diff options
author | Louis-Philippe VĂ©ronneau <pollito@riseup.net> | 2018-03-06 17:29:54 +0000 |
---|---|---|
committer | Louis-Philippe VĂ©ronneau <pollito@riseup.net> | 2018-03-06 17:29:54 +0000 |
commit | 7c40929d8a2a9438ccd883e9d856d526b852da8c (patch) | |
tree | d8529a383482db6cd716c16074e6b798c1069e7b /manifests | |
parent | 228ae4a53999dbc49fa7c4d2883468dde10f19fb (diff) | |
parent | 6ebebe3ab04e8ba3d4b651e49012646046642160 (diff) |
Merge branch 'immerda-merge' into 'master'
Immerda merge
Closes #2
See merge request shared-puppet-modules-group/tor!19
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/arm.pp | 4 | ||||
-rw-r--r-- | manifests/base.pp | 10 | ||||
-rw-r--r-- | manifests/compact.pp | 4 | ||||
-rw-r--r-- | manifests/daemon.pp | 10 | ||||
-rw-r--r-- | manifests/daemon/base.pp | 66 | ||||
-rw-r--r-- | manifests/daemon/bridge.pp | 15 | ||||
-rw-r--r-- | manifests/daemon/control.pp | 20 | ||||
-rw-r--r-- | manifests/daemon/directory.pp | 20 | ||||
-rw-r--r-- | manifests/daemon/dns.pp | 15 | ||||
-rw-r--r-- | manifests/daemon/exit_policy.pp | 15 | ||||
-rw-r--r-- | manifests/daemon/hidden_service.pp | 23 | ||||
-rw-r--r-- | manifests/daemon/map_address.pp | 15 | ||||
-rw-r--r-- | manifests/daemon/onion_service.pp | 65 | ||||
-rw-r--r-- | manifests/daemon/params.pp | 19 | ||||
-rw-r--r-- | manifests/daemon/relay.pp | 25 | ||||
-rw-r--r-- | manifests/daemon/snippet.pp | 14 | ||||
-rw-r--r-- | manifests/daemon/socks.pp | 17 | ||||
-rw-r--r-- | manifests/daemon/transparent.pp | 13 | ||||
-rw-r--r-- | manifests/daemon/transport_plugin.pp | 15 | ||||
-rw-r--r-- | manifests/init.pp | 2 | ||||
-rw-r--r-- | manifests/munin.pp | 10 | ||||
-rw-r--r-- | manifests/onionbalance.pp | 82 | ||||
-rw-r--r-- | manifests/onionbalance/key.pp | 25 | ||||
-rw-r--r-- | manifests/onionbalance/keys.pp | 11 | ||||
-rw-r--r-- | manifests/repo.pp | 5 | ||||
-rw-r--r-- | manifests/torsocks.pp | 6 |
26 files changed, 377 insertions, 149 deletions
diff --git a/manifests/arm.pp b/manifests/arm.pp index 44ddcbb..dfea7c8 100644 --- a/manifests/arm.pp +++ b/manifests/arm.pp @@ -1,9 +1,9 @@ # manage tor-arm class tor::arm ( - $ensure_version = 'installed' + $version = 'installed' ){ include ::tor package{'tor-arm': - ensure => $ensure_version, + ensure => $version, } } diff --git a/manifests/base.pp b/manifests/base.pp index b98451b..13d8507 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,7 +1,13 @@ # basic management of resources for tor class tor::base { - package { [ 'tor', 'tor-geoipdb' ]: - ensure => $tor::ensure_version, + package {'tor': + ensure => $tor::version, + } + if $facts['osfamily'] == 'Debian' { + package {'tor-geoipdb': + ensure => $tor::version, + before => Service['tor'], + } } service { 'tor': diff --git a/manifests/compact.pp b/manifests/compact.pp index c0f5919..901dd8b 100644 --- a/manifests/compact.pp +++ b/manifests/compact.pp @@ -2,6 +2,8 @@ # installation with all the basics class tor::compact { include ::tor - include tor::polipo include tor::torsocks + if $facts['osfamily'] == 'Debian' { + include tor::polipo + } } diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2522b2c..55c881d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,6 +1,5 @@ # manage a snippet based tor installation class tor::daemon ( - $ensure_version = 'installed', $use_munin = false, $data_dir = '/var/lib/tor', $config_file = '/etc/tor/torrc', @@ -10,13 +9,10 @@ class tor::daemon ( $safe_logging = 1, ) { - class{'tor': - ensure_version => $ensure_version, - } - - include tor::daemon::base + include ::tor + include ::tor::daemon::base if $use_munin { - include tor::munin + include ::tor::munin } } diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index f3bbc37..86156af 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -1,70 +1,62 @@ # extend basic tor things with a snippet based daemon configuration class tor::daemon::base inherits tor::base { - # packages, user, group - Service['tor'] { - subscribe => Concat[$tor::daemon::config_file], - } - Package[ 'tor' ] { - require => File[$tor::daemon::data_dir], - } + include ::tor::daemon::params - group { 'debian-tor': - ensure => present, - allowdupe => false, - } + if $tor::daemon::params::manage_user { + group { $tor::daemon::params::group: + ensure => present, + allowdupe => false, + } - user { 'debian-tor': - ensure => present, - allowdupe => false, - comment => 'tor user,,,', - home => $tor::daemon::data_dir, - shell => '/bin/false', - gid => 'debian-tor', - require => Group['debian-tor'], + user { $tor::daemon::params::user: + ensure => present, + allowdupe => false, + comment => 'tor user,,,', + home => $tor::daemon::data_dir, + shell => '/bin/false', + gid => $tor::daemon::params::group, + require => Group[$tor::daemon::params::group], + } } # directories file { $tor::daemon::data_dir: ensure => directory, - mode => '0700', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], + mode => $tor::daemon::params::data_dir_mode, + owner => $tor::daemon::params::user, + group => 'root', + require => Package['tor'], } file { '/etc/tor': ensure => directory, mode => '0755', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { '/var/lib/puppet/modules/tor': - ensure => absent, - recurse => true, - force => true, + owner => 'root', + group => 'root', + require => Package['tor'], } # tor configuration file concat { $tor::daemon::config_file: - mode => '0600', - owner => 'debian-tor', - group => 'debian-tor', + mode => '0640', + owner => 'root', + group => $tor::daemon::params::group, + require => Package['tor'], + notify => Service['tor'], } # config file headers concat::fragment { '00.header': content => template('tor/torrc.header.erb'), - order => 00, + order => '00', target => $tor::daemon::config_file, } # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - order => 01, + order => '01', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index a448f82..e09f4f7 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -2,12 +2,15 @@ define tor::daemon::bridge( $ip, $port, - $fingerprint = false ) { - - concat::fragment { "10.bridge.${name}": - content => template('tor/torrc.bridge.erb'), - order => 10, - target => $tor::daemon::config_file, + $fingerprint = false, + $ensure = 'present', +) { + if $ensure == 'present' { + concat::fragment { "10.bridge.${name}": + content => template('tor/torrc.bridge.erb'), + order => '10', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 4137c3e..ee4a1fd 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -1,26 +1,26 @@ # control definition define tor::daemon::control( + $ensure = 'present', $port = 0, $hashed_control_password = '', $cookie_authentication = 0, $cookie_auth_file = '', $cookie_auth_file_group_readable = '', - $ensure = present ) { +) { - if $cookie_authentication == '0' - and $hashed_control_password == '' - and $ensure != 'absent' { + if $ensure == 'present' { + if $cookie_authentication == '0' and $hashed_control_password == '' { fail('You need to define the tor control password') } - if $cookie_authentication == 0 - and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { # lint:ignore:80chars notice('You set a tor cookie authentication option, but do not have cookie_authentication on') # lint:ignore:80chars } - concat::fragment { '04.control': - content => template('tor/torrc.control.erb'), - order => 04, - target => $tor::daemon::config_file, + concat::fragment { '04.control': + content => template('tor/torrc.control.erb'), + order => '04', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index 3eaef9f..b2f77fe 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -1,22 +1,24 @@ # directory advertising define tor::daemon::directory ( + $ensure = 'present', $port = 0, $port_front_page = '/etc/tor/tor-exit-notice.html', - $ensure = present ) { - - concat::fragment { '06.directory': - content => template('tor/torrc.directory.erb'), - order => 06, - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { '06.directory': + content => template('tor/torrc.directory.erb'), + order => '06', + target => $tor::daemon::config_file, + } } + include ::tor::daemon::params file { '/etc/tor/tor-exit-notice.html': ensure => $ensure, source => 'puppet:///modules/tor/tor-exit-notice.html', require => File['/etc/tor'], - owner => 'debian-tor', - group => 'debian-tor', + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, mode => '0644', } } - diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index 599abd8..899f920 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,11 +1,14 @@ # DNS definition define tor::daemon::dns( - $port = 0 ) { - - concat::fragment { "08.dns.${name}": - content => template('tor/torrc.dns.erb'), - order => '08', - target => $tor::daemon::config_file, + $ensure = 'present', + $port = 0, +){ + if $ensure == 'present' { + concat::fragment { "08.dns.${name}": + content => template('tor/torrc.dns.erb'), + order => '08', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index c117d5d..62876c7 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -1,13 +1,16 @@ # exit policies define tor::daemon::exit_policy( + $ensure = 'present', $accept = [], $reject = [], - $reject_private = 1 ) { - - concat::fragment { "07.exit_policy.${name}": - content => template('tor/torrc.exit_policy.erb'), - order => 07, - target => $tor::daemon::config_file, + $reject_private = 1, +) { + if $ensure == 'present' { + concat::fragment { "07.exit_policy.${name}": + content => template('tor/torrc.exit_policy.erb'), + order => '07', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 9e053cc..8a062c5 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -3,19 +3,14 @@ define tor::daemon::hidden_service( $ports = [], $single_hop = false, $v3 = false, - $data_dir = $tor::daemon::data_dir ) { - - - - if $single_hop { - file { "${$data_dir}/${$name}/onion_service_non_anonymous": - ensure => 'present', - } - } - - concat::fragment { "05.hidden_service.${name}": - content => template('tor/torrc.hidden_service.erb'), - order => 05, - target => $tor::daemon::config_file, + $data_dir = $tor::daemon::data_dir, +) { + info("Using tor::daemon::hidden_service is deprecated, please use tor::daemon::onion_service for ${name}") + tor::daemon::onion_service{ + $name: + ports => $ports, + single_hop => $single_hop, + v3 => $v3, + data_dir => $data_dir, } } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index 1829eae..ca21ed9 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -1,12 +1,15 @@ # map address definition define tor::daemon::map_address( + $ensure = 'present', $address = '', - $newaddress = '' ) { - - concat::fragment { "08.map_address.${name}": - content => template('tor/torrc.map_address.erb'), - order => '08', - target => $tor::daemon::config_file, + $newaddress = '', +) { + if $ensure == 'present' { + concat::fragment { "08.map_address.${name}": + content => template('tor/torrc.map_address.erb'), + order => '08', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp new file mode 100644 index 0000000..cb55d06 --- /dev/null +++ b/manifests/daemon/onion_service.pp @@ -0,0 +1,65 @@ +# onion services definition +define tor::daemon::onion_service( + $ensure = 'present', + $ports = [], + $data_dir = $tor::daemon::data_dir, + $v3 = false, + $single_hop = false, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + + $data_dir_path = "${data_dir}/${name}" + if $ensure == 'present' { + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } + if $single_hop { + file { "${$data_dir_path}/onion_service_non_anonymous": + ensure => 'present', + notify => Service['tor']; + } + } + } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail('Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them') + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } +} + diff --git a/manifests/daemon/params.pp b/manifests/daemon/params.pp new file mode 100644 index 0000000..39126ee --- /dev/null +++ b/manifests/daemon/params.pp @@ -0,0 +1,19 @@ +# setup variables for different distributions +class tor::daemon::params { + case $facts['osfamily'] { + 'RedHat': { + $user = 'toranon' + $group = 'toranon' + $manage_user = false + $data_dir_mode = '0750' + } + 'Debian': { + $user = 'debian-tor' + $group = 'debian-tor' + $manage_user = true + $data_dir_mode = '0700' + } + default: { fail("No support for osfamily ${facts['osfamily']}") } + } + +} diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 9ba2323..bc72dd0 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -1,5 +1,6 @@ # relay definition define tor::daemon::relay( + $ensure = 'present', $port = 0, $outbound_bindaddresses = [], $portforwarding = 0, @@ -19,19 +20,21 @@ define tor::daemon::relay( $my_family = '', $address = "tor.${::domain}", $bridge_relay = 0, - $ensure = present ) { +) { - $nickname = $name + if $ensure == 'present' { + $nickname = $name - if $outbound_bindaddresses == [] { - $real_outbound_bindaddresses = [] - } else { - $real_outbound_bindaddresses = $outbound_bindaddresses - } + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = [] + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } - concat::fragment { '03.relay': - content => template('tor/torrc.relay.erb'), - order => 03, - target => $tor::daemon::config_file, + concat::fragment { '03.relay': + content => template('tor/torrc.relay.erb'), + order => '03', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 5a4c091..195ed77 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -1,11 +1,15 @@ # Arbitrary torrc snippet definition define tor::daemon::snippet( - $content = '' ) { + $ensure = 'present', + $content = '', +) { - concat::fragment { "99.snippet.${name}": - content => $content, - order => 99, - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { "99.snippet.${name}": + content => $content, + order => '99', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index cb130d9..e36d91e 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -1,11 +1,14 @@ # socks definition define tor::daemon::socks( - $port = 0, - $policies = [] ) { - - concat::fragment { '02.socks': - content => template('tor/torrc.socks.erb'), - order => 02, - target => $tor::daemon::config_file, + $ensure = 'present', + $port = 0, + $policies = [], +) { + if $ensure == 'present' { + concat::fragment { '02.socks': + content => template('tor/torrc.socks.erb'), + order => '02', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 90c0142..0d4620a 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,11 +1,14 @@ # Transparent proxy definition define tor::daemon::transparent( - $port = 0 ) { + $ensure = 'present', + $port = 0) { - concat::fragment { "09.transparent.${name}": - content => template('tor/torrc.transparent.erb'), - order => '09', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { "09.transparent.${name}": + content => template('tor/torrc.transparent.erb'), + order => '09', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index 1921282..4f7bbf2 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -1,13 +1,16 @@ # transport plugin define tor::daemon::transport_plugin( + $ensure = 'present', $servertransport_plugin = '', $servertransport_listenaddr = '', $servertransport_options = '', - $ext_port = '' ) { - - concat::fragment { '11.transport_plugin': - content => template('tor/torrc.transport_plugin.erb'), - order => 11, - target => $tor::daemon::config_file, + $ext_port = '', +) { + if $ensure == 'present' { + concat::fragment { '11.transport_plugin': + content => template('tor/torrc.transport_plugin.erb'), + order => 11, + target => $tor::daemon::config_file, + } } } diff --git a/manifests/init.pp b/manifests/init.pp index 9c19c64..ad584aa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,6 +1,6 @@ # manage a basic tor installation class tor ( - $ensure_version = 'installed' + $version = 'installed' ){ include tor::base } diff --git a/manifests/munin.pp b/manifests/munin.pp index 2a01175..f718c37 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -2,17 +2,19 @@ class tor::munin { tor::daemon::control{ 'control_port_for_munin': - port => 19051, + port => 9001, cookie_authentication => 1, cookie_auth_file => '/var/run/tor/control.authcookie', } + include ::tor::daemon::params Munin::Plugin::Deploy { - config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" # lint:ignore:80chars + config => "user ${tor::daemon::params::user}\n env.cookiefile /var/run/tor/control.authcookie\n env.port 9001" # lint:ignore:80chars } munin::plugin::deploy { - 'tor_connections': - source => 'tor/munin/tor_connections'; + 'tor_openfds': + config => 'user root', + source => 'tor/munin/tor_openfds'; 'tor_routers': source => 'tor/munin/tor_routers'; 'tor_traffic': diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp new file mode 100644 index 0000000..1921754 --- /dev/null +++ b/manifests/onionbalance.pp @@ -0,0 +1,82 @@ +# manages an onionbalance installation +# +# Parameters: +# +# services: a hash of onionbalance service instances +# services => { +# keyname_of_service1 => { +# name1 => onionservice_addr_3, +# name2 => onionservice_addr_2, +# _key_content => content_of_key_of_onionbalanced_service1, +# }, +# } +# +class tor::onionbalance( + $services, +) { + + include ::tor + + case $facts['osfamily'] { + 'Debian': { + $pkg_name = 'onionbalance' + $instance_file = '/etc/tor/instances/onionbalance/torrc' + $instance_user = '_tor-onionbalance' + exec{'/usr/sbin/tor-instance-create onionbalance': + creates => '/etc/tor/instances/onionbalance', + require => Package['tor'], + before => File[$instance_file], + } -> augeas{"manage_onionbalance_in_group_${instance_user}": + context => '/files/etc/group', + changes => [ "set ${instance_user}/user[last()+1] onionbalance" ], + onlyif => "match ${instance_user}/*[../user='onionbalance'] size == 0", + require => Package['onionbalance'], + } + } + 'RedHat': { + $instance_file = '/etc/tor/onionbalance.torrc' + $instance_user = 'toranon' + $pkg_name = 'python2-onionbalance' + } + default: { + fail("OSFamily ${facts['osfamily']} not (yet) supported for onionbalance") + } + } + + package{$pkg_name: + ensure => 'installed', + tag => 'onionbalance', + } -> file{ + '/etc/onionbalance/config.yaml': + content => template('tor/onionbalance/config.yaml.erb'), + owner => root, + group => $instance_user, + mode => '0640', + notify => Service['onionbalance']; + $instance_file: + content => template("tor/onionbalance/${facts['osfamily']}.torrc.erb"), + owner => root, + group => 0, + mode => '0644', + require => Package['tor'], + notify => Service['tor@onionbalance'], + } + + $keys = keys($services) + tor::onionbalance::keys{ + $keys: + values => $services, + group => $instance_user, + } + + service{ + 'tor@onionbalance': + ensure => running, + enable => true; + 'onionbalance': + ensure => running, + enable => true, + subscribe => Service['tor@onionbalance']; + } + +} diff --git a/manifests/onionbalance/key.pp b/manifests/onionbalance/key.pp new file mode 100644 index 0000000..e0016fc --- /dev/null +++ b/manifests/onionbalance/key.pp @@ -0,0 +1,25 @@ +# manage onionbalance keys +# +# key_content will be treated as path +# to a file containing the key content +# if the value starts with a / +# +define tor::onionbalance::key( + $key_content, + $group, +){ + + if $key_content =~ /^\// { + $content = file($key_content) + } else { + $content = $key_content + } + Package<| tag == 'onionbalance' |> -> file{ + "/etc/onionbalance/${name}.key": + content => $content, + owner => root, + group => $group, + mode => '0640', + notify => Service['onionbalance']; + } +} diff --git a/manifests/onionbalance/keys.pp b/manifests/onionbalance/keys.pp new file mode 100644 index 0000000..e3040f5 --- /dev/null +++ b/manifests/onionbalance/keys.pp @@ -0,0 +1,11 @@ +# a wrapper to manage onionbalance keys +define tor::onionbalance::keys( + $values, + $group, +) { + tor::onionbalance::key{ + $name: + key_content => $values[$name]['_key_content'], + group => $group, + } +} diff --git a/manifests/repo.pp b/manifests/repo.pp index 9549219..d9d43ec 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,4 +1,4 @@ -# setup repository for tor +# add upstream repositories of torproject class tor::repo ( $ensure = present, $source_name = 'torproject.org', @@ -10,6 +10,9 @@ class tor::repo ( $location = 'https://deb.torproject.org/torproject.org/' class { 'tor::repo::debian': } } + 'RedHat': { + # no need as EPEL is the relevant reference + } default: { fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu") # lint:ignore:80chars } diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp index e9fc75b..e1ba8a9 100644 --- a/manifests/torsocks.pp +++ b/manifests/torsocks.pp @@ -1,9 +1,9 @@ # manage torsocks class tor::torsocks ( - $ensure_version = 'installed' + $version = 'installed' ){ - include ::tor + include ::tor::daemon package{'torsocks': - ensure => $ensure_version, + ensure => $version, } } |