/onion_service.pp | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp new file mode 100644 index 0000000..2625521 --- /dev/null +++ b/manifests/daemon/onion_service.pp @@ -0,0 +1,56 @@ +# onion services definition +define tor::daemon::onion_service( + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + ensure => $ensure, + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } +} + |