summaryrefslogtreecommitdiff
path: root/manifests/onionbalance.pp
blob: 19217545c8ec914cdc30984662f81c292d0b5844 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

# manages an onionbalance installation
#
# Parameters:
#
#  services: a hash of onionbalance service instances
#    services => {
#      keyname_of_service1 => {
#        name1        => onionservice_addr_3,
#        name2        => onionservice_addr_2,
#        _key_content => content_of_key_of_onionbalanced_service1,
#      },
#    }
#
class tor::onionbalance(
  $services,
) {

  include ::tor

  case $facts['osfamily'] {
    'Debian': {
      $pkg_name = 'onionbalance'
      $instance_file = '/etc/tor/instances/onionbalance/torrc'
      $instance_user = '_tor-onionbalance'
      exec{'/usr/sbin/tor-instance-create onionbalance':
        creates => '/etc/tor/instances/onionbalance',
        require => Package['tor'],
        before  => File[$instance_file],
      } -> augeas{"manage_onionbalance_in_group_${instance_user}":
        context => '/files/etc/group',
        changes => [ "set ${instance_user}/user[last()+1] onionbalance" ],
        onlyif  => "match ${instance_user}/*[../user='onionbalance'] size == 0",
        require => Package['onionbalance'],
      }
    }
    'RedHat': {
      $instance_file = '/etc/tor/onionbalance.torrc'
      $instance_user = 'toranon'
      $pkg_name      = 'python2-onionbalance'
    }
    default: {
      fail("OSFamily ${facts['osfamily']} not (yet) supported for onionbalance")
    }
  }

  package{$pkg_name:
    ensure => 'installed',
    tag    => 'onionbalance',
  } -> file{
    '/etc/onionbalance/config.yaml':
      content => template('tor/onionbalance/config.yaml.erb'),
      owner   => root,
      group   => $instance_user,
      mode    => '0640',
      notify  => Service['onionbalance'];
    $instance_file:
      content => template("tor/onionbalance/${facts['osfamily']}.torrc.erb"),
      owner   => root,
      group   => 0,
      mode    => '0644',
      require => Package['tor'],
      notify  => Service['tor@onionbalance'],
  }

  $keys = keys($services)
  tor::onionbalance::keys{
    $keys:
      values => $services,
      group  => $instance_user,
  }

  service{
    'tor@onionbalance':
      ensure => running,
      enable => true;
    'onionbalance':
      ensure    => running,
      enable    => true,
      subscribe => Service['tor@onionbalance'];
  }

}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 12:21:15 +0000