From 914df896d915cea5acade2732526d3bbc75b176d Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 1 Nov 2016 21:29:31 +0100
Subject: make it possible to also add pregenerated private keys for onion
 services or even let them pregenerate on the fly

---
 manifests/daemon/hidden_service.pp | 48 +++++++++++++++++++++++++++++++++++---
 1 file changed, 45 insertions(+), 3 deletions(-)

(limited to 'manifests/daemon')

diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp
index cf316b5..895fc53 100644
--- a/manifests/daemon/hidden_service.pp
+++ b/manifests/daemon/hidden_service.pp
@@ -1,14 +1,56 @@
 # hidden services definition
 define tor::daemon::hidden_service(
-  $ports    = [],
-  $data_dir = $tor::daemon::data_dir,
-  $ensure   = present ) {
+  $ensure                 = present,
+  $ports                  = [],
+  $data_dir               = $tor::daemon::data_dir,
+  $private_key            = undef,
+  $private_key_name       = $name,
+  $private_key_store_path = undef,
+) {
 
+  $data_dir_path = "${data_dir}/${name}"
+  include ::tor::daemon::params
   concat::fragment { "05.hidden_service.${name}":
     ensure  => $ensure,
     content => template('tor/torrc.hidden_service.erb'),
     order   => '05',
     target  => $tor::daemon::config_file,
   }
+  if $private_key or ($private_key_name and $private_key_store_path) {
+    if $private_key and ($private_key_name and $private_key_store_path) {
+      fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them")
+    }
+    if $private_key_store_path and $private_key_name {
+      $tmp = generate_onion_key($private_key_store_path,$private_key_name)
+      $os_hostname = $tmp[0]
+      $real_private_key = $tmp[1]
+    } else {
+      $os_hostname = onion_address($private_key)
+      $real_private_key = $private_key
+    }
+    file{
+      $data_dir_path:
+        ensure  => directory,
+        purge   => true,
+        force   => true,
+        recurse => true,
+        owner   => $tor::daemon::params::user,
+        group   => $tor::daemon::params::group,
+        mode    => $tor::daemon::params::data_dir_mode,
+        require => Package['tor'];
+      "${data_dir_path}/private_key":
+        content => $real_private_key,
+        owner   => $tor::daemon::params::user,
+        group   => $tor::daemon::params::group,
+        mode    => '0600',
+        notify  => Service['tor'];
+      "${data_dir_path}/hostname":
+        content => "${os_hostname}.onion\n",
+        owner   => $tor::daemon::params::user,
+        group   => $tor::daemon::params::group,
+        mode    => '0600',
+        notify  => Service['tor'];
+    }
+  }
 }
 
-- 
cgit v1.2.3