cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2015-01-29 01:04:59 -04:00
parent 7da64306a0
commit d7697a4b25
Failed to extract signature
4 changed files with 1254 additions and 1200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config-joey.hs
View File

@ -86,7 +86,7 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
& Ssh.randomHostKeys & Ssh.randomHostKeys
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Network.ipv6to4 & Network.ipv6to4
& Tor.isBridge & Tor.isNamedBridge "kite1"
& Postfix.satellite & Postfix.satellite
& Docker.configured & Docker.configured

2404
privdata.joey/privdata.gpg
View File

File diff suppressed because it is too large Load Diff

2
src/Propellor/Property/File.hs
View File

@ -21,7 +21,7 @@ hasPrivContent :: IsContext c => FilePath -> c -> Property HasInfo
hasPrivContent f = hasPrivContentFrom (PrivDataSourceFile (PrivFile f) f) f hasPrivContent f = hasPrivContentFrom (PrivDataSourceFile (PrivFile f) f) f
-- | Like hasPrivContent, but allows specifying a source -- | Like hasPrivContent, but allows specifying a source
-- for PrivData, rather than using PrivDataSourceFile. -- for PrivData, rather than using PrivDataSourceFile .
hasPrivContentFrom :: (IsContext c, IsPrivDataSource s) => s -> FilePath -> c -> Property HasInfo hasPrivContentFrom :: (IsContext c, IsPrivDataSource s) => s -> FilePath -> c -> Property HasInfo
hasPrivContentFrom = hasPrivContent' writeFileProtected hasPrivContentFrom = hasPrivContent' writeFileProtected

46
src/Propellor/Property/Tor.hs
View File

@ -7,19 +7,48 @@ import qualified Propellor.Property.Service as Service
import Utility.FileMode import Utility.FileMode
import System.Posix.Files import System.Posix.Files
import Data.Char
type HiddenServiceName = String type HiddenServiceName = String
type BridgeName = String
-- | Sets up a tor bridge relay. (Not an exit node.)
isBridge :: Property NoInfo isBridge :: Property NoInfo
isBridge = setup `requires` Apt.installed ["tor"] isBridge = isBridge' []
isBridge' :: [String] -> Property NoInfo
isBridge' extraconfig = setup
`requires` Apt.installed ["tor", "ntp"]
`describe` "tor bridge" `describe` "tor bridge"
where where
setup = mainConfig `File.hasContent` setup = mainConfig `File.hasContent` config
`onChange` restarted
config =
[ "SocksPort 0" [ "SocksPort 0"
, "ORPort 443" , "ORPort 443"
, "BridgeRelay 1" , "BridgeRelay 1"
, "Exitpolicy reject *:*" , "Exitpolicy reject *:*"
] `onChange` restarted ] ++ extraconfig
-- | Sets up a tor bridge relay with a known name and private key.
--
-- This can be moved to a different IP without needing to wait to
-- accumulate trust.
--
-- The isBridge property can be used to start
-- and then upgraded to this one later.
isNamedBridge :: BridgeName -> Property HasInfo
isNamedBridge bn = isBridge' ["Nickname " ++ saneNickname bn]
`requires` torPrivKey (Context ("tor bridge " ++ bn))
torPrivKey :: Context -> Property HasInfo
torPrivKey context = f `File.hasPrivContent` context
`onChange` File.ownerGroup f user user
-- install tor first, so the directory exists with right perms
`requires` Apt.installed ["tor"]
where
f = "/var/lib/tor/keys/secret_id_key"
hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo
hiddenServiceAvailable hn port = hiddenServiceHostName prop hiddenServiceAvailable hn port = hiddenServiceHostName prop
@ -80,3 +109,14 @@ varRun = "/var/run/tor"
user :: UserName user :: UserName
user = "debian-tor" user = "debian-tor"
type NickName = String
-- | Convert String to a valid tor NickName.
saneNickname :: String -> NickName
saneNickname s
| null n = "unnamed"
| otherwise = n
where
legal c = isNumber c || isAsciiUpper c || isAsciiLower c
n = take 19 $ filter legal s