Refactor tor usage entirely

Use a custom resource and separate recipe for service configs with
pre-set keys and hostnames

site-cookbooks/kosmos-base/recipes/tor_services.rb

@@ -5,6 +5,17 @@
 
 tor_services = data_bag_item('credentials', 'tor')['services']
 
+tor_service "ejabberd" do
+  hostname   tor_services['ejabberd']['hostname']
+  public_key tor_services['ejabberd']['public_key']
+  secret_key tor_services['ejabberd']['secret_key']
+  # TODO configure IP from node attribute
+  # (This is hardcoded for draco atm)
+  ports      [ "5222 148.251.237.73:5222",
+               "5223 148.251.237.73:5223",
+               "5269 148.251.237.73:5269" ]
+end
+
 tor_service "web" do
   hostname   tor_services['web']['hostname']
   public_key tor_services['web']['public_key']

site-cookbooks/kosmos-base/resources/tor_service.rb

@@ -5,8 +5,8 @@ provides :tor_service
 
 property :name,       [String], name_property: true
 property :hostname,   [String], required: true
-property :public_key, [String], required: true
-property :secret_key, [String], required: true
+property :public_key, [String], required: true # base64 encoded content of generated key file
+property :secret_key, [String], required: true # base64 encoded content of generated key file
 property :ports,      [Array],  required: true
 
 default_action :create

site-cookbooks/kosmos-ejabberd/attributes/default.rb

@@ -6,14 +6,6 @@ node.default["kosmos-ejabberd"]["stun_turn_port"] = 3478
 node.default["kosmos-ejabberd"]["turn_min_port"] = 50000
 node.default["kosmos-ejabberd"]["turn_max_port"] = 50050
 
-node.override["tor"]["HiddenServices"]["ejabberd"] = {
-  "HiddenServicePorts" => [
-    "5222 127.0.0.1:5222",
-    "5223 127.0.0.1:5223",
-    "5269 127.0.0.1:5269"
-  ]
-}
-
 node.default["kosmos-ejabberd"]["uploads"] = {
   "domain" => "uploads.kosmos.chat",
   "max_upload_size_mb" => "100",

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -205,10 +205,3 @@ firewall_rule 'ejabberd_http' do
   protocol :tcp
   command  :allow
 end
-
-#
-# Tor hidden service
-#
-# The attributes for the hidden service are set in attributes/default.rb, due
-# to the way the tor-full cookbook builds the path to the hidden service dir
-include_recipe "tor-full"

site-cookbooks/tor-full/recipes/default.rb

@@ -85,7 +85,7 @@ ruby_block "read-hostnames" do
   block do
     # Set generated hostname for hidden services
     node['tor']['HiddenServices'].each do |name, service|
-      path = File.join(service['HiddenServiceDir'], "/hostname")
+      path = "/var/lib/tor/#{name}/hostname"
       node.normal['tor']['HiddenServices'][name]['hostname'] = File.read(path).strip()
     end
   end
@@ -96,10 +96,6 @@ template '/etc/tor/torrc' do
   source 'torrc.erb'
   notifies :restart, 'service[tor]', :immediately
   notifies :run, "ruby_block[read-hostnames]"
-  # Set default HiddenServiceDir
-  node['tor']['HiddenServices'].each do |name, service|
-    node.default['tor']['HiddenServices'][name]['HiddenServiceDir'] = File.join("/var/lib/tor/", name, "/")
-  end
 end
 
 # Install exit policy notice

site-cookbooks/tor-full/templates/default/torrc.erb

@@ -88,7 +88,7 @@ DataDirectory <%= node['tor']['DataDirectory'] %>
 #HiddenServicePort 22 127.0.0.1:22
 <% node['tor']['HiddenServices'].each do |name, service| -%>
 
-HiddenServiceDir <%= service['HiddenServiceDir'] %>
+HiddenServiceDir /var/lib/tor/<%= name %>/
 	<% service['HiddenServicePorts'].each do |port| -%>
 HiddenServicePort <%= port %>
 	<% end -%>