From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 28 Jul 2016 19:34:38 +0000 (+0000)
Subject: Start an onion module
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4865d94fb841087441566652caec53af7f8ccbd8;p=mirror%2Fdsa-puppet.git

Start an onion module
---

diff --git a/modules/onion/manifests/init.pp b/modules/onion/manifests/init.pp
new file mode 100644
index 000000000..a975dd5de
--- /dev/null
+++ b/modules/onion/manifests/init.pp
@@ -0,0 +1,32 @@
+class onion {
+	package { 'tor':
+		ensure => installed,
+	}
+	service { 'tor':
+		ensure => running,
+		require => Package['tor'],
+	}
+	exec { 'service tor reload':
+		path        => '/usr/bin:/usr/sbin:/bin:/sbin',
+		command     => 'service tor reload',
+		refreshonly => true,
+		require =>  Package['tor'],
+	}
+	file { '/var/lib/tor/onion':
+		require => Package['tor'],
+		ensure  => directory,
+		owner => 'debian-tor',
+		group => 'debian-tor',
+		mode => '02700',
+	}
+
+	concat { '/etc/tor/torrc':
+		notify  => Exec['service tor reload'],
+		require => Package['tor'],
+	}
+	concat::fragment { 'onion::torrc_header':
+		target  => "/etc/tor/torrc",
+		order   => 05,
+		content => "SocksPort 0\nLog notice syslog\n\n",
+	}
+}
diff --git a/modules/onion/manifests/service.pp b/modules/onion/manifests/service.pp
new file mode 100644
index 000000000..1bfdb8d95
--- /dev/null
+++ b/modules/onion/manifests/service.pp
@@ -0,0 +1,13 @@
+define onion::service (
+	$port,
+	$target_address,
+	$target_port
+) {
+	include onion
+
+	concat::fragment { "onion::torrc_onionservice::${name}":
+		target  => "/etc/tor/torrc",
+		order   => 10,
+		content => "HiddenServiceDir /var/lib/tor/onion/${name}\nHiddenServicePort ${port} ${target_address}:${target_port}\n\n",
+	}
+}
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index e535a62b0..441e20ccd 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -351,4 +351,12 @@ class roles {
 	if has_role('ports-master') {
 		include roles::ports-master
 	}
+
+	if $::hostname in [klecker] {
+		onion::service { 'ftp.debian.org':
+			port => 80,
+			target_address => '130.89.148.12',
+			target_port => 81,
+		}
+	}
 }