From d7697a4b256e1c154aec875d1f4aea84a19a20d8 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 29 Jan 2015 01:04:59 -0400 Subject: propellor spin --- src/Propellor/Property/Tor.hs | 46 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) (limited to 'src/Propellor/Property/Tor.hs') diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index 9a0fe477..d6cd81fd 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -7,19 +7,48 @@ import qualified Propellor.Property.Service as Service import Utility.FileMode import System.Posix.Files +import Data.Char type HiddenServiceName = String +type BridgeName = String + +-- | Sets up a tor bridge relay. (Not an exit node.) isBridge :: Property NoInfo -isBridge = setup `requires` Apt.installed ["tor"] +isBridge = isBridge' [] + +isBridge' :: [String] -> Property NoInfo +isBridge' extraconfig = setup + `requires` Apt.installed ["tor", "ntp"] `describe` "tor bridge" where - setup = mainConfig `File.hasContent` + setup = mainConfig `File.hasContent` config + `onChange` restarted + config = [ "SocksPort 0" , "ORPort 443" , "BridgeRelay 1" , "Exitpolicy reject *:*" - ] `onChange` restarted + ] ++ extraconfig + +-- | Sets up a tor bridge relay with a known name and private key. +-- +-- This can be moved to a different IP without needing to wait to +-- accumulate trust. +-- +-- The isBridge property can be used to start +-- and then upgraded to this one later. +isNamedBridge :: BridgeName -> Property HasInfo +isNamedBridge bn = isBridge' ["Nickname " ++ saneNickname bn] + `requires` torPrivKey (Context ("tor bridge " ++ bn)) + +torPrivKey :: Context -> Property HasInfo +torPrivKey context = f `File.hasPrivContent` context + `onChange` File.ownerGroup f user user + -- install tor first, so the directory exists with right perms + `requires` Apt.installed ["tor"] + where + f = "/var/lib/tor/keys/secret_id_key" hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo hiddenServiceAvailable hn port = hiddenServiceHostName prop @@ -80,3 +109,14 @@ varRun = "/var/run/tor" user :: UserName user = "debian-tor" + +type NickName = String + +-- | Convert String to a valid tor NickName. +saneNickname :: String -> NickName +saneNickname s + | null n = "unnamed" + | otherwise = n + where + legal c = isNumber c || isAsciiUpper c || isAsciiLower c + n = take 19 $ filter legal s -- cgit v1.2.3