Alexander Fortin

fortin

8,481 downloads

8,481 latest version

5.0 quality score

Version information

  • 0.1.0 (latest)
released Dec 4th 2014
This version is compatible with:
  • Debian

Start using this module

Documentation

fortin/tor — version 0.1.0 Dec 4th 2014

The default include sets up Tor as a basic non-exit relay listening on port 9001

include 'tor'

You can specify the default ORPort

class {'tor':
  orport => 443,
}

You can specify your own contact details with 'nickname' and 'contact' parameters

class {'tor':
  nickname => 'whatever',
  contact  => '0xFFFFFF Whatever <whatever@example.com>',
}

If you want it to advertise directory services, specify also the DirPort parameter (defaults to 0)

class {'tor':
  nickname => 'whatever',
  contact  => '0xFFFFFF Whatever <whatever@example.com>',
  dirport  => 'auto',
}

You can also use the the official Tor APT repository so to have the most recent stable version, but you need puppetlabs/apt module for that to work.

class {'tor':
  nickname        => 'whatever',
  contact         => '0xFFFFFF Whatever <whatever@example.com>',
  enable_apt_repo => true,
}

If you need to override any configuration value, you can always provide them as an array (custom_config parameter)

class {'tor':
  nickname        => 'whatever',
  contact         => '0xFFFFFF Whatever <whatever@example.com>',
  enable_apt_repo => true,
  custom_config   => [
    'AccountingMax 1TB',
    'MaxAdvertisedBandwidth 1MB',
    '...',
  ],
}

To remove it safely

class {'tor':
  ensure => absent,
}

If you want it to be an exit relay, you have a few default options.

You can use reduced exit policies as suggested here

class {'tor':
 nickname   => 'whatever',
 contact    => '0xFFFFFF Whatever <whatever@example.com>',
 exit_relay => 'reduced',
}

You can provide your own custom list of exit policies

class {'tor':
  nickname          => 'whatever',
  contact           => '0xFFFFFF Whatever <whatever@example.com>',
  exit_relay        => 'custom',
  exit_custom_rules => [
    'accept *:443',
    'accept *:80',
    'accept ...',
    'reject *:*'
  ]
}

Finally, you can remove any Exit Policy filter and make it a 'wide-open' relay

class {'tor':
 nickname   => 'whatever',
 contact    => '0xFFFFFF Whatever <whatever@example.com>',
 exit_relay => 'wide-open',
}

NOTE: any other value of exit_relay will set it as a non exit relay (i.e., ExitPolicy reject *:*)