1 files changed, 65 insertions, 0 deletions

diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp
new file mode 100644
index 0000000..cb55d06
--- /dev/null
+++ b/manifests/daemon/onion_service.pp
@@ -0,0 +1,65 @@
+# onion services definition
+define tor::daemon::onion_service(
+  $ensure                 = 'present',
+  $ports                  = [],
+  $data_dir               = $tor::daemon::data_dir,
+  $v3                     = false,
+  $single_hop             = false,
+  $private_key            = undef,
+  $private_key_name       = $name,
+  $private_key_store_path = undef,
+) {
+
+  $data_dir_path = "${data_dir}/${name}"
+  if $ensure == 'present' {
+    include ::tor::daemon::params
+    concat::fragment { "05.onion_service.${name}":
+      content => template('tor/torrc.onion_service.erb'),
+      order   => '05',
+      target  => $tor::daemon::config_file,
+    }
+    if $single_hop {
+      file { "${$data_dir_path}/onion_service_non_anonymous":
+        ensure => 'present',
+        notify => Service['tor'];
+      }
+    }
+  }
+  if $private_key or ($private_key_name and $private_key_store_path) {
+    if $private_key and ($private_key_name and $private_key_store_path) {
+      fail('Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them')
+    }
+    if $private_key_store_path and $private_key_name {
+      $tmp = generate_onion_key($private_key_store_path,$private_key_name)
+      $os_hostname = $tmp[0]
+      $real_private_key = $tmp[1]
+    } else {
+      $os_hostname = onion_address($private_key)
+      $real_private_key = $private_key
+    }
+    file{
+      $data_dir_path:
+        ensure  => directory,
+        purge   => true,
+        force   => true,
+        recurse => true,
+        owner   => $tor::daemon::params::user,
+        group   => $tor::daemon::params::group,
+        mode    => '0600',
+        require => Package['tor'];
+      "${data_dir_path}/private_key":
+        content => $real_private_key,
+        owner   => $tor::daemon::params::user,
+        group   => $tor::daemon::params::group,
+        mode    => '0600',
+        notify  => Service['tor'];
+      "${data_dir_path}/hostname":
+        content => "${os_hostname}.onion\n",
+        owner   => $tor::daemon::params::user,
+        group   => $tor::daemon::params::group,
+        mode    => '0600',
+        notify  => Service['tor'];
+    }
+  }
+}
+