From 76e6ee3e854f5efd018dedc15af14d62e7f4549e Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:05:43 +0200 Subject: setting owner, group & mode is not supported by latest concat module --- manifests/daemon/base.pp | 6 ------ manifests/daemon/bridge.pp | 3 --- manifests/daemon/control.pp | 3 --- manifests/daemon/directory.pp | 3 --- manifests/daemon/dns.pp | 3 --- manifests/daemon/exit_policy.pp | 3 --- manifests/daemon/hidden_service.pp | 3 --- manifests/daemon/map_address.pp | 3 --- manifests/daemon/relay.pp | 3 --- manifests/daemon/snippet.pp | 3 --- manifests/daemon/socks.pp | 3 --- manifests/daemon/transparent.pp | 3 --- 12 files changed, 39 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 63d7bc4..e687a67 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -58,9 +58,6 @@ class tor::daemon::base inherits tor::base { concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 00, target => $tor::daemon::config_file, } @@ -68,9 +65,6 @@ class tor::daemon::base inherits tor::base { # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 01, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 063f565..83d74e0 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -8,9 +8,6 @@ define tor::daemon::bridge( concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 10, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 0172656..001e2b2 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -18,9 +18,6 @@ define tor::daemon::control( concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0600', order => 04, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index d877a86..e2e405d 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -8,9 +8,6 @@ define tor::daemon::directory ( concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 06, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index f3a7027..95e62d8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -7,9 +7,6 @@ define tor::daemon::dns( concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 08, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index f459ece..df0fb99 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -8,9 +8,6 @@ define tor::daemon::exit_policy( concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 07, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index c827211..b54aa44 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,9 +7,6 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 05, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index cfbd3da..d41ccea 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -7,9 +7,6 @@ define tor::daemon::map_address( concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 08, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 3ef8602..8150f63 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -33,9 +33,6 @@ define tor::daemon::relay( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 03, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index b9089b4..7e1494c 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -6,9 +6,6 @@ define tor::daemon::snippet( concat::fragment { "99.snippet.${name}": ensure => $ensure, content => $content, - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 99, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 910461c..54c8b6a 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -6,9 +6,6 @@ define tor::daemon::socks( concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 02, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 74fed4f..b5e9bc5 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -7,9 +7,6 @@ define tor::daemon::transparent( concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 09, target => $tor::daemon::config_file, } -- cgit v1.2.3 From a51a51fe181a7fc6cc1f23e742078cbeed740658 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:17:25 +0200 Subject: make it work with latest concat module --- manifests/daemon/base.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index e687a67..9cfcc50 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -1,10 +1,7 @@ # extend basic tor things with a snippet based daemon configuration class tor::daemon::base inherits tor::base { - # packages, user, group - Service['tor'] { - subscribe => File[$tor::daemon::config_file], - } + # packages, user, group Package[ 'tor' ] { require => File[$tor::daemon::data_dir], } @@ -52,6 +49,7 @@ class tor::daemon::base inherits tor::base { mode => '0600', owner => 'debian-tor', group => 'debian-tor', + notify => Service['tor'], } # config file headers -- cgit v1.2.3 From 28b9509b148675d48e721c069491735b8141aff2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:19:33 +0200 Subject: linting --- manifests/daemon/base.pp | 4 ++-- manifests/daemon/bridge.pp | 2 +- manifests/daemon/control.pp | 2 +- manifests/daemon/directory.pp | 2 +- manifests/daemon/dns.pp | 2 +- manifests/daemon/exit_policy.pp | 2 +- manifests/daemon/hidden_service.pp | 2 +- manifests/daemon/map_address.pp | 2 +- manifests/daemon/relay.pp | 2 +- manifests/daemon/snippet.pp | 2 +- manifests/daemon/socks.pp | 2 +- manifests/daemon/transparent.pp | 2 +- 12 files changed, 13 insertions(+), 13 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 9cfcc50..5db3e31 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -56,14 +56,14 @@ class tor::daemon::base inherits tor::base { concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - order => 00, + order => '00', target => $tor::daemon::config_file, } # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - order => 01, + order => '01', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 83d74e0..a9a21d4 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -8,7 +8,7 @@ define tor::daemon::bridge( concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - order => 10, + order => '10', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 001e2b2..5e81c65 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -18,7 +18,7 @@ define tor::daemon::control( concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - order => 04, + order => '04', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index e2e405d..8a90899 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -8,7 +8,7 @@ define tor::daemon::directory ( concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - order => 06, + order => '06', target => $tor::daemon::config_file, } diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index 95e62d8..e8d4fc8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -7,7 +7,7 @@ define tor::daemon::dns( concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - order => 08, + order => '08', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index df0fb99..5f4d3e8 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -8,7 +8,7 @@ define tor::daemon::exit_policy( concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - order => 07, + order => '07', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index b54aa44..cf316b5 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,7 +7,7 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - order => 05, + order => '05', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index d41ccea..ac624a0 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -7,7 +7,7 @@ define tor::daemon::map_address( concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - order => 08, + order => '08', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 8150f63..5eae618 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -33,7 +33,7 @@ define tor::daemon::relay( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - order => 03, + order => '03', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 7e1494c..1f22d0c 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -6,7 +6,7 @@ define tor::daemon::snippet( concat::fragment { "99.snippet.${name}": ensure => $ensure, content => $content, - order => 99, + order => '99', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 54c8b6a..17ce40b 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -6,7 +6,7 @@ define tor::daemon::socks( concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - order => 02, + order => '02', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index b5e9bc5..6ac7b44 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -7,7 +7,7 @@ define tor::daemon::transparent( concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - order => 09, + order => '09', target => $tor::daemon::config_file, } } -- cgit v1.2.3 From d08f07eae13d02431b1c4142634f49e978b551de Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 4 Sep 2016 21:00:45 +0200 Subject: make module also work on EL7 * user is different * user must not be managed * make access more safe, it doesn't make sense that the user running the daemon owns the config, nor the config directory. --- manifests/daemon/base.pp | 56 +++++++++++++++++++------------------------ manifests/daemon/directory.pp | 5 ++-- manifests/daemon/params.pp | 18 ++++++++++++++ 3 files changed, 46 insertions(+), 33 deletions(-) create mode 100644 manifests/daemon/params.pp (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 5db3e31..217a122 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -1,54 +1,48 @@ # extend basic tor things with a snippet based daemon configuration class tor::daemon::base inherits tor::base { - # packages, user, group - Package[ 'tor' ] { - require => File[$tor::daemon::data_dir], - } + include ::tor::daemon::params - group { 'debian-tor': - ensure => present, - allowdupe => false, - } + if $tor::daemon::params::manage_user { + group { $tor::daemon::params::group: + ensure => present, + allowdupe => false, + } - user { 'debian-tor': - ensure => present, - allowdupe => false, - comment => 'tor user,,,', - home => $tor::daemon::data_dir, - shell => '/bin/false', - gid => 'debian-tor', - require => Group['debian-tor'], + user { $tor::daemon::params::user: + ensure => present, + allowdupe => false, + comment => 'tor user,,,', + home => $tor::daemon::data_dir, + shell => '/bin/false', + gid => $tor::daemon::params::group, + require => Group[$tor::daemon::params::group], + } } # directories file { $tor::daemon::data_dir: ensure => directory, - mode => '0700', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], + mode => '0750', + owner => $tor::daemon::params::user, + group => 'root', + require => Package['tor'], } file { '/etc/tor': ensure => directory, mode => '0755', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { '/var/lib/puppet/modules/tor': - ensure => absent, - recurse => true, - force => true, + owner => 'root', + group => 'root', + require => Package['tor'], } # tor configuration file concat { $tor::daemon::config_file: mode => '0600', - owner => 'debian-tor', - group => 'debian-tor', + owner => 'root', + group => 'root', + require => Package['tor'], notify => Service['tor'], } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index 8a90899..4dc2afa 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -12,12 +12,13 @@ define tor::daemon::directory ( target => $tor::daemon::config_file, } + include ::tor::daemon::params file { '/etc/tor/tor-exit-notice.html': ensure => $ensure, source => 'puppet:///modules/tor/tor-exit-notice.html', require => File['/etc/tor'], - owner => 'debian-tor', - group => 'debian-tor', + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, mode => '0644', } } diff --git a/manifests/daemon/params.pp b/manifests/daemon/params.pp new file mode 100644 index 0000000..b2d8e34 --- /dev/null +++ b/manifests/daemon/params.pp @@ -0,0 +1,18 @@ +# setup variables for different distributions +class tor::daemon::params { + + case $osfamily { + 'RedHat': { + $user = 'toranon' + $group = 'toranon' + $manage_user = false + } + 'Debian': { + $user = 'debian-tor' + $group = 'debian-tor' + $manage_user = true + } + default: { fail("No support for osfamily ${osfamily}") } + } + +} -- cgit v1.2.3 From 5c4d6c56d9fc0c006e43e4bbeea9d755f44fe10b Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Oct 2016 02:02:43 +0200 Subject: redhat & debian have different modes --- manifests/daemon/base.pp | 2 +- manifests/daemon/params.pp | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 217a122..ec42cb6 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -23,7 +23,7 @@ class tor::daemon::base inherits tor::base { # directories file { $tor::daemon::data_dir: ensure => directory, - mode => '0750', + mode => $tor::daemon::params::data_dir_mode, owner => $tor::daemon::params::user, group => 'root', require => Package['tor'], diff --git a/manifests/daemon/params.pp b/manifests/daemon/params.pp index b2d8e34..0c35cd6 100644 --- a/manifests/daemon/params.pp +++ b/manifests/daemon/params.pp @@ -3,14 +3,16 @@ class tor::daemon::params { case $osfamily { 'RedHat': { - $user = 'toranon' - $group = 'toranon' - $manage_user = false + $user = 'toranon' + $group = 'toranon' + $manage_user = false + $data_dir_mode = '0750' } 'Debian': { - $user = 'debian-tor' - $group = 'debian-tor' - $manage_user = true + $user = 'debian-tor' + $group = 'debian-tor' + $manage_user = true + $data_dir_mode = '0700' } default: { fail("No support for osfamily ${osfamily}") } } -- cgit v1.2.3 From c87feabd8cb4351fd1c5d6abb574c58a6f2f8dc5 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Oct 2016 02:28:57 +0200 Subject: linting --- manifests/daemon/base.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index ec42cb6..24a8278 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -39,11 +39,11 @@ class tor::daemon::base inherits tor::base { # tor configuration file concat { $tor::daemon::config_file: - mode => '0600', - owner => 'root', - group => 'root', + mode => '0600', + owner => 'root', + group => 'root', require => Package['tor'], - notify => Service['tor'], + notify => Service['tor'], } # config file headers -- cgit v1.2.3 From 6f1172ec053a1c095624d73aa9f0f020c36ca1ed Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 14 Oct 2016 05:02:00 +0200 Subject: that the tor daemon can actually reread its config, so it must be readable by the user running it --- manifests/daemon/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 24a8278..335c5e4 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -39,9 +39,9 @@ class tor::daemon::base inherits tor::base { # tor configuration file concat { $tor::daemon::config_file: - mode => '0600', + mode => '0640', owner => 'root', - group => 'root', + group => $tor::daemon::params::group, require => Package['tor'], notify => Service['tor'], } -- cgit v1.2.3 From 914df896d915cea5acade2732526d3bbc75b176d Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 1 Nov 2016 21:29:31 +0100 Subject: make it possible to also add pregenerated private keys for onion services or even let them pregenerate on the fly --- manifests/daemon/hidden_service.pp | 48 +++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index cf316b5..895fc53 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -1,14 +1,56 @@ # hidden services definition define tor::daemon::hidden_service( - $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), order => '05', target => $tor::daemon::config_file, } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => $tor::daemon::params::data_dir_mode, + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } } -- cgit v1.2.3 From a51345c154ed58731eef7719492e492953c2531c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 15:11:11 +0100 Subject: make sure the onionservice directory has the right mode --- manifests/daemon/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 895fc53..1519b56 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -36,7 +36,7 @@ define tor::daemon::hidden_service( recurse => true, owner => $tor::daemon::params::user, group => $tor::daemon::params::group, - mode => $tor::daemon::params::data_dir_mode, + mode => '0600', require => Package['tor']; "${data_dir_path}/private_key": content => $real_private_key, -- cgit v1.2.3 From 34ef388fcfc92d37faad08ca9216d787a53e186c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 15:17:40 +0100 Subject: rename hidden service to onion service to follow the new naming conventions --- manifests/daemon/hidden_service.pp | 56 -------------------------------------- manifests/daemon/onions_service.pp | 56 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 56 deletions(-) delete mode 100644 manifests/daemon/hidden_service.pp create mode 100644 manifests/daemon/onions_service.pp (limited to 'manifests/daemon') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp deleted file mode 100644 index 1519b56..0000000 --- a/manifests/daemon/hidden_service.pp +++ /dev/null @@ -1,56 +0,0 @@ -# hidden services definition -define tor::daemon::hidden_service( - $ensure = present, - $ports = [], - $data_dir = $tor::daemon::data_dir, - $private_key = undef, - $private_key_name = $name, - $private_key_store_path = undef, -) { - - $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, - content => template('tor/torrc.hidden_service.erb'), - order => '05', - target => $tor::daemon::config_file, - } - if $private_key or ($private_key_name and $private_key_store_path) { - if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") - } - if $private_key_store_path and $private_key_name { - $tmp = generate_onion_key($private_key_store_path,$private_key_name) - $os_hostname = $tmp[0] - $real_private_key = $tmp[1] - } else { - $os_hostname = onion_address($private_key) - $real_private_key = $private_key - } - file{ - $data_dir_path: - ensure => directory, - purge => true, - force => true, - recurse => true, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - require => Package['tor']; - "${data_dir_path}/private_key": - content => $real_private_key, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - "${data_dir_path}/hostname": - content => "${os_hostname}.onion\n", - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - } - } -} - diff --git a/manifests/daemon/onions_service.pp b/manifests/daemon/onions_service.pp new file mode 100644 index 0000000..2625521 --- /dev/null +++ b/manifests/daemon/onions_service.pp @@ -0,0 +1,56 @@ +# onion services definition +define tor::daemon::onion_service( + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + ensure => $ensure, + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } +} + -- cgit v1.2.3 From d91d70dd378a4a91c740b03b0852432ef128b24a Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 18:52:39 +0100 Subject: store key & hostname --- manifests/daemon/onion_service.pp | 56 ++++++++++++++++++++++++++++++++++++++ manifests/daemon/onions_service.pp | 56 -------------------------------------- 2 files changed, 56 insertions(+), 56 deletions(-) create mode 100644 manifests/daemon/onion_service.pp delete mode 100644 manifests/daemon/onions_service.pp (limited to 'manifests/daemon') diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp new file mode 100644 index 0000000..2625521 --- /dev/null +++ b/manifests/daemon/onion_service.pp @@ -0,0 +1,56 @@ +# onion services definition +define tor::daemon::onion_service( + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + ensure => $ensure, + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } +} + diff --git a/manifests/daemon/onions_service.pp b/manifests/daemon/onions_service.pp deleted file mode 100644 index 2625521..0000000 --- a/manifests/daemon/onions_service.pp +++ /dev/null @@ -1,56 +0,0 @@ -# onion services definition -define tor::daemon::onion_service( - $ensure = present, - $ports = [], - $data_dir = $tor::daemon::data_dir, - $private_key = undef, - $private_key_name = $name, - $private_key_store_path = undef, -) { - - $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.onion_service.${name}": - ensure => $ensure, - content => template('tor/torrc.onion_service.erb'), - order => '05', - target => $tor::daemon::config_file, - } - if $private_key or ($private_key_name and $private_key_store_path) { - if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") - } - if $private_key_store_path and $private_key_name { - $tmp = generate_onion_key($private_key_store_path,$private_key_name) - $os_hostname = $tmp[0] - $real_private_key = $tmp[1] - } else { - $os_hostname = onion_address($private_key) - $real_private_key = $private_key - } - file{ - $data_dir_path: - ensure => directory, - purge => true, - force => true, - recurse => true, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - require => Package['tor']; - "${data_dir_path}/private_key": - content => $real_private_key, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - "${data_dir_path}/hostname": - content => "${os_hostname}.onion\n", - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - } - } -} - -- cgit v1.2.3 From 1fcbe72115d57d53fced2777c8b54a4ee4ec17e9 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 30 Aug 2017 18:30:12 +0200 Subject: make it work with newer concat module --- manifests/daemon/base.pp | 1 - manifests/daemon/bridge.pp | 15 ++++++++------- manifests/daemon/control.pp | 26 ++++++++++++++------------ manifests/daemon/directory.pp | 15 ++++++++------- manifests/daemon/dns.pp | 15 ++++++++------- manifests/daemon/exit_policy.pp | 15 ++++++++------- manifests/daemon/map_address.pp | 15 ++++++++------- manifests/daemon/onion_service.pp | 17 +++++++++-------- manifests/daemon/relay.pp | 26 ++++++++++++++------------ manifests/daemon/snippet.pp | 14 ++++++++------ manifests/daemon/socks.pp | 4 ++-- manifests/daemon/transparent.pp | 14 ++++++++------ 12 files changed, 95 insertions(+), 82 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 335c5e4..86156af 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -48,7 +48,6 @@ class tor::daemon::base inherits tor::base { # config file headers concat::fragment { '00.header': - ensure => present, content => template('tor/torrc.header.erb'), order => '00', target => $tor::daemon::config_file, diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index a9a21d4..e09f4f7 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -3,13 +3,14 @@ define tor::daemon::bridge( $ip, $port, $fingerprint = false, - $ensure = present ) { - - concat::fragment { "10.bridge.${name}": - ensure => $ensure, - content => template('tor/torrc.bridge.erb'), - order => '10', - target => $tor::daemon::config_file, + $ensure = 'present', +) { + if $ensure == 'present' { + concat::fragment { "10.bridge.${name}": + content => template('tor/torrc.bridge.erb'), + order => '10', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 5e81c65..027a49d 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -1,24 +1,26 @@ # control definition define tor::daemon::control( + $ensure = 'present', $port = 0, $hashed_control_password = '', $cookie_authentication = 0, $cookie_auth_file = '', $cookie_auth_file_group_readable = '', - $ensure = present ) { +) { - if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { - fail('You need to define the tor control password') - } + if $ensure == 'present' { + if $cookie_authentication == '0' and $hashed_control_password == '' { + fail('You need to define the tor control password') + } - if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { - notice('You set a tor cookie authentication option, but do not have cookie_authentication on') - } + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + notice('You set a tor cookie authentication option, but do not have cookie_authentication on') + } - concat::fragment { '04.control': - ensure => $ensure, - content => template('tor/torrc.control.erb'), - order => '04', - target => $tor::daemon::config_file, + concat::fragment { '04.control': + content => template('tor/torrc.control.erb'), + order => '04', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index 4dc2afa..3bbf273 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -1,15 +1,16 @@ # directory advertising define tor::daemon::directory ( + $ensure = 'present', $port = 0, $listen_addresses = [], $port_front_page = '/etc/tor/tor-exit-notice.html', - $ensure = present ) { - - concat::fragment { '06.directory': - ensure => $ensure, - content => template('tor/torrc.directory.erb'), - order => '06', - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { '06.directory': + content => template('tor/torrc.directory.erb'), + order => '06', + target => $tor::daemon::config_file, + } } include ::tor::daemon::params diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index e8d4fc8..3ae8c77 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,14 +1,15 @@ # DNS definition define tor::daemon::dns( + $ensure = 'present', $port = 0, $listen_addresses = [], - $ensure = present ) { - - concat::fragment { "08.dns.${name}": - ensure => $ensure, - content => template('tor/torrc.dns.erb'), - order => '08', - target => $tor::daemon::config_file, +){ + if $ensure == 'present' { + concat::fragment { "08.dns.${name}": + content => template('tor/torrc.dns.erb'), + order => '08', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index 5f4d3e8..62876c7 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -1,15 +1,16 @@ # exit policies define tor::daemon::exit_policy( + $ensure = 'present', $accept = [], $reject = [], $reject_private = 1, - $ensure = present ) { - - concat::fragment { "07.exit_policy.${name}": - ensure => $ensure, - content => template('tor/torrc.exit_policy.erb'), - order => '07', - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { "07.exit_policy.${name}": + content => template('tor/torrc.exit_policy.erb'), + order => '07', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index ac624a0..ca21ed9 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -1,14 +1,15 @@ # map address definition define tor::daemon::map_address( + $ensure = 'present', $address = '', $newaddress = '', - $ensure = 'present') { - - concat::fragment { "08.map_address.${name}": - ensure => $ensure, - content => template('tor/torrc.map_address.erb'), - order => '08', - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { "08.map_address.${name}": + content => template('tor/torrc.map_address.erb'), + order => '08', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp index 2625521..9d12a3a 100644 --- a/manifests/daemon/onion_service.pp +++ b/manifests/daemon/onion_service.pp @@ -1,6 +1,6 @@ # onion services definition define tor::daemon::onion_service( - $ensure = present, + $ensure = 'present', $ports = [], $data_dir = $tor::daemon::data_dir, $private_key = undef, @@ -9,16 +9,17 @@ define tor::daemon::onion_service( ) { $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.onion_service.${name}": - ensure => $ensure, - content => template('tor/torrc.onion_service.erb'), - order => '05', - target => $tor::daemon::config_file, + if $ensure == 'present' { + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } } if $private_key or ($private_key_name and $private_key_store_path) { if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + fail('Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them') } if $private_key_store_path and $private_key_name { $tmp = generate_onion_key($private_key_store_path,$private_key_name) diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 4fa303d..68e06ca 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -1,5 +1,6 @@ # relay definition define tor::daemon::relay( + $ensure = 'present', $port = 0, $listen_addresses = [], $outbound_bindaddresses = [], @@ -20,20 +21,21 @@ define tor::daemon::relay( $my_family = '', $address = "tor.${::domain}", $bridge_relay = 0, - $ensure = present ) { +) { - $nickname = $name + if $ensure == 'present' { + $nickname = $name - if $outbound_bindaddresses == [] { - $real_outbound_bindaddresses = [] - } else { - $real_outbound_bindaddresses = $outbound_bindaddresses - } + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = [] + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } - concat::fragment { '03.relay': - ensure => $ensure, - content => template('tor/torrc.relay.erb'), - order => '03', - target => $tor::daemon::config_file, + concat::fragment { '03.relay': + content => template('tor/torrc.relay.erb'), + order => '03', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 1f22d0c..195ed77 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -1,13 +1,15 @@ # Arbitrary torrc snippet definition define tor::daemon::snippet( + $ensure = 'present', $content = '', - $ensure = present ) { +) { - concat::fragment { "99.snippet.${name}": - ensure => $ensure, - content => $content, - order => '99', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { "99.snippet.${name}": + content => $content, + order => '99', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 17ce40b..43256ae 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -2,8 +2,8 @@ define tor::daemon::socks( $port = 0, $listen_addresses = [], - $policies = [] ) { - + $policies = [], +) { concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), order => '02', diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 6ac7b44..49f9e70 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,14 +1,16 @@ # Transparent proxy definition define tor::daemon::transparent( + $ensure = 'present', $port = 0, $listen_addresses = [], - $ensure = present ) { +) { - concat::fragment { "09.transparent.${name}": - ensure => $ensure, - content => template('tor/torrc.transparent.erb'), - order => '09', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { "09.transparent.${name}": + content => template('tor/torrc.transparent.erb'), + order => '09', + target => $tor::daemon::config_file, + } } } -- cgit v1.2.3 From 328f4d0dc3ca258a1b605b75fa9f285d34bc47d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 2 Feb 2018 13:45:52 -0500 Subject: [lint] single quotes should be used when no vars are present in a string --- manifests/daemon/relay.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index fa908f5..9ba2323 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -13,7 +13,7 @@ define tor::daemon::relay( $relay_bandwidth_burst = 0, # GB, 0 for no limit $accounting_max = 0, - $accounting_start = "month 1 0:00", + $accounting_start = 'month 1 0:00', $contact_info = '', # TODO: autofill with other relays $my_family = '', -- cgit v1.2.3 From ff149a1c48e988f2c8ad8e69b582b0c6c0895401 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 23 Feb 2018 23:30:01 +0100 Subject: keep the syntax of config snippes consistent --- manifests/daemon/socks.pp | 13 ++++++++----- manifests/daemon/transport_plugin.pp | 15 +++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) (limited to 'manifests/daemon') diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 76c1703..e36d91e 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -1,11 +1,14 @@ # socks definition define tor::daemon::socks( - $port = 0, + $ensure = 'present', + $port = 0, $policies = [], ) { - concat::fragment { '02.socks': - content => template('tor/torrc.socks.erb'), - order => '02', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { '02.socks': + content => template('tor/torrc.socks.erb'), + order => '02', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index 1921282..4f7bbf2 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -1,13 +1,16 @@ # transport plugin define tor::daemon::transport_plugin( + $ensure = 'present', $servertransport_plugin = '', $servertransport_listenaddr = '', $servertransport_options = '', - $ext_port = '' ) { - - concat::fragment { '11.transport_plugin': - content => template('tor/torrc.transport_plugin.erb'), - order => 11, - target => $tor::daemon::config_file, + $ext_port = '', +) { + if $ensure == 'present' { + concat::fragment { '11.transport_plugin': + content => template('tor/torrc.transport_plugin.erb'), + order => 11, + target => $tor::daemon::config_file, + } } } -- cgit v1.2.3