cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2015-01-29 01:37:53 -04:00
parent d7697a4b25
commit 3585f14d4e
Failed to extract signature
2 changed files with 49 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config-joey.hs
View File

@ -86,7 +86,7 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
& Ssh.randomHostKeys & Ssh.randomHostKeys
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Network.ipv6to4 & Network.ipv6to4
& Tor.isNamedBridge "kite1" & Tor.named "kite1" Tor.isRelay'
& Postfix.satellite & Postfix.satellite
& Docker.configured & Docker.configured

66
src/Propellor/Property/Tor.hs
View File

@ -11,37 +11,67 @@ import Data.Char
type HiddenServiceName = String type HiddenServiceName = String
type BridgeName = String type NodeName = String
-- | Sets up a tor bridge relay. (Not an exit node.) -- | Sets up a tor bridge. (Not a relay or exit node.)
--
-- Uses port 443
isBridge :: Property NoInfo isBridge :: Property NoInfo
isBridge = isBridge' [] isBridge = isBridge' []
isBridge' :: [String] -> Property NoInfo isBridge' :: [String] -> Property NoInfo
isBridge' extraconfig = setup isBridge' extraconfig = server config
`requires` Apt.installed ["tor", "ntp"]
`describe` "tor bridge" `describe` "tor bridge"
where
config =
[ "BridgeRelay 1"
, "Exitpolicy reject *:*"
, "ORPort 443"
] ++ extraconfig
-- | Sets up a tor relay.
--
-- Uses port 443
isRelay :: Property NoInfo
isRelay = isRelay' []
isRelay' :: [String] -> Property NoInfo
isRelay' extraconfig = server config
`describe` "tor relay"
where
config =
[ "BridgeRelay 0"
, "Exitpolicy reject *:*"
, "ORPort 443"
] ++ extraconfig
-- | Converts a property like isBridge' or isRelay' to be a named
-- node, with a known private key.
--
-- This can be moved to a different IP without needing to wait to
-- accumulate trust.
--
-- The base property can be used to start out and then upgraded to
-- a named property later.
named :: NodeName -> ([String] -> Property NoInfo) -> Property HasInfo
named n basep = p `describe` (getDesc p ++ " " ++ n)
where
p = basep ["Nickname " ++ saneNickname n]
`requires` torPrivKey (Context ("tor " ++ n))
-- | A tor server (bridge, relay, or exit)
-- Don't use if you just want to run tor for personal use.
server :: [String] -> Property NoInfo
server extraconfig = setup
`requires` Apt.installed ["tor", "ntp"]
`describe` "tor server"
where where
setup = mainConfig `File.hasContent` config setup = mainConfig `File.hasContent` config
`onChange` restarted `onChange` restarted
config = config =
[ "SocksPort 0" [ "SocksPort 0"
, "ORPort 443"
, "BridgeRelay 1"
, "Exitpolicy reject *:*"
] ++ extraconfig ] ++ extraconfig
-- | Sets up a tor bridge relay with a known name and private key.
--
-- This can be moved to a different IP without needing to wait to
-- accumulate trust.
--
-- The isBridge property can be used to start
-- and then upgraded to this one later.
isNamedBridge :: BridgeName -> Property HasInfo
isNamedBridge bn = isBridge' ["Nickname " ++ saneNickname bn]
`requires` torPrivKey (Context ("tor bridge " ++ bn))
torPrivKey :: Context -> Property HasInfo torPrivKey :: Context -> Property HasInfo
torPrivKey context = f `File.hasPrivContent` context torPrivKey context = f `File.hasPrivContent` context
`onChange` File.ownerGroup f user user `onChange` File.ownerGroup f user user