Refactor tor usage entirely
Use a custom resource and separate recipe for service configs with pre-set keys and hostnames
This commit is contained in:
@@ -5,6 +5,17 @@
|
||||
|
||||
tor_services = data_bag_item('credentials', 'tor')['services']
|
||||
|
||||
tor_service "ejabberd" do
|
||||
hostname tor_services['ejabberd']['hostname']
|
||||
public_key tor_services['ejabberd']['public_key']
|
||||
secret_key tor_services['ejabberd']['secret_key']
|
||||
# TODO configure IP from node attribute
|
||||
# (This is hardcoded for draco atm)
|
||||
ports [ "5222 148.251.237.73:5222",
|
||||
"5223 148.251.237.73:5223",
|
||||
"5269 148.251.237.73:5269" ]
|
||||
end
|
||||
|
||||
tor_service "web" do
|
||||
hostname tor_services['web']['hostname']
|
||||
public_key tor_services['web']['public_key']
|
||||
|
||||
@@ -5,8 +5,8 @@ provides :tor_service
|
||||
|
||||
property :name, [String], name_property: true
|
||||
property :hostname, [String], required: true
|
||||
property :public_key, [String], required: true
|
||||
property :secret_key, [String], required: true
|
||||
property :public_key, [String], required: true # base64 encoded content of generated key file
|
||||
property :secret_key, [String], required: true # base64 encoded content of generated key file
|
||||
property :ports, [Array], required: true
|
||||
|
||||
default_action :create
|
||||
|
||||
@@ -6,14 +6,6 @@ node.default["kosmos-ejabberd"]["stun_turn_port"] = 3478
|
||||
node.default["kosmos-ejabberd"]["turn_min_port"] = 50000
|
||||
node.default["kosmos-ejabberd"]["turn_max_port"] = 50050
|
||||
|
||||
node.override["tor"]["HiddenServices"]["ejabberd"] = {
|
||||
"HiddenServicePorts" => [
|
||||
"5222 127.0.0.1:5222",
|
||||
"5223 127.0.0.1:5223",
|
||||
"5269 127.0.0.1:5269"
|
||||
]
|
||||
}
|
||||
|
||||
node.default["kosmos-ejabberd"]["uploads"] = {
|
||||
"domain" => "uploads.kosmos.chat",
|
||||
"max_upload_size_mb" => "100",
|
||||
|
||||
@@ -205,10 +205,3 @@ firewall_rule 'ejabberd_http' do
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
#
|
||||
# Tor hidden service
|
||||
#
|
||||
# The attributes for the hidden service are set in attributes/default.rb, due
|
||||
# to the way the tor-full cookbook builds the path to the hidden service dir
|
||||
include_recipe "tor-full"
|
||||
|
||||
@@ -85,7 +85,7 @@ ruby_block "read-hostnames" do
|
||||
block do
|
||||
# Set generated hostname for hidden services
|
||||
node['tor']['HiddenServices'].each do |name, service|
|
||||
path = File.join(service['HiddenServiceDir'], "/hostname")
|
||||
path = "/var/lib/tor/#{name}/hostname"
|
||||
node.normal['tor']['HiddenServices'][name]['hostname'] = File.read(path).strip()
|
||||
end
|
||||
end
|
||||
@@ -96,10 +96,6 @@ template '/etc/tor/torrc' do
|
||||
source 'torrc.erb'
|
||||
notifies :restart, 'service[tor]', :immediately
|
||||
notifies :run, "ruby_block[read-hostnames]"
|
||||
# Set default HiddenServiceDir
|
||||
node['tor']['HiddenServices'].each do |name, service|
|
||||
node.default['tor']['HiddenServices'][name]['HiddenServiceDir'] = File.join("/var/lib/tor/", name, "/")
|
||||
end
|
||||
end
|
||||
|
||||
# Install exit policy notice
|
||||
|
||||
@@ -88,7 +88,7 @@ DataDirectory <%= node['tor']['DataDirectory'] %>
|
||||
#HiddenServicePort 22 127.0.0.1:22
|
||||
<% node['tor']['HiddenServices'].each do |name, service| -%>
|
||||
|
||||
HiddenServiceDir <%= service['HiddenServiceDir'] %>
|
||||
HiddenServiceDir /var/lib/tor/<%= name %>/
|
||||
<% service['HiddenServicePorts'].each do |port| -%>
|
||||
HiddenServicePort <%= port %>
|
||||
<% end -%>
|
||||
|
||||
Reference in New Issue
Block a user