Implements bridging, bump to 1.1.0

Adds support for running a bridge relay, including a private one, and for
specifying bridges in a client configuration.

Modulefile

@@ -1,5 +1,5 @@
 name    'inkblot/tor'
-version '1.0.0'
+version '1.1.0'
 source  'git://githubcom/inkblot/puppet-tor'
 author  'inkblot'
 license 'Apache 2.0'

manifests/init.pp

@@ -1,25 +1,29 @@
 class tor (
-	$socks                = true,
-	$socksport            = '9050',
-	$sockslistenaddresses = '127.0.0.1',
-	$sockspolicies        = [ {
+	$socks                      = true,
+	$socksport                  = '9050',
+	$sockslistenaddresses       = '127.0.0.1',
+	$sockspolicies              = [ {
 			policy => 'accept',
 			target => '192.168.0.0/16',
 		}, {
 			policy => 'reject',
 			target => '*',
 		} ],
-	$dirservers           = [],
-	$relay                = true,
-	$orport               = '9001',
-	$orlistenaddress      = '0.0.0.0:9001',
-	$nickname             = 'ididnteditheconfig',
-	$address              = false,
-	$bridge               = false,
-	$directory            = false,
-	$dirport              = '9000',
-	$dirlistenaddress     = '0.0.0.0:9000',
-	$hidden_services      = [],
+	$dirservers                 = [],
+	$usebridges                 = false,
+	$updatebridgesfromauthority = true,
+	$bridges                    = [],
+	$relay                      = true,
+	$orport                     = '9001',
+	$orlistenaddress            = '0.0.0.0:9001',
+	$nickname                   = 'ididnteditheconfig',
+	$address                    = false,
+	$bridge                     = false,
+	$publishserverdescriptor    = true,
+	$directory                  = false,
+	$dirport                    = '9000',
+	$dirlistenaddress           = '0.0.0.0:9000',
+	$hidden_services            = [],
 ) {
 
 	package { 'tor':

templates/torrc.erb

@@ -97,6 +97,17 @@ Nickname <%= @nickname %>
 ## and Tor will guess.
 Address <%= @address %>
 <%-   end -%>
+<%-   if @bridge -%>
+
+## Bridge relays (or "bridges") are Tor relays that aren't listed in the
+## main directory. Since there is no complete public list of them, even if an
+## ISP is filtering connections to all the known Tor relays, they probably
+## won't be able to block all the bridges. Also, websites won't treat you
+## differently because they won't know you're running Tor. If you can
+## be a real relay, please do; but if not, be a bridge!
+BridgeRelay 1
+PublishServerDescriptor <%= @publishserverdescriptor ? '1' : '0' %>
+<%-   end -%>
 
 ## Define these to limit how much relayed traffic you will allow. Your
 ## own traffic is still unthrottled. Note that RelayBandwidthRate must
@@ -164,14 +175,6 @@ Address <%= @address %>
 #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
 #ExitPolicy accept *:119 # accept nntp as well as default exit policy
 #ExitPolicy reject *:* # no exits allowed
-#
-## Bridge relays (or "bridges") are Tor relays that aren't listed in the
-## main directory. Since there is no complete public list of them, even if an
-## ISP is filtering connections to all the known Tor relays, they probably
-## won't be able to block all the bridges. Also, websites won't treat you
-## differently because they won't know you're running Tor. If you can
-## be a real relay, please do; but if not, be a bridge!
-BridgeRelay <%= @bridge ? '1' : '0' %>
 #ExitPolicy reject *:*
 <%-   end -%>
 <%-   if @directory -%>
@@ -185,4 +188,16 @@ DirListenAddress <%= @dirlistenaddress %>
 <%-   @dirservers.each do |ds| -%>
 DirServer <%= ds['nickname'] %> <%= ds['flags'].join(' ') %> <%= ds['address'] %> <%= ds['fingerprint'] %>
 <%-   end -%>
+<%- else -%>
+<%-   if @usebridges -%>
+
+UseBridges 1
+UpdateBridgesFromAuthority <%= @updatebridgesfromauthority ? '1' : '0' %>
+<%-     unless @bridges.empty? -%>
+
+<%-       @bridges.each do |bridge| -%>
+Bridge <%= bridge['transport'] %> <%= "#{bridge['ip']}:#{bridge['orport']}" %> <%= bridge['fingerprint'] %>
+<%-       end -%>
+<%-     end -%>
+<%-   end -%>
 <%- end -%>