Move hidden services to a define
Replace the array-based tor::hidden_services parameter with a define that adds a section to the concat for torrc.
This commit is contained in:
parent
5767e56a44
commit
9c36fbf5e2
|
@ -6,3 +6,5 @@ license 'Apache 2.0'
|
|||
summary 'Tor onion router'
|
||||
description 'A Puppet module to deploy and manage Tor nodes'
|
||||
project_page 'https://github.com/inkblot/puppet-tor'
|
||||
|
||||
dependency 'puppetlabs/concat', '>= 1.0.0'
|
||||
|
|
|
@ -28,7 +28,6 @@ class tor (
|
|||
$directory = false,
|
||||
$dirport = '9000',
|
||||
$dirlistenaddress = '0.0.0.0:9000',
|
||||
$hidden_services = [],
|
||||
$transport = false,
|
||||
$translistenaddress = '127.0.0.1',
|
||||
$dnsport = false,
|
||||
|
@ -39,15 +38,19 @@ class tor (
|
|||
ensure => installed,
|
||||
}
|
||||
|
||||
file { '/etc/tor/torrc':
|
||||
ensure => present,
|
||||
concat { '/etc/tor/torrc':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('tor/torrc.erb'),
|
||||
require => Package['tor'],
|
||||
notify => Service['tor'],
|
||||
}
|
||||
|
||||
concat::fragment { 'torrc-main':
|
||||
target => '/etc/tor/torrc',
|
||||
content => template('tor/torrc.erb'),
|
||||
order => '00',
|
||||
}
|
||||
|
||||
service { 'tor':
|
||||
ensure => running,
|
||||
}
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
# ex: syntax=puppet si ts=4 sw=4 et
|
||||
|
||||
define tor::service (
|
||||
$real_port = 'same',
|
||||
$real_address = '127.0.0.1',
|
||||
$virtual_port,
|
||||
) {
|
||||
concat::fragment { "torrc-service-${name}":
|
||||
target => '/etc/tor/torrc',
|
||||
content => template('tor/service.erb'),
|
||||
order => "05-${name}-00",
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
|
||||
############### This section is location-hidden service <%= @name %> ###
|
||||
|
||||
## Once you have configured a hidden service, you can find the hidden
|
||||
## service hostname in /var/lib/tor/<%= @name %>/hostname
|
||||
|
||||
HiddenServiceDir /var/lib/tor/<%= @name %>
|
||||
HiddenServicePort <%= @virtual_port %> <%= @real_address %>:<%= @real_port === 'same' ? @virtual_port : @real_port %>
|
|
@ -70,21 +70,6 @@ TransListenAddress <%= @translistenaddress %>
|
|||
## authentication methods, to prevent attackers from accessing it.
|
||||
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
|
||||
#CookieAuthentication 1
|
||||
<%- unless @hidden_services.empty? -%>
|
||||
|
||||
############### This section is just for location-hidden services ###
|
||||
|
||||
## Once you have configured a hidden service, you can look at the
|
||||
## contents of the file ".../hidden_service/hostname" for the address
|
||||
## to tell people.
|
||||
<%- @hidden_services.each do |service| -%>
|
||||
|
||||
HiddenServiceDir /var/lib/tor/<%= service['name'] %>
|
||||
<%- service['ports'].each do |port| -%>
|
||||
HiddenServicePort <%= port['hsport'] %> <%= port['origin'] %>
|
||||
<%- end -%>
|
||||
<%- end -%>
|
||||
<%- end -%>
|
||||
<%- if @relay -%>
|
||||
|
||||
################ This section is just for relays #####################
|
||||
|
|
Loading…
Reference in New Issue