Tor: hiddenServiceData

Signed-off-by: Félix Sipma <felix.sipma@no-log.org>
2014-11-11 22:34:08 +01:00 · 2014-11-11 22:34:08 +01:00 · e7d2c38a59
parent 9d6a79bc23
commit e7d2c38a59
1 changed files with 32 additions and 2 deletions
--- a/src/Propellor/Property/Tor.hs
+++ b/src/Propellor/Property/Tor.hs
@ -4,6 +4,11 @@ import Propellor
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Service as Service
+import Utility.FileMode
+
+import System.Posix.Files
+
+type HiddenServiceName = String

 isBridge :: Property
 isBridge = setup `requires` Apt.installed ["tor"]
@ -16,7 +21,7 @@ isBridge = setup `requires` Apt.installed ["tor"]
 		, "Exitpolicy reject *:*"
 		] `onChange` restarted

-hiddenServiceAvailable :: HostName -> Int -> Property
+hiddenServiceAvailable :: HiddenServiceName -> Int -> Property
 hiddenServiceAvailable hn port = hiddenServiceHostName prop
  where
 	prop = mainConfig `File.containsLines`
@ -31,7 +36,7 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop
 		warningMessage $ unlines ["hidden service hostname:", h]
 		return r

-hiddenService :: HostName -> Int -> Property
+hiddenService :: HiddenServiceName -> Int -> Property
 hiddenService hn port = mainConfig `File.containsLines`
 	[ unlines ["HiddenServiceDir", varLib </> hn]
 	, unlines ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
@ -39,6 +44,28 @@ hiddenService hn port = mainConfig `File.containsLines`
 	`describe` unlines ["hidden service available:", hn, show port]
 	`onChange` restarted

+hiddenServiceData :: HiddenServiceName -> Context -> Property
+hiddenServiceData hn context = combineProperties desc
+	[ installonion "hostname"
+	, installonion "private_key"
+	]
+  where
+	desc = unlines ["hidden service data available in", varLib </> hn]
+	installonion f = withPrivData (PrivFile $ varLib </> hn </> f) context $ \getcontent ->
+		property desc $ getcontent $ install $ varLib </> hn </> f
+	install f content = ifM (liftIO $ doesFileExist f)
+		( noChange
+		, ensureProperties
+			[ property desc $ makeChange $ do
+				createDirectoryIfMissing True (takeDirectory f)
+				writeFileProtected f content
+			, File.mode (takeDirectory f) $ combineModes
+				[ownerReadMode, ownerWriteMode, ownerExecuteMode]
+			, File.ownerGroup (takeDirectory f) user user
+			, File.ownerGroup f user user
+			]
+		)
+
 restarted :: Property
 restarted = Service.restarted "tor"

@ -50,3 +77,6 @@ varLib = "/var/lib/tor"

 varRun :: FilePath
 varRun = "/var/run/tor"
+
+user :: UserName
+user = "debian-tor"