diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/base.pp | 10 | ||||
-rw-r--r-- | manifests/compact.pp | 2 | ||||
-rw-r--r-- | manifests/daemon/control.pp | 4 | ||||
-rw-r--r-- | manifests/daemon/directory.pp | 2 | ||||
-rw-r--r-- | manifests/daemon/dns.pp | 1 | ||||
-rw-r--r-- | manifests/daemon/hidden_service.pp | 16 | ||||
-rw-r--r-- | manifests/daemon/onion_service.pp | 8 | ||||
-rw-r--r-- | manifests/daemon/params.pp | 5 | ||||
-rw-r--r-- | manifests/daemon/relay.pp | 3 | ||||
-rw-r--r-- | manifests/daemon/socks.pp | 1 | ||||
-rw-r--r-- | manifests/daemon/transparent.pp | 4 | ||||
-rw-r--r-- | manifests/daemon/transport_plugin.pp | 13 | ||||
-rw-r--r-- | manifests/munin.pp | 2 | ||||
-rw-r--r-- | manifests/onionbalance.pp | 6 | ||||
-rw-r--r-- | manifests/repo.pp | 2 | ||||
-rw-r--r-- | manifests/repo/debian.pp | 2 |
16 files changed, 54 insertions, 27 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index b5aa7e9..13d8507 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -3,12 +3,10 @@ class tor::base { package {'tor': ensure => $tor::version, } - case $osfamily { - 'Debian': { - package {'tor-geoipdb': - ensure => $tor::version, - before => Service['tor'], - } + if $facts['osfamily'] == 'Debian' { + package {'tor-geoipdb': + ensure => $tor::version, + before => Service['tor'], } } diff --git a/manifests/compact.pp b/manifests/compact.pp index e44ffed..901dd8b 100644 --- a/manifests/compact.pp +++ b/manifests/compact.pp @@ -3,7 +3,7 @@ class tor::compact { include ::tor include tor::torsocks - if $osfamily == 'Debian' { + if $facts['osfamily'] == 'Debian' { include tor::polipo } } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 027a49d..ee4a1fd 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -13,8 +13,8 @@ define tor::daemon::control( fail('You need to define the tor control password') } - if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { - notice('You set a tor cookie authentication option, but do not have cookie_authentication on') + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { # lint:ignore:80chars + notice('You set a tor cookie authentication option, but do not have cookie_authentication on') # lint:ignore:80chars } concat::fragment { '04.control': diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index 3bbf273..b2f77fe 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -2,7 +2,6 @@ define tor::daemon::directory ( $ensure = 'present', $port = 0, - $listen_addresses = [], $port_front_page = '/etc/tor/tor-exit-notice.html', ) { if $ensure == 'present' { @@ -23,4 +22,3 @@ define tor::daemon::directory ( mode => '0644', } } - diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index 3ae8c77..899f920 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -2,7 +2,6 @@ define tor::daemon::dns( $ensure = 'present', $port = 0, - $listen_addresses = [], ){ if $ensure == 'present' { concat::fragment { "08.dns.${name}": diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp new file mode 100644 index 0000000..8a062c5 --- /dev/null +++ b/manifests/daemon/hidden_service.pp @@ -0,0 +1,16 @@ +# hidden services definition +define tor::daemon::hidden_service( + $ports = [], + $single_hop = false, + $v3 = false, + $data_dir = $tor::daemon::data_dir, +) { + info("Using tor::daemon::hidden_service is deprecated, please use tor::daemon::onion_service for ${name}") + tor::daemon::onion_service{ + $name: + ports => $ports, + single_hop => $single_hop, + v3 => $v3, + data_dir => $data_dir, + } +} diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp index 9d12a3a..cb55d06 100644 --- a/manifests/daemon/onion_service.pp +++ b/manifests/daemon/onion_service.pp @@ -3,6 +3,8 @@ define tor::daemon::onion_service( $ensure = 'present', $ports = [], $data_dir = $tor::daemon::data_dir, + $v3 = false, + $single_hop = false, $private_key = undef, $private_key_name = $name, $private_key_store_path = undef, @@ -16,6 +18,12 @@ define tor::daemon::onion_service( order => '05', target => $tor::daemon::config_file, } + if $single_hop { + file { "${$data_dir_path}/onion_service_non_anonymous": + ensure => 'present', + notify => Service['tor']; + } + } } if $private_key or ($private_key_name and $private_key_store_path) { if $private_key and ($private_key_name and $private_key_store_path) { diff --git a/manifests/daemon/params.pp b/manifests/daemon/params.pp index 0c35cd6..39126ee 100644 --- a/manifests/daemon/params.pp +++ b/manifests/daemon/params.pp @@ -1,7 +1,6 @@ # setup variables for different distributions class tor::daemon::params { - - case $osfamily { + case $facts['osfamily'] { 'RedHat': { $user = 'toranon' $group = 'toranon' @@ -14,7 +13,7 @@ class tor::daemon::params { $manage_user = true $data_dir_mode = '0700' } - default: { fail("No support for osfamily ${osfamily}") } + default: { fail("No support for osfamily ${facts['osfamily']}") } } } diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 68e06ca..bc72dd0 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -2,7 +2,6 @@ define tor::daemon::relay( $ensure = 'present', $port = 0, - $listen_addresses = [], $outbound_bindaddresses = [], $portforwarding = 0, # KB/s, defaulting to using tor's default: 5120KB/s @@ -15,7 +14,7 @@ define tor::daemon::relay( $relay_bandwidth_burst = 0, # GB, 0 for no limit $accounting_max = 0, - $accounting_start = [], + $accounting_start = 'month 1 0:00', $contact_info = '', # TODO: autofill with other relays $my_family = '', diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 43256ae..76c1703 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -1,7 +1,6 @@ # socks definition define tor::daemon::socks( $port = 0, - $listen_addresses = [], $policies = [], ) { concat::fragment { '02.socks': diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 49f9e70..0d4620a 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,9 +1,7 @@ # Transparent proxy definition define tor::daemon::transparent( $ensure = 'present', - $port = 0, - $listen_addresses = [], -) { + $port = 0) { if $ensure == 'present' { concat::fragment { "09.transparent.${name}": diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp new file mode 100644 index 0000000..1921282 --- /dev/null +++ b/manifests/daemon/transport_plugin.pp @@ -0,0 +1,13 @@ +# transport plugin +define tor::daemon::transport_plugin( + $servertransport_plugin = '', + $servertransport_listenaddr = '', + $servertransport_options = '', + $ext_port = '' ) { + + concat::fragment { '11.transport_plugin': + content => template('tor/torrc.transport_plugin.erb'), + order => 11, + target => $tor::daemon::config_file, + } +} diff --git a/manifests/munin.pp b/manifests/munin.pp index 67e8c57..f718c37 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -9,7 +9,7 @@ class tor::munin { include ::tor::daemon::params Munin::Plugin::Deploy { - config => "user ${tor::daemon::params::user}\n env.cookiefile /var/run/tor/control.authcookie\n env.port 9001" + config => "user ${tor::daemon::params::user}\n env.cookiefile /var/run/tor/control.authcookie\n env.port 9001" # lint:ignore:80chars } munin::plugin::deploy { 'tor_openfds': diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp index 6a6b476..1921754 100644 --- a/manifests/onionbalance.pp +++ b/manifests/onionbalance.pp @@ -17,7 +17,7 @@ class tor::onionbalance( include ::tor - case $osfamily { + case $facts['osfamily'] { 'Debian': { $pkg_name = 'onionbalance' $instance_file = '/etc/tor/instances/onionbalance/torrc' @@ -39,7 +39,7 @@ class tor::onionbalance( $pkg_name = 'python2-onionbalance' } default: { - fail("OSFamily ${osfamily} not (yet) supported for onionbalance") + fail("OSFamily ${facts['osfamily']} not (yet) supported for onionbalance") } } @@ -54,7 +54,7 @@ class tor::onionbalance( mode => '0640', notify => Service['onionbalance']; $instance_file: - content => template("tor/onionbalance/${osfamily}.torrc.erb"), + content => template("tor/onionbalance/${facts['osfamily']}.torrc.erb"), owner => root, group => 0, mode => '0644', diff --git a/manifests/repo.pp b/manifests/repo.pp index 6770feb..d9d43ec 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -14,7 +14,7 @@ class tor::repo ( # no need as EPEL is the relevant reference } default: { - fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu") + fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu") # lint:ignore:80chars } } } diff --git a/manifests/repo/debian.pp b/manifests/repo/debian.pp index 174c331..81976a2 100644 --- a/manifests/repo/debian.pp +++ b/manifests/repo/debian.pp @@ -1,6 +1,6 @@ # PRIVATE CLASS: do not use directly class tor::repo::debian inherits tor::repo { - apt::source { $source_name: + apt::source { $tor::repo::source_name: ensure => $::tor::repo::ensure, location => $::tor::repo::location, key => $::tor::repo::key, |