diff options
| -rw-r--r-- | files/polipo/polipo.conf (renamed from files/polipo.conf) | 0 | ||||
| -rwxr-xr-x | files/polipo/polipo.cron (renamed from files/polipo.cron) | 0 | ||||
| -rw-r--r-- | manifests/compact.pp | 5 | ||||
| -rw-r--r-- | manifests/daemon.pp | 55 | ||||
| -rw-r--r-- | manifests/init.pp | 5 | ||||
| -rw-r--r-- | manifests/polipo.pp | 45 | ||||
| -rw-r--r-- | manifests/polipo/base.pp | 21 | ||||
| -rw-r--r-- | manifests/polipo/debian.pp | 12 | ||||
| -rw-r--r-- | manifests/torsocks.pp | 7 | ||||
| -rw-r--r-- | templates/torrc.bridge.erb | 3 | ||||
| -rw-r--r-- | templates/torrc.dns.erb | 5 | ||||
| -rw-r--r-- | templates/torrc.global.erb | 2 | ||||
| -rw-r--r-- | templates/torrc.relay.erb | 2 | ||||
| -rw-r--r-- | templates/torrc.transparent.erb | 5 |
14 files changed, 117 insertions, 50 deletions
diff --git a/files/polipo.conf b/files/polipo/polipo.conf index 12b10c4..12b10c4 100644 --- a/files/polipo.conf +++ b/files/polipo/polipo.conf diff --git a/files/polipo.cron b/files/polipo/polipo.cron index aba88bc..aba88bc 100755 --- a/files/polipo.cron +++ b/files/polipo/polipo.cron diff --git a/manifests/compact.pp b/manifests/compact.pp new file mode 100644 index 0000000..472a4a6 --- /dev/null +++ b/manifests/compact.pp @@ -0,0 +1,5 @@ +class tor::compact { + include ::tor + include tor::polipo + include tor::torsocks +} diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 7661a43..e6d0c2e 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -12,7 +12,7 @@ class tor::daemon inherits tor { subscribe => File[$config_file], } - Package[ 'tor', 'torsocks' ] { + Package[ 'tor' ] { require => File[$data_dir], } @@ -76,9 +76,11 @@ class tor::daemon inherits tor { # global configurations define global_opts( $data_dir = $tor::daemon::data_dir, - $log_rules = [ 'notice file /var/log/tor/notices.log' ] ) { + $log_rules = [ 'notice file /var/log/tor/notices.log' ], + $use_bridges = 0, + $automap_hosts_on_resolve = 0) { - concatenated_file_part { '01.global': + concatenated_file_part { '01.global': dir => $tor::daemon::snippet_dir, content => template('tor/torrc.global.erb'), owner => 'debian-tor', group => 'debian-tor', mode => 0644, @@ -114,6 +116,12 @@ class tor::daemon inherits tor { $ensure = present ) { $nickname = $name + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = $listen_addresses + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } + concatenated_file_part { '03.relay': dir => $tor::daemon::snippet_dir, content => template('tor/torrc.relay.erb'), @@ -194,6 +202,46 @@ class tor::daemon inherits tor { } } + # DNS definition + define dns( $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concatenated_file_part { "08.dns.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.dns.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + + # Transparent proxy definition + define transparent( $port = 0, + $listen_addresses = [], + $ensure = present ) { + + concatenated_file_part { "09.transparent.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.transparent.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + + # Bridge definition + define bridge( $ip, + $port, + $fingerprint = false, + $ensure = present ) { + + concatenated_file_part { "10.bridge.${name}": + dir => $tor::daemon::snippet_dir, + content => template('tor/torrc.bridge.erb'), + owner => 'debian-tor', group => 'debian-tor', mode => 0644, + ensure => $ensure, + } + } + # map address definition define map_address( $address = '', $newaddress = '') { @@ -206,4 +254,3 @@ class tor::daemon inherits tor { } } } - diff --git a/manifests/init.pp b/manifests/init.pp index 0c38073..d916188 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,16 +1,11 @@ class tor { if !$tor_ensure_version { $tor_ensure_version = 'installed' } - if !$torsocks_ensure_version { $torsocks_ensure_version = 'installed'} package { [ "tor", "tor-geoipdb" ]: ensure => $tor_ensure_version, } - package { "torsocks": - ensure => $torsocks_ensure_version, - } - service { 'tor': ensure => running, enable => true, diff --git a/manifests/polipo.pp b/manifests/polipo.pp index 73eaea2..a7ef005 100644 --- a/manifests/polipo.pp +++ b/manifests/polipo.pp @@ -1,43 +1,8 @@ -class tor::polipo inherits tor { +class tor::polipo { + include ::tor - package { "privoxy": - ensure => absent, + case $operatingsystem { + 'debian': { include tor::polipo::debian } + default: { include tor::polipo::base } } - - package { "polipo": - ensure => installed, - } - - service { "polipo": - ensure => running, - require => [ Package["polipo"], Service["tor"] ], - } - - file { "/etc/polipo": - ensure => directory, - owner => root, - group => root, - mode => 0755, - } - - file { "/etc/polipo/config": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => "puppet:///modules/tor/polipo.conf", - notify => Service["polipo"], - require => File["/etc/polipo"], - } - - # TODO: restore file to original state after the following bug is solved: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 - file { "/etc/cron.daily/polipo": - ensure => present, - owner => root, - group => root, - mode => 0755, - source => "puppet:///modules/tor/polipo.cron", - } - } diff --git a/manifests/polipo/base.pp b/manifests/polipo/base.pp new file mode 100644 index 0000000..f485747 --- /dev/null +++ b/manifests/polipo/base.pp @@ -0,0 +1,21 @@ +class tor::polipo::base { + package { "polipo": + ensure => installed, + } + + file { "/etc/polipo/config": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet:///modules/tor/polipo/polipo.conf", + require => Package["polipo"], + notify => Service["polipo"], + } + + service { "polipo": + ensure => running, + enable => true, + require => [ Package["polipo"], Service["tor"] ], + } +} diff --git a/manifests/polipo/debian.pp b/manifests/polipo/debian.pp new file mode 100644 index 0000000..1986119 --- /dev/null +++ b/manifests/polipo/debian.pp @@ -0,0 +1,12 @@ +class tor::polipo::debian inherits tor::polipo::base { + # TODO: restore file to original state after the following bug is solved: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 + file { "/etc/cron.daily/polipo": + ensure => present, + owner => root, + group => root, + mode => 0755, + require => Package["polipo"], + source => "puppet:///modules/tor/polipo/polipo.cron", + } +} diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp new file mode 100644 index 0000000..6346707 --- /dev/null +++ b/manifests/torsocks.pp @@ -0,0 +1,7 @@ +class tor::torsocks { + if !$torsocks_ensure_version { $torsocks_ensure_version = 'installed'} + include ::tor + package{'torsocks': + ensure => $torsocks_ensure_version, + } +} diff --git a/templates/torrc.bridge.erb b/templates/torrc.bridge.erb new file mode 100644 index 0000000..58ef70d --- /dev/null +++ b/templates/torrc.bridge.erb @@ -0,0 +1,3 @@ +# Bridge <%= name%> +Bridge <%= ip%>:<%= port%><%- if fingerprint -%> <%= fingerprint%><%- end -%> + diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb new file mode 100644 index 0000000..bd1e719 --- /dev/null +++ b/templates/torrc.dns.erb @@ -0,0 +1,5 @@ +# DNS +DNSPort <%= port %> +<%- for listen_address in listen_addresses -%> +DNSListenAddress <%= listen_address %> +<%- end -%> diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index 6ca49de..3a3b623 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -11,3 +11,5 @@ Log <%= log_rule %> Log notice syslog <%- end -%> +AutomapHostsOnResolve <%= automap_hosts_on_resolve%> +UseBridges <%= use_bridges%> diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 71c94b9..85320d3 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -4,7 +4,7 @@ ORPort <%= port %> <%- for listen_address in listen_addresses -%> ORListenAddress <%= listen_address %> <%- end -%> -<%- for outbound_bindaddress in outbound_bindaddresses -%> +<%- for outbound_bindaddress in real_outbound_bindaddresses -%> OutboundBindAddress <%= outbound_bindaddress %> <%- end -%> <%- if nickname != '' then -%> diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb new file mode 100644 index 0000000..dae97dc --- /dev/null +++ b/templates/torrc.transparent.erb @@ -0,0 +1,5 @@ +# Transparent proxy +TransPort <%= port %> +<%- for listen_address in listen_addresses -%> +TransListenAddress <%= listen_address %> +<%- end -%> |