0f12a54eab
Use a custom resource and separate recipe for service configs with pre-set keys and hostnames
53 lines
1.2 KiB
Ruby
53 lines
1.2 KiB
Ruby
require "base64"
|
|
|
|
resource_name :tor_service
|
|
provides :tor_service
|
|
|
|
property :name, [String], name_property: true
|
|
property :hostname, [String], required: true
|
|
property :public_key, [String], required: true # base64 encoded content of generated key file
|
|
property :secret_key, [String], required: true # base64 encoded content of generated key file
|
|
property :ports, [Array], required: true
|
|
|
|
default_action :create
|
|
|
|
action :create do
|
|
name = new_resource.name
|
|
ports = Array(new_resource.ports)
|
|
service_dir = "#{node['tor']['DataDirectory']}/#{name}"
|
|
user = "debian-tor"
|
|
group = "debian-tor"
|
|
|
|
node.normal['tor']['HiddenServices'][name]['HiddenServicePorts'] = ports
|
|
|
|
directory service_dir do
|
|
recursive true
|
|
owner user
|
|
group group
|
|
mode '4700'
|
|
end
|
|
|
|
file "#{service_dir}/hostname" do
|
|
content new_resource.hostname
|
|
owner user
|
|
group group
|
|
mode '0600'
|
|
end
|
|
|
|
file "#{service_dir}/hs_ed25519_public_key" do
|
|
content Base64.decode64(new_resource.public_key)
|
|
owner user
|
|
group group
|
|
mode '0600'
|
|
sensitive true
|
|
end
|
|
|
|
file "#{service_dir}/hs_ed25519_secret_key" do
|
|
content Base64.decode64(new_resource.secret_key)
|
|
owner user
|
|
group group
|
|
mode '0600'
|
|
sensitive true
|
|
end
|
|
end
|