From 3cf7362f383d2cfa705c3897f6199087c5ddb033 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 15 Mar 2015 12:27:18 +0100 Subject: exchange connections munin plugin tor_connections started blocking and I wasn't able to find the root cause for it nor an updated version of the plugin. This also blocked munin itself, which had the issue that the node disappeared within munin. Based on https://lists.torproject.org/pipermail/tor-talk/2006-June/010486.html it seems to more or less match the open filedescriptors and hence we monitor rather this than rely on a unmanageable plugin. The only drawback is that this must run as root, as non-root users can't read the filedescriptors from proc. --- manifests/munin.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/munin.pp b/manifests/munin.pp index 4412337..ef71f57 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -11,8 +11,9 @@ class tor::munin { config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" } munin::plugin::deploy { - 'tor_connections': - source => 'tor/munin/tor_connections'; + 'tor_openfds': + config => 'user root', + source => 'tor/munin/tor_openfds'; 'tor_routers': source => 'tor/munin/tor_routers'; 'tor_traffic': -- cgit v1.2.3 From 76e6ee3e854f5efd018dedc15af14d62e7f4549e Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:05:43 +0200 Subject: setting owner, group & mode is not supported by latest concat module --- manifests/daemon/base.pp | 6 ------ manifests/daemon/bridge.pp | 3 --- manifests/daemon/control.pp | 3 --- manifests/daemon/directory.pp | 3 --- manifests/daemon/dns.pp | 3 --- manifests/daemon/exit_policy.pp | 3 --- manifests/daemon/hidden_service.pp | 3 --- manifests/daemon/map_address.pp | 3 --- manifests/daemon/relay.pp | 3 --- manifests/daemon/snippet.pp | 3 --- manifests/daemon/socks.pp | 3 --- manifests/daemon/transparent.pp | 3 --- 12 files changed, 39 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 63d7bc4..e687a67 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -58,9 +58,6 @@ class tor::daemon::base inherits tor::base { concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 00, target => $tor::daemon::config_file, } @@ -68,9 +65,6 @@ class tor::daemon::base inherits tor::base { # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 01, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 063f565..83d74e0 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -8,9 +8,6 @@ define tor::daemon::bridge( concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 10, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 0172656..001e2b2 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -18,9 +18,6 @@ define tor::daemon::control( concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0600', order => 04, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index d877a86..e2e405d 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -8,9 +8,6 @@ define tor::daemon::directory ( concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 06, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index f3a7027..95e62d8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -7,9 +7,6 @@ define tor::daemon::dns( concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 08, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index f459ece..df0fb99 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -8,9 +8,6 @@ define tor::daemon::exit_policy( concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 07, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index c827211..b54aa44 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,9 +7,6 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 05, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index cfbd3da..d41ccea 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -7,9 +7,6 @@ define tor::daemon::map_address( concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 08, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 3ef8602..8150f63 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -33,9 +33,6 @@ define tor::daemon::relay( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 03, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index b9089b4..7e1494c 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -6,9 +6,6 @@ define tor::daemon::snippet( concat::fragment { "99.snippet.${name}": ensure => $ensure, content => $content, - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 99, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 910461c..54c8b6a 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -6,9 +6,6 @@ define tor::daemon::socks( concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 02, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 74fed4f..b5e9bc5 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -7,9 +7,6 @@ define tor::daemon::transparent( concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 09, target => $tor::daemon::config_file, } -- cgit v1.2.3 From a51a51fe181a7fc6cc1f23e742078cbeed740658 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:17:25 +0200 Subject: make it work with latest concat module --- manifests/daemon/base.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index e687a67..9cfcc50 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -1,10 +1,7 @@ # extend basic tor things with a snippet based daemon configuration class tor::daemon::base inherits tor::base { - # packages, user, group - Service['tor'] { - subscribe => File[$tor::daemon::config_file], - } + # packages, user, group Package[ 'tor' ] { require => File[$tor::daemon::data_dir], } @@ -52,6 +49,7 @@ class tor::daemon::base inherits tor::base { mode => '0600', owner => 'debian-tor', group => 'debian-tor', + notify => Service['tor'], } # config file headers -- cgit v1.2.3 From 28b9509b148675d48e721c069491735b8141aff2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Apr 2015 23:19:33 +0200 Subject: linting --- manifests/daemon/base.pp | 4 ++-- manifests/daemon/bridge.pp | 2 +- manifests/daemon/control.pp | 2 +- manifests/daemon/directory.pp | 2 +- manifests/daemon/dns.pp | 2 +- manifests/daemon/exit_policy.pp | 2 +- manifests/daemon/hidden_service.pp | 2 +- manifests/daemon/map_address.pp | 2 +- manifests/daemon/relay.pp | 2 +- manifests/daemon/snippet.pp | 2 +- manifests/daemon/socks.pp | 2 +- manifests/daemon/transparent.pp | 2 +- 12 files changed, 13 insertions(+), 13 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 9cfcc50..5db3e31 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -56,14 +56,14 @@ class tor::daemon::base inherits tor::base { concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - order => 00, + order => '00', target => $tor::daemon::config_file, } # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - order => 01, + order => '01', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 83d74e0..a9a21d4 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -8,7 +8,7 @@ define tor::daemon::bridge( concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - order => 10, + order => '10', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 001e2b2..5e81c65 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -18,7 +18,7 @@ define tor::daemon::control( concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - order => 04, + order => '04', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index e2e405d..8a90899 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -8,7 +8,7 @@ define tor::daemon::directory ( concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - order => 06, + order => '06', target => $tor::daemon::config_file, } diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index 95e62d8..e8d4fc8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -7,7 +7,7 @@ define tor::daemon::dns( concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - order => 08, + order => '08', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index df0fb99..5f4d3e8 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -8,7 +8,7 @@ define tor::daemon::exit_policy( concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - order => 07, + order => '07', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index b54aa44..cf316b5 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,7 +7,7 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - order => 05, + order => '05', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index d41ccea..ac624a0 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -7,7 +7,7 @@ define tor::daemon::map_address( concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - order => 08, + order => '08', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 8150f63..5eae618 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -33,7 +33,7 @@ define tor::daemon::relay( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - order => 03, + order => '03', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 7e1494c..1f22d0c 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -6,7 +6,7 @@ define tor::daemon::snippet( concat::fragment { "99.snippet.${name}": ensure => $ensure, content => $content, - order => 99, + order => '99', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 54c8b6a..17ce40b 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -6,7 +6,7 @@ define tor::daemon::socks( concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - order => 02, + order => '02', target => $tor::daemon::config_file, } } diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index b5e9bc5..6ac7b44 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -7,7 +7,7 @@ define tor::daemon::transparent( concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - order => 09, + order => '09', target => $tor::daemon::config_file, } } -- cgit v1.2.3 From d08f07eae13d02431b1c4142634f49e978b551de Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 4 Sep 2016 21:00:45 +0200 Subject: make module also work on EL7 * user is different * user must not be managed * make access more safe, it doesn't make sense that the user running the daemon owns the config, nor the config directory. --- manifests/base.pp | 9 ++++++- manifests/daemon/base.pp | 56 +++++++++++++++++++------------------------ manifests/daemon/directory.pp | 5 ++-- manifests/daemon/params.pp | 18 ++++++++++++++ manifests/munin.pp | 3 ++- 5 files changed, 56 insertions(+), 35 deletions(-) create mode 100644 manifests/daemon/params.pp (limited to 'manifests') diff --git a/manifests/base.pp b/manifests/base.pp index b98451b..31b9edb 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,8 +1,15 @@ # basic management of resources for tor class tor::base { - package { [ 'tor', 'tor-geoipdb' ]: + package {'tor': ensure => $tor::ensure_version, } + case $osfamily { + 'Debian': { + package {'tor-geoipdb': + ensure => $tor::ensure_version, + } + } + } service { 'tor': ensure => running, diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 5db3e31..217a122 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -1,54 +1,48 @@ # extend basic tor things with a snippet based daemon configuration class tor::daemon::base inherits tor::base { - # packages, user, group - Package[ 'tor' ] { - require => File[$tor::daemon::data_dir], - } + include ::tor::daemon::params - group { 'debian-tor': - ensure => present, - allowdupe => false, - } + if $tor::daemon::params::manage_user { + group { $tor::daemon::params::group: + ensure => present, + allowdupe => false, + } - user { 'debian-tor': - ensure => present, - allowdupe => false, - comment => 'tor user,,,', - home => $tor::daemon::data_dir, - shell => '/bin/false', - gid => 'debian-tor', - require => Group['debian-tor'], + user { $tor::daemon::params::user: + ensure => present, + allowdupe => false, + comment => 'tor user,,,', + home => $tor::daemon::data_dir, + shell => '/bin/false', + gid => $tor::daemon::params::group, + require => Group[$tor::daemon::params::group], + } } # directories file { $tor::daemon::data_dir: ensure => directory, - mode => '0700', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], + mode => '0750', + owner => $tor::daemon::params::user, + group => 'root', + require => Package['tor'], } file { '/etc/tor': ensure => directory, mode => '0755', - owner => 'debian-tor', - group => 'debian-tor', - require => User['debian-tor'], - } - - file { '/var/lib/puppet/modules/tor': - ensure => absent, - recurse => true, - force => true, + owner => 'root', + group => 'root', + require => Package['tor'], } # tor configuration file concat { $tor::daemon::config_file: mode => '0600', - owner => 'debian-tor', - group => 'debian-tor', + owner => 'root', + group => 'root', + require => Package['tor'], notify => Service['tor'], } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index 8a90899..4dc2afa 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -12,12 +12,13 @@ define tor::daemon::directory ( target => $tor::daemon::config_file, } + include ::tor::daemon::params file { '/etc/tor/tor-exit-notice.html': ensure => $ensure, source => 'puppet:///modules/tor/tor-exit-notice.html', require => File['/etc/tor'], - owner => 'debian-tor', - group => 'debian-tor', + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, mode => '0644', } } diff --git a/manifests/daemon/params.pp b/manifests/daemon/params.pp new file mode 100644 index 0000000..b2d8e34 --- /dev/null +++ b/manifests/daemon/params.pp @@ -0,0 +1,18 @@ +# setup variables for different distributions +class tor::daemon::params { + + case $osfamily { + 'RedHat': { + $user = 'toranon' + $group = 'toranon' + $manage_user = false + } + 'Debian': { + $user = 'debian-tor' + $group = 'debian-tor' + $manage_user = true + } + default: { fail("No support for osfamily ${osfamily}") } + } + +} diff --git a/manifests/munin.pp b/manifests/munin.pp index ef71f57..1b043f1 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -7,8 +7,9 @@ class tor::munin { cookie_auth_file => '/var/run/tor/control.authcookie', } + include ::tor::daemon::params Munin::Plugin::Deploy { - config => "user debian-tor\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" + config => "user ${tor::daemon::params::user}\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" } munin::plugin::deploy { 'tor_openfds': -- cgit v1.2.3 From 5c4d6c56d9fc0c006e43e4bbeea9d755f44fe10b Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Oct 2016 02:02:43 +0200 Subject: redhat & debian have different modes --- manifests/daemon/base.pp | 2 +- manifests/daemon/params.pp | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 217a122..ec42cb6 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -23,7 +23,7 @@ class tor::daemon::base inherits tor::base { # directories file { $tor::daemon::data_dir: ensure => directory, - mode => '0750', + mode => $tor::daemon::params::data_dir_mode, owner => $tor::daemon::params::user, group => 'root', require => Package['tor'], diff --git a/manifests/daemon/params.pp b/manifests/daemon/params.pp index b2d8e34..0c35cd6 100644 --- a/manifests/daemon/params.pp +++ b/manifests/daemon/params.pp @@ -3,14 +3,16 @@ class tor::daemon::params { case $osfamily { 'RedHat': { - $user = 'toranon' - $group = 'toranon' - $manage_user = false + $user = 'toranon' + $group = 'toranon' + $manage_user = false + $data_dir_mode = '0750' } 'Debian': { - $user = 'debian-tor' - $group = 'debian-tor' - $manage_user = true + $user = 'debian-tor' + $group = 'debian-tor' + $manage_user = true + $data_dir_mode = '0700' } default: { fail("No support for osfamily ${osfamily}") } } -- cgit v1.2.3 From c87feabd8cb4351fd1c5d6abb574c58a6f2f8dc5 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Oct 2016 02:28:57 +0200 Subject: linting --- manifests/daemon/base.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index ec42cb6..24a8278 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -39,11 +39,11 @@ class tor::daemon::base inherits tor::base { # tor configuration file concat { $tor::daemon::config_file: - mode => '0600', - owner => 'root', - group => 'root', + mode => '0600', + owner => 'root', + group => 'root', require => Package['tor'], - notify => Service['tor'], + notify => Service['tor'], } # config file headers -- cgit v1.2.3 From 6f1172ec053a1c095624d73aa9f0f020c36ca1ed Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 14 Oct 2016 05:02:00 +0200 Subject: that the tor daemon can actually reread its config, so it must be readable by the user running it --- manifests/daemon/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 24a8278..335c5e4 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -39,9 +39,9 @@ class tor::daemon::base inherits tor::base { # tor configuration file concat { $tor::daemon::config_file: - mode => '0600', + mode => '0640', owner => 'root', - group => 'root', + group => $tor::daemon::params::group, require => Package['tor'], notify => Service['tor'], } -- cgit v1.2.3 From 40ad50af8fb8c27a1000b335617573cffa1b4340 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 14 Oct 2016 20:18:50 +0200 Subject: support repo for RedHat based systems --- manifests/repo.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'manifests') diff --git a/manifests/repo.pp b/manifests/repo.pp index f625599..7637f61 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -9,6 +9,9 @@ class tor::repo ( $location = 'https://deb.torproject.org/torproject.org/' class { 'tor::repo::debian': } } + 'RedHat': { + # no need as EPEL is the relevant reference + } default: { fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily Debian and Ubuntu") } -- cgit v1.2.3 From 83eeff12c4eefc0847eca0f3357f03ffadd70daa Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 14 Oct 2016 20:19:25 +0200 Subject: linting --- manifests/repo.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/repo.pp b/manifests/repo.pp index 7637f61..6770feb 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,3 +1,4 @@ +# add upstream repositories of torproject class tor::repo ( $ensure = present, $source_name = 'torproject.org', -- cgit v1.2.3 From 720c1670750345e8c361219a58c2722a603e26bb Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 1 Nov 2016 20:26:20 +0100 Subject: add support for onionbalance --- manifests/onionbalance.pp | 81 ++++++++++++++++++++++++++++++++++++++++++ manifests/onionbalance/key.pp | 25 +++++++++++++ manifests/onionbalance/keys.pp | 11 ++++++ 3 files changed, 117 insertions(+) create mode 100644 manifests/onionbalance.pp create mode 100644 manifests/onionbalance/key.pp create mode 100644 manifests/onionbalance/keys.pp (limited to 'manifests') diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp new file mode 100644 index 0000000..34831d3 --- /dev/null +++ b/manifests/onionbalance.pp @@ -0,0 +1,81 @@ +# manages an onionbalance installation +# +# Parameters: +# +# services: a hash of onionbalance service instances +# services => { +# keyname_of_service1 => { +# name1 => onionservice_addr_3, +# name2 => onionservice_addr_2, +# _key_content => content_of_key_of_onionbalanced_service1, +# }, +# } +# +class tor::onionbalance( + $services, +) { + + include ::tor + + case $osfamily { + 'Debian': { + $pkg_name = 'onionbalance' + $instance_file = '/etc/tor/instances/onionbalance/torrc' + $instance_user = '_tor-onionbalance' + exec{'/usr/sbin/tor-instance-create onionbalance': + creates => '/etc/tor/instances/onionbalance', + require => Package['tor'], + before => File[$instance_file], + } -> augeas{"manage_onionbalance_in_group_${instance_user}": + context => '/files/etc/group', + changes => [ "set ${instance_user}/user[last()+1] onionbalance" ], + onlyif => "match ${instance_user}/*[../user='onionbalance'] size == 0", + require => Package['onionbalance'], + } + } + 'RedHat': { + $instance_file = '/etc/tor/onionbalance.torrc' + $instance_user = 'toranon' + $pkg_name = 'python2-onionbalance' + } + default: { + fail("OSFamily ${osfamily} not (yet) supported for onionbalance") + } + } + + package{$pkg_name: + ensure => 'installed', + tag => 'onionbalance', + } -> file{ + '/etc/onionbalance/config.yaml': + content => template('tor/onionbalance/config.yaml.erb'), + owner => root, + group => $instance_user, + mode => '0640', + notify => Service['onionbalance']; + $instance_file: + content => template("tor/onionbalance/${osfamily}.torrc.erb"), + owner => root, + group => 0, + mode => '0644', + require => Package['tor'], + notify => Service['tor@onionbalance'], + } + + tor::onionbalance::keys{ + keys($services): + values => $services, + group => $instance_user, + } + + service{ + 'tor@onionbalance': + ensure => running, + enable => true; + 'onionbalance': + ensure => running, + enable => true, + subscribe => Service['tor@onionbalance']; + } + +} diff --git a/manifests/onionbalance/key.pp b/manifests/onionbalance/key.pp new file mode 100644 index 0000000..e0016fc --- /dev/null +++ b/manifests/onionbalance/key.pp @@ -0,0 +1,25 @@ +# manage onionbalance keys +# +# key_content will be treated as path +# to a file containing the key content +# if the value starts with a / +# +define tor::onionbalance::key( + $key_content, + $group, +){ + + if $key_content =~ /^\// { + $content = file($key_content) + } else { + $content = $key_content + } + Package<| tag == 'onionbalance' |> -> file{ + "/etc/onionbalance/${name}.key": + content => $content, + owner => root, + group => $group, + mode => '0640', + notify => Service['onionbalance']; + } +} diff --git a/manifests/onionbalance/keys.pp b/manifests/onionbalance/keys.pp new file mode 100644 index 0000000..e3040f5 --- /dev/null +++ b/manifests/onionbalance/keys.pp @@ -0,0 +1,11 @@ +# a wrapper to manage onionbalance keys +define tor::onionbalance::keys( + $values, + $group, +) { + tor::onionbalance::key{ + $name: + key_content => $values[$name]['_key_content'], + group => $group, + } +} -- cgit v1.2.3 From 914df896d915cea5acade2732526d3bbc75b176d Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 1 Nov 2016 21:29:31 +0100 Subject: make it possible to also add pregenerated private keys for onion services or even let them pregenerate on the fly --- manifests/daemon/hidden_service.pp | 48 +++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index cf316b5..895fc53 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -1,14 +1,56 @@ # hidden services definition define tor::daemon::hidden_service( - $ports = [], - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), order => '05', target => $tor::daemon::config_file, } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => $tor::daemon::params::data_dir_mode, + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } } -- cgit v1.2.3 From a51345c154ed58731eef7719492e492953c2531c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 15:11:11 +0100 Subject: make sure the onionservice directory has the right mode --- manifests/daemon/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 895fc53..1519b56 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -36,7 +36,7 @@ define tor::daemon::hidden_service( recurse => true, owner => $tor::daemon::params::user, group => $tor::daemon::params::group, - mode => $tor::daemon::params::data_dir_mode, + mode => '0600', require => Package['tor']; "${data_dir_path}/private_key": content => $real_private_key, -- cgit v1.2.3 From 34ef388fcfc92d37faad08ca9216d787a53e186c Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 15:17:40 +0100 Subject: rename hidden service to onion service to follow the new naming conventions --- manifests/daemon/hidden_service.pp | 56 -------------------------------------- manifests/daemon/onions_service.pp | 56 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 56 deletions(-) delete mode 100644 manifests/daemon/hidden_service.pp create mode 100644 manifests/daemon/onions_service.pp (limited to 'manifests') diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp deleted file mode 100644 index 1519b56..0000000 --- a/manifests/daemon/hidden_service.pp +++ /dev/null @@ -1,56 +0,0 @@ -# hidden services definition -define tor::daemon::hidden_service( - $ensure = present, - $ports = [], - $data_dir = $tor::daemon::data_dir, - $private_key = undef, - $private_key_name = $name, - $private_key_store_path = undef, -) { - - $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, - content => template('tor/torrc.hidden_service.erb'), - order => '05', - target => $tor::daemon::config_file, - } - if $private_key or ($private_key_name and $private_key_store_path) { - if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") - } - if $private_key_store_path and $private_key_name { - $tmp = generate_onion_key($private_key_store_path,$private_key_name) - $os_hostname = $tmp[0] - $real_private_key = $tmp[1] - } else { - $os_hostname = onion_address($private_key) - $real_private_key = $private_key - } - file{ - $data_dir_path: - ensure => directory, - purge => true, - force => true, - recurse => true, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - require => Package['tor']; - "${data_dir_path}/private_key": - content => $real_private_key, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - "${data_dir_path}/hostname": - content => "${os_hostname}.onion\n", - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - } - } -} - diff --git a/manifests/daemon/onions_service.pp b/manifests/daemon/onions_service.pp new file mode 100644 index 0000000..2625521 --- /dev/null +++ b/manifests/daemon/onions_service.pp @@ -0,0 +1,56 @@ +# onion services definition +define tor::daemon::onion_service( + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + ensure => $ensure, + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } +} + -- cgit v1.2.3 From d91d70dd378a4a91c740b03b0852432ef128b24a Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 4 Nov 2016 18:52:39 +0100 Subject: store key & hostname --- manifests/daemon/onion_service.pp | 56 ++++++++++++++++++++++++++++++++++++++ manifests/daemon/onions_service.pp | 56 -------------------------------------- 2 files changed, 56 insertions(+), 56 deletions(-) create mode 100644 manifests/daemon/onion_service.pp delete mode 100644 manifests/daemon/onions_service.pp (limited to 'manifests') diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp new file mode 100644 index 0000000..2625521 --- /dev/null +++ b/manifests/daemon/onion_service.pp @@ -0,0 +1,56 @@ +# onion services definition +define tor::daemon::onion_service( + $ensure = present, + $ports = [], + $data_dir = $tor::daemon::data_dir, + $private_key = undef, + $private_key_name = $name, + $private_key_store_path = undef, +) { + + $data_dir_path = "${data_dir}/${name}" + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + ensure => $ensure, + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } + if $private_key or ($private_key_name and $private_key_store_path) { + if $private_key and ($private_key_name and $private_key_store_path) { + fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + } + if $private_key_store_path and $private_key_name { + $tmp = generate_onion_key($private_key_store_path,$private_key_name) + $os_hostname = $tmp[0] + $real_private_key = $tmp[1] + } else { + $os_hostname = onion_address($private_key) + $real_private_key = $private_key + } + file{ + $data_dir_path: + ensure => directory, + purge => true, + force => true, + recurse => true, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + require => Package['tor']; + "${data_dir_path}/private_key": + content => $real_private_key, + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + "${data_dir_path}/hostname": + content => "${os_hostname}.onion\n", + owner => $tor::daemon::params::user, + group => $tor::daemon::params::group, + mode => '0600', + notify => Service['tor']; + } + } +} + diff --git a/manifests/daemon/onions_service.pp b/manifests/daemon/onions_service.pp deleted file mode 100644 index 2625521..0000000 --- a/manifests/daemon/onions_service.pp +++ /dev/null @@ -1,56 +0,0 @@ -# onion services definition -define tor::daemon::onion_service( - $ensure = present, - $ports = [], - $data_dir = $tor::daemon::data_dir, - $private_key = undef, - $private_key_name = $name, - $private_key_store_path = undef, -) { - - $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.onion_service.${name}": - ensure => $ensure, - content => template('tor/torrc.onion_service.erb'), - order => '05', - target => $tor::daemon::config_file, - } - if $private_key or ($private_key_name and $private_key_store_path) { - if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") - } - if $private_key_store_path and $private_key_name { - $tmp = generate_onion_key($private_key_store_path,$private_key_name) - $os_hostname = $tmp[0] - $real_private_key = $tmp[1] - } else { - $os_hostname = onion_address($private_key) - $real_private_key = $private_key - } - file{ - $data_dir_path: - ensure => directory, - purge => true, - force => true, - recurse => true, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - require => Package['tor']; - "${data_dir_path}/private_key": - content => $real_private_key, - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - "${data_dir_path}/hostname": - content => "${os_hostname}.onion\n", - owner => $tor::daemon::params::user, - group => $tor::daemon::params::group, - mode => '0600', - notify => Service['tor']; - } - } -} - -- cgit v1.2.3 From 9899d19553f55fce8ff6f6d790945777a298bacf Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 5 Nov 2016 13:48:01 +0100 Subject: simplify the version requirement, as we don't need to pass that parameter along --- manifests/base.pp | 5 +++-- manifests/daemon.pp | 10 +++------- manifests/init.pp | 2 +- 3 files changed, 7 insertions(+), 10 deletions(-) (limited to 'manifests') diff --git a/manifests/base.pp b/manifests/base.pp index 31b9edb..b5aa7e9 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,12 +1,13 @@ # basic management of resources for tor class tor::base { package {'tor': - ensure => $tor::ensure_version, + ensure => $tor::version, } case $osfamily { 'Debian': { package {'tor-geoipdb': - ensure => $tor::ensure_version, + ensure => $tor::version, + before => Service['tor'], } } } diff --git a/manifests/daemon.pp b/manifests/daemon.pp index 2522b2c..55c881d 100644 --- a/manifests/daemon.pp +++ b/manifests/daemon.pp @@ -1,6 +1,5 @@ # manage a snippet based tor installation class tor::daemon ( - $ensure_version = 'installed', $use_munin = false, $data_dir = '/var/lib/tor', $config_file = '/etc/tor/torrc', @@ -10,13 +9,10 @@ class tor::daemon ( $safe_logging = 1, ) { - class{'tor': - ensure_version => $ensure_version, - } - - include tor::daemon::base + include ::tor + include ::tor::daemon::base if $use_munin { - include tor::munin + include ::tor::munin } } diff --git a/manifests/init.pp b/manifests/init.pp index 9c19c64..ad584aa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,6 +1,6 @@ # manage a basic tor installation class tor ( - $ensure_version = 'installed' + $version = 'installed' ){ include tor::base } -- cgit v1.2.3 From 6deb959721ba5e90d876ff34343c0926730faf7b Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 9 Nov 2016 23:05:37 +0100 Subject: set it to a port allowed by munin --- manifests/munin.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/munin.pp b/manifests/munin.pp index 1b043f1..67e8c57 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -2,18 +2,18 @@ class tor::munin { tor::daemon::control{ 'control_port_for_munin': - port => 19051, + port => 9001, cookie_authentication => 1, cookie_auth_file => '/var/run/tor/control.authcookie', } include ::tor::daemon::params Munin::Plugin::Deploy { - config => "user ${tor::daemon::params::user}\n env.cookiefile /var/run/tor/control.authcookie\n env.port 19051" + config => "user ${tor::daemon::params::user}\n env.cookiefile /var/run/tor/control.authcookie\n env.port 9001" } munin::plugin::deploy { 'tor_openfds': - config => 'user root', + config => 'user root', source => 'tor/munin/tor_openfds'; 'tor_routers': source => 'tor/munin/tor_routers'; -- cgit v1.2.3 From b80f81eb4594ddd4a2a62f21b0c5802e762f8fcc Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 10 Nov 2016 02:13:04 +0100 Subject: make it work with the old parser --- manifests/onionbalance.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp index 34831d3..6a6b476 100644 --- a/manifests/onionbalance.pp +++ b/manifests/onionbalance.pp @@ -62,8 +62,9 @@ class tor::onionbalance( notify => Service['tor@onionbalance'], } + $keys = keys($services) tor::onionbalance::keys{ - keys($services): + $keys: values => $services, group => $instance_user, } -- cgit v1.2.3 From 1a4d240aadb784c065703e790b59ee39863005b3 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 1 Dec 2016 12:26:05 +0100 Subject: torsocks actually needs a daemon --- manifests/torsocks.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp index e9fc75b..9f735d4 100644 --- a/manifests/torsocks.pp +++ b/manifests/torsocks.pp @@ -2,7 +2,7 @@ class tor::torsocks ( $ensure_version = 'installed' ){ - include ::tor + include ::tor::daemon package{'torsocks': ensure => $ensure_version, } -- cgit v1.2.3 From 4ac020202d87afcd69de483a777eff03cef75a4c Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 19 Feb 2017 23:18:19 +0100 Subject: polipo is not supported on EL --- manifests/compact.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/compact.pp b/manifests/compact.pp index c0f5919..e44ffed 100644 --- a/manifests/compact.pp +++ b/manifests/compact.pp @@ -2,6 +2,8 @@ # installation with all the basics class tor::compact { include ::tor - include tor::polipo include tor::torsocks + if $osfamily == 'Debian' { + include tor::polipo + } } -- cgit v1.2.3 From 1fcbe72115d57d53fced2777c8b54a4ee4ec17e9 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 30 Aug 2017 18:30:12 +0200 Subject: make it work with newer concat module --- manifests/daemon/base.pp | 1 - manifests/daemon/bridge.pp | 15 ++++++++------- manifests/daemon/control.pp | 26 ++++++++++++++------------ manifests/daemon/directory.pp | 15 ++++++++------- manifests/daemon/dns.pp | 15 ++++++++------- manifests/daemon/exit_policy.pp | 15 ++++++++------- manifests/daemon/map_address.pp | 15 ++++++++------- manifests/daemon/onion_service.pp | 17 +++++++++-------- manifests/daemon/relay.pp | 26 ++++++++++++++------------ manifests/daemon/snippet.pp | 14 ++++++++------ manifests/daemon/socks.pp | 4 ++-- manifests/daemon/transparent.pp | 14 ++++++++------ 12 files changed, 95 insertions(+), 82 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index 335c5e4..86156af 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -48,7 +48,6 @@ class tor::daemon::base inherits tor::base { # config file headers concat::fragment { '00.header': - ensure => present, content => template('tor/torrc.header.erb'), order => '00', target => $tor::daemon::config_file, diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index a9a21d4..e09f4f7 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -3,13 +3,14 @@ define tor::daemon::bridge( $ip, $port, $fingerprint = false, - $ensure = present ) { - - concat::fragment { "10.bridge.${name}": - ensure => $ensure, - content => template('tor/torrc.bridge.erb'), - order => '10', - target => $tor::daemon::config_file, + $ensure = 'present', +) { + if $ensure == 'present' { + concat::fragment { "10.bridge.${name}": + content => template('tor/torrc.bridge.erb'), + order => '10', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index 5e81c65..027a49d 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -1,24 +1,26 @@ # control definition define tor::daemon::control( + $ensure = 'present', $port = 0, $hashed_control_password = '', $cookie_authentication = 0, $cookie_auth_file = '', $cookie_auth_file_group_readable = '', - $ensure = present ) { +) { - if $cookie_authentication == '0' and $hashed_control_password == '' and $ensure != 'absent' { - fail('You need to define the tor control password') - } + if $ensure == 'present' { + if $cookie_authentication == '0' and $hashed_control_password == '' { + fail('You need to define the tor control password') + } - if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { - notice('You set a tor cookie authentication option, but do not have cookie_authentication on') - } + if $cookie_authentication == 0 and ($cookie_auth_file != '' or $cookie_auth_file_group_readable != '') { + notice('You set a tor cookie authentication option, but do not have cookie_authentication on') + } - concat::fragment { '04.control': - ensure => $ensure, - content => template('tor/torrc.control.erb'), - order => '04', - target => $tor::daemon::config_file, + concat::fragment { '04.control': + content => template('tor/torrc.control.erb'), + order => '04', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index 4dc2afa..3bbf273 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -1,15 +1,16 @@ # directory advertising define tor::daemon::directory ( + $ensure = 'present', $port = 0, $listen_addresses = [], $port_front_page = '/etc/tor/tor-exit-notice.html', - $ensure = present ) { - - concat::fragment { '06.directory': - ensure => $ensure, - content => template('tor/torrc.directory.erb'), - order => '06', - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { '06.directory': + content => template('tor/torrc.directory.erb'), + order => '06', + target => $tor::daemon::config_file, + } } include ::tor::daemon::params diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index e8d4fc8..3ae8c77 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,14 +1,15 @@ # DNS definition define tor::daemon::dns( + $ensure = 'present', $port = 0, $listen_addresses = [], - $ensure = present ) { - - concat::fragment { "08.dns.${name}": - ensure => $ensure, - content => template('tor/torrc.dns.erb'), - order => '08', - target => $tor::daemon::config_file, +){ + if $ensure == 'present' { + concat::fragment { "08.dns.${name}": + content => template('tor/torrc.dns.erb'), + order => '08', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index 5f4d3e8..62876c7 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -1,15 +1,16 @@ # exit policies define tor::daemon::exit_policy( + $ensure = 'present', $accept = [], $reject = [], $reject_private = 1, - $ensure = present ) { - - concat::fragment { "07.exit_policy.${name}": - ensure => $ensure, - content => template('tor/torrc.exit_policy.erb'), - order => '07', - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { "07.exit_policy.${name}": + content => template('tor/torrc.exit_policy.erb'), + order => '07', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index ac624a0..ca21ed9 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -1,14 +1,15 @@ # map address definition define tor::daemon::map_address( + $ensure = 'present', $address = '', $newaddress = '', - $ensure = 'present') { - - concat::fragment { "08.map_address.${name}": - ensure => $ensure, - content => template('tor/torrc.map_address.erb'), - order => '08', - target => $tor::daemon::config_file, +) { + if $ensure == 'present' { + concat::fragment { "08.map_address.${name}": + content => template('tor/torrc.map_address.erb'), + order => '08', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/onion_service.pp b/manifests/daemon/onion_service.pp index 2625521..9d12a3a 100644 --- a/manifests/daemon/onion_service.pp +++ b/manifests/daemon/onion_service.pp @@ -1,6 +1,6 @@ # onion services definition define tor::daemon::onion_service( - $ensure = present, + $ensure = 'present', $ports = [], $data_dir = $tor::daemon::data_dir, $private_key = undef, @@ -9,16 +9,17 @@ define tor::daemon::onion_service( ) { $data_dir_path = "${data_dir}/${name}" - include ::tor::daemon::params - concat::fragment { "05.onion_service.${name}": - ensure => $ensure, - content => template('tor/torrc.onion_service.erb'), - order => '05', - target => $tor::daemon::config_file, + if $ensure == 'present' { + include ::tor::daemon::params + concat::fragment { "05.onion_service.${name}": + content => template('tor/torrc.onion_service.erb'), + order => '05', + target => $tor::daemon::config_file, + } } if $private_key or ($private_key_name and $private_key_store_path) { if $private_key and ($private_key_name and $private_key_store_path) { - fail("Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them") + fail('Either private_key OR (private_key_name AND private_key_store_path) must be set, but not all three of them') } if $private_key_store_path and $private_key_name { $tmp = generate_onion_key($private_key_store_path,$private_key_name) diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 4fa303d..68e06ca 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -1,5 +1,6 @@ # relay definition define tor::daemon::relay( + $ensure = 'present', $port = 0, $listen_addresses = [], $outbound_bindaddresses = [], @@ -20,20 +21,21 @@ define tor::daemon::relay( $my_family = '', $address = "tor.${::domain}", $bridge_relay = 0, - $ensure = present ) { +) { - $nickname = $name + if $ensure == 'present' { + $nickname = $name - if $outbound_bindaddresses == [] { - $real_outbound_bindaddresses = [] - } else { - $real_outbound_bindaddresses = $outbound_bindaddresses - } + if $outbound_bindaddresses == [] { + $real_outbound_bindaddresses = [] + } else { + $real_outbound_bindaddresses = $outbound_bindaddresses + } - concat::fragment { '03.relay': - ensure => $ensure, - content => template('tor/torrc.relay.erb'), - order => '03', - target => $tor::daemon::config_file, + concat::fragment { '03.relay': + content => template('tor/torrc.relay.erb'), + order => '03', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 1f22d0c..195ed77 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -1,13 +1,15 @@ # Arbitrary torrc snippet definition define tor::daemon::snippet( + $ensure = 'present', $content = '', - $ensure = present ) { +) { - concat::fragment { "99.snippet.${name}": - ensure => $ensure, - content => $content, - order => '99', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { "99.snippet.${name}": + content => $content, + order => '99', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 17ce40b..43256ae 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -2,8 +2,8 @@ define tor::daemon::socks( $port = 0, $listen_addresses = [], - $policies = [] ) { - + $policies = [], +) { concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), order => '02', diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 6ac7b44..49f9e70 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,14 +1,16 @@ # Transparent proxy definition define tor::daemon::transparent( + $ensure = 'present', $port = 0, $listen_addresses = [], - $ensure = present ) { +) { - concat::fragment { "09.transparent.${name}": - ensure => $ensure, - content => template('tor/torrc.transparent.erb'), - order => '09', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { "09.transparent.${name}": + content => template('tor/torrc.transparent.erb'), + order => '09', + target => $tor::daemon::config_file, + } } } -- cgit v1.2.3 From 24c5d04259971af0033c86fdf90c6f9c22974600 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 21 Feb 2018 23:48:30 +0100 Subject: adjust to the common usage of version as param name --- manifests/arm.pp | 4 ++-- manifests/torsocks.pp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/arm.pp b/manifests/arm.pp index 44ddcbb..dfea7c8 100644 --- a/manifests/arm.pp +++ b/manifests/arm.pp @@ -1,9 +1,9 @@ # manage tor-arm class tor::arm ( - $ensure_version = 'installed' + $version = 'installed' ){ include ::tor package{'tor-arm': - ensure => $ensure_version, + ensure => $version, } } diff --git a/manifests/torsocks.pp b/manifests/torsocks.pp index 9f735d4..e1ba8a9 100644 --- a/manifests/torsocks.pp +++ b/manifests/torsocks.pp @@ -1,9 +1,9 @@ # manage torsocks class tor::torsocks ( - $ensure_version = 'installed' + $version = 'installed' ){ include ::tor::daemon package{'torsocks': - ensure => $ensure_version, + ensure => $version, } } -- cgit v1.2.3 From ff149a1c48e988f2c8ad8e69b582b0c6c0895401 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 23 Feb 2018 23:30:01 +0100 Subject: keep the syntax of config snippes consistent --- manifests/daemon/socks.pp | 13 ++++++++----- manifests/daemon/transport_plugin.pp | 15 +++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) (limited to 'manifests') diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 76c1703..e36d91e 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -1,11 +1,14 @@ # socks definition define tor::daemon::socks( - $port = 0, + $ensure = 'present', + $port = 0, $policies = [], ) { - concat::fragment { '02.socks': - content => template('tor/torrc.socks.erb'), - order => '02', - target => $tor::daemon::config_file, + if $ensure == 'present' { + concat::fragment { '02.socks': + content => template('tor/torrc.socks.erb'), + order => '02', + target => $tor::daemon::config_file, + } } } diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index 1921282..4f7bbf2 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -1,13 +1,16 @@ # transport plugin define tor::daemon::transport_plugin( + $ensure = 'present', $servertransport_plugin = '', $servertransport_listenaddr = '', $servertransport_options = '', - $ext_port = '' ) { - - concat::fragment { '11.transport_plugin': - content => template('tor/torrc.transport_plugin.erb'), - order => 11, - target => $tor::daemon::config_file, + $ext_port = '', +) { + if $ensure == 'present' { + concat::fragment { '11.transport_plugin': + content => template('tor/torrc.transport_plugin.erb'), + order => 11, + target => $tor::daemon::config_file, + } } } -- cgit v1.2.3