summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Tor.hs
diff options
context:
space:
mode:
authorJoey Hess2015-01-29 01:04:59 -0400
committerJoey Hess2015-01-29 01:04:59 -0400
commitd7697a4b256e1c154aec875d1f4aea84a19a20d8 (patch)
treec1b91ae5d43b95750834aabedad9d5d198d1d505 /src/Propellor/Property/Tor.hs
parent7da64306a0d63cc3b04381c073ab6a7732c19e1a (diff)
propellor spin
Diffstat (limited to 'src/Propellor/Property/Tor.hs')
-rw-r--r--src/Propellor/Property/Tor.hs46
1 files changed, 43 insertions, 3 deletions
diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs
index 9a0fe477..d6cd81fd 100644
--- a/src/Propellor/Property/Tor.hs
+++ b/src/Propellor/Property/Tor.hs
@@ -7,19 +7,48 @@ import qualified Propellor.Property.Service as Service
import Utility.FileMode
import System.Posix.Files
+import Data.Char
type HiddenServiceName = String
+type BridgeName = String
+
+-- | Sets up a tor bridge relay. (Not an exit node.)
isBridge :: Property NoInfo
-isBridge = setup `requires` Apt.installed ["tor"]
+isBridge = isBridge' []
+
+isBridge' :: [String] -> Property NoInfo
+isBridge' extraconfig = setup
+ `requires` Apt.installed ["tor", "ntp"]
`describe` "tor bridge"
where
- setup = mainConfig `File.hasContent`
+ setup = mainConfig `File.hasContent` config
+ `onChange` restarted
+ config =
[ "SocksPort 0"
, "ORPort 443"
, "BridgeRelay 1"
, "Exitpolicy reject *:*"
- ] `onChange` restarted
+ ] ++ extraconfig
+
+-- | Sets up a tor bridge relay with a known name and private key.
+--
+-- This can be moved to a different IP without needing to wait to
+-- accumulate trust.
+--
+-- The isBridge property can be used to start
+-- and then upgraded to this one later.
+isNamedBridge :: BridgeName -> Property HasInfo
+isNamedBridge bn = isBridge' ["Nickname " ++ saneNickname bn]
+ `requires` torPrivKey (Context ("tor bridge " ++ bn))
+
+torPrivKey :: Context -> Property HasInfo
+torPrivKey context = f `File.hasPrivContent` context
+ `onChange` File.ownerGroup f user user
+ -- install tor first, so the directory exists with right perms
+ `requires` Apt.installed ["tor"]
+ where
+ f = "/var/lib/tor/keys/secret_id_key"
hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo
hiddenServiceAvailable hn port = hiddenServiceHostName prop
@@ -80,3 +109,14 @@ varRun = "/var/run/tor"
user :: UserName
user = "debian-tor"
+
+type NickName = String
+
+-- | Convert String to a valid tor NickName.
+saneNickname :: String -> NickName
+saneNickname s
+ | null n = "unnamed"
+ | otherwise = n
+ where
+ legal c = isNumber c || isAsciiUpper c || isAsciiLower c
+ n = take 19 $ filter legal s