1 files changed, 82 insertions, 0 deletions

diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp
new file mode 100644
index 0000000..1921754
--- /dev/null
+++ b/manifests/onionbalance.pp
@@ -0,0 +1,82 @@
+# manages an onionbalance installation
+#
+# Parameters:
+#
+#  services: a hash of onionbalance service instances
+#    services => {
+#      keyname_of_service1 => {
+#        name1        => onionservice_addr_3,
+#        name2        => onionservice_addr_2,
+#        _key_content => content_of_key_of_onionbalanced_service1,
+#      },
+#    }
+#
+class tor::onionbalance(
+  $services,
+) {
+
+  include ::tor
+
+  case $facts['osfamily'] {
+    'Debian': {
+      $pkg_name = 'onionbalance'
+      $instance_file = '/etc/tor/instances/onionbalance/torrc'
+      $instance_user = '_tor-onionbalance'
+      exec{'/usr/sbin/tor-instance-create onionbalance':
+        creates => '/etc/tor/instances/onionbalance',
+        require => Package['tor'],
+        before  => File[$instance_file],
+      } -> augeas{"manage_onionbalance_in_group_${instance_user}":
+        context => '/files/etc/group',
+        changes => [ "set ${instance_user}/user[last()+1] onionbalance" ],
+        onlyif  => "match ${instance_user}/*[../user='onionbalance'] size == 0",
+        require => Package['onionbalance'],
+      }
+    }
+    'RedHat': {
+      $instance_file = '/etc/tor/onionbalance.torrc'
+      $instance_user = 'toranon'
+      $pkg_name      = 'python2-onionbalance'
+    }
+    default: {
+      fail("OSFamily ${facts['osfamily']} not (yet) supported for onionbalance")
+    }
+  }
+
+  package{$pkg_name:
+    ensure => 'installed',
+    tag    => 'onionbalance',
+  } -> file{
+    '/etc/onionbalance/config.yaml':
+      content => template('tor/onionbalance/config.yaml.erb'),
+      owner   => root,
+      group   => $instance_user,
+      mode    => '0640',
+      notify  => Service['onionbalance'];
+    $instance_file:
+      content => template("tor/onionbalance/${facts['osfamily']}.torrc.erb"),
+      owner   => root,
+      group   => 0,
+      mode    => '0644',
+      require => Package['tor'],
+      notify  => Service['tor@onionbalance'],
+  }
+
+  $keys = keys($services)
+  tor::onionbalance::keys{
+    $keys:
+      values => $services,
+      group  => $instance_user,
+  }
+
+  service{
+    'tor@onionbalance':
+      ensure => running,
+      enable => true;
+    'onionbalance':
+      ensure    => running,
+      enable    => true,
+      subscribe => Service['tor@onionbalance'];
+  }
+
+}