Forge Home


Installs, configures and manages Tor




419 latest version

4.6 quality score

Version information

  • 3.2.0 (latest)
  • 3.1.1
  • 3.1.0
  • 3.0.0
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.1
  • 2.0.0
  • 1.1.0
  • 1.0.1
  • 1.0.0
released Apr 17th 2021
This version is compatible with:
  • Puppet Enterprise 2018.1.x
  • Puppet >= 5.5.0 < 6.0.0
  • Debian

Start using this module


smash/tor — version 3.2.0 Apr 17th 2021


Table of Contents

  1. Description
  2. Setup
  3. Functions
  4. Facts
  5. Reference
  6. Development


This module manages tor and is mainly geared towards people running it on servers. With this module, you should be able to manage most, if not all of the functionalities provided by tor, such as:

  • relays
  • bridges and exit nodes
  • onion services
  • exit policies
  • transport plugins


Setup Requirements

This module needs:

Explicit dependencies can be found in the project's metadata.json file.

Getting started

class { 'tor': } will install tor with a default configuration. Chances are you will want to configure Tor in a certain way. This is accomplished declaring one or more of the tor::daemon defined types.

For example, this will configure a tor bridge relay running on port 8080:

  tor::daemon::relay {
      bridge_relay     => true,
      port             => 8080,
      address          => '',
      bandwidth_rate   => 12500,
      bandwidth_burst  => 12500,
      contact_info     => 'Foo Bar <>',


This module comes with 3 functions specific to tor support. They require the base32, ed25519 and sha3 gem to be installed on the master or wherever they are executed. For JRuby based installations such as puppetserver environments you can use the sha3-pure-ruby instead of the C based library.


This functions generates an onion v3 key pair if not already existing. As arguments, you need to pass a base directory and an indentifier (name) of the key. The key pair will be looked up in a directory under <base_dir>/.

As a result you will get a hash containing they secret key (hs_ed25519_secret_key), the public key (hs_ed25519_public_key) and the onion hostname (hostname). The latter will be without the .onion suffix.

If a key has already been created and exists under that directory, the content of these files will be returned.


This function takes a 1024bit RSA private key as an argument and returns the onion v2 address for an onion service for that key.


This function takes a path (on the puppet master!) and an identifier for a key and returns an array containing the matching onion v2 address and the private key. The private key either exists under the supplied path/key_identifier or is being generated on the fly and stored under that path for the next execution.



This fact gives you a list of the hidden services you are running.


The full reference documentation for this module may be found at on GitLab Pages.

Alternatively, you may build yourself the documentation using the puppet strings generate command. See the documentation for Puppet Strings for more information.


This module's development is tracked on GitLab. Please submit issues and merge requests on the shared-puppet-modules-group/tor project page.