From 76e6ee3e854f5efd018dedc15af14d62e7f4549e Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:05:43 +0200 Subject: setting owner, group & mode is not supported by latest concat module --- manifests/daemon/hidden_service.pp | 3 --- 1 file changed, 3 deletions(-) (limited to 'manifests/daemon/hidden_service.pp') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index c827211..b54aa44 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,9 +7,6 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 05, target => $tor::daemon::config_file, } -- cgit v1.2.3 From 28b9509b148675d48e721c069491735b8141aff2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:19:33 +0200 Subject: linting --- manifests/daemon/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/daemon/hidden_service.pp') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index b54aa44..cf316b5 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,7 +7,7 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - order => 05, + order => '05', target => $tor::daemon::config_file, } } -- cgit v1.2.3 From 914df896d915cea5acade2732526d3bbc75b176d Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 1 Nov 2016 21:29:31 +0100 Subject: make it possible to also add pregenerated private keys for onion services or even let them pregenerate on the fly --- manifests/daemon/hidden_service.pp | 48 +++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) (limited to 'manifests/daemon/hidden_service.pp') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index cf316b5..895fc53 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -1,14 +1,56 @@ # hidden services definition define tor::daemon::hidden_service( - $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), order => '05', target => $tor::daemon::config_file, } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => $tor::daemon::params::data_dir_mode, + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } } -- cgit v1.2.3 From a51345c154ed58731eef7719492e492953c2531c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 15:11:11 +0100 Subject: make sure the onionservice directory has the right mode --- manifests/daemon/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/daemon/hidden_service.pp') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 895fc53..1519b56 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -36,7 +36,7 @@ define tor::daemon::hidden_service( recurse => true, owner => $tor::daemon::params::user, group => $tor::daemon::params::group, - mode => $tor::daemon::params::data_dir_mode, + mode => '0600', require => Package['tor']; "${data_dir_path}/private_key": content => $real_private_key, -- cgit v1.2.3 From 34ef388fcfc92d37faad08ca9216d787a53e186c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 15:17:40 +0100 Subject: rename hidden service to onion service to follow the new naming conventions --- manifests/daemon/hidden_service.pp | 56 -------------------------------------- 1 file changed, 56 deletions(-) delete mode 100644 manifests/daemon/hidden_service.pp (limited to 'manifests/daemon/hidden_service.pp') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp deleted file mode 100644 index 1519b56..0000000 --- a/manifests/daemon/hidden_service.pp +++ /dev/null @@ -1,56 +0,0 @@ -# hidden services definition -define tor::daemon::hidden_service( - $ensure = present, - $ports = [], - $data_dir = $tor::daemon::data_dir, - $private_key = undef, - $private_key_name = $name, - $private_key_store_path = undef, -) { - - $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, - content => template('tor/torrc.hidden_service.erb'), - order => '05', - target => $tor::daemon::config_file, - } - if $private_key or ($private_key_name and $private_key_store_path) { - if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") - } - if $private_key_store_path and $private_key_name { - $tmp = generate_onion_key($private_key_store_path,$private_key_name) - $os_hostname = $tmp[0] - $real_private_key = $tmp[1] - } else { - $os_hostname = onion_address($private_key) - $real_private_key = $private_key - } - file{ - $data_dir_path: - ensure => directory, - purge => true, - force => true, - recurse => true, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - require => Package['tor']; - "${data_dir_path}/private_key": - content => $real_private_key, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - "${data_dir_path}/hostname": - content => "${os_hostname}.onion\n", - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - } - } -} - -- cgit v1.2.3