Forge Home


Installs, configures and manages Tor


477 latest version

4.6 quality score

Version information

  • 3.2.0 (latest)
  • 3.1.1
  • 3.1.0
  • 3.0.0
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.1
  • 2.0.0
  • 1.1.0
  • 1.0.1
  • 1.0.0
released Apr 17th 2021
This version is compatible with:
  • Puppet Enterprise 2018.1.x
  • Puppet >= 5.5.0 < 6.0.0
  • Debian

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'smash-tor', '3.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add smash-tor
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install smash-tor --version 3.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



smash/tor — version 3.2.0 Apr 17th 2021


Table of Contents

  1. Description
  2. Setup
  3. Functions
  4. Facts
  5. Reference
  6. Development


This module manages tor and is mainly geared towards people running it on servers. With this module, you should be able to manage most, if not all of the functionalities provided by tor, such as:

  • relays
  • bridges and exit nodes
  • onion services
  • exit policies
  • transport plugins


Setup Requirements

This module needs:

Explicit dependencies can be found in the project's metadata.json file.

Getting started

class { 'tor': } will install tor with a default configuration. Chances are you will want to configure Tor in a certain way. This is accomplished declaring one or more of the tor::daemon defined types.

For example, this will configure a tor bridge relay running on port 8080:

  tor::daemon::relay {
      bridge_relay     => true,
      port             => 8080,
      address          => '',
      bandwidth_rate   => 12500,
      bandwidth_burst  => 12500,
      contact_info     => 'Foo Bar <>',


This module comes with 3 functions specific to tor support. They require the base32, ed25519 and sha3 gem to be installed on the master or wherever they are executed. For JRuby based installations such as puppetserver environments you can use the sha3-pure-ruby instead of the C based library.


This functions generates an onion v3 key pair if not already existing. As arguments, you need to pass a base directory and an indentifier (name) of the key. The key pair will be looked up in a directory under <base_dir>/.

As a result you will get a hash containing they secret key (hs_ed25519_secret_key), the public key (hs_ed25519_public_key) and the onion hostname (hostname). The latter will be without the .onion suffix.

If a key has already been created and exists under that directory, the content of these files will be returned.


This function takes a 1024bit RSA private key as an argument and returns the onion v2 address for an onion service for that key.


This function takes a path (on the puppet master!) and an identifier for a key and returns an array containing the matching onion v2 address and the private key. The private key either exists under the supplied path/key_identifier or is being generated on the fly and stored under that path for the next execution.



This fact gives you a list of the hidden services you are running.


The full reference documentation for this module may be found at on GitLab Pages.

Alternatively, you may build yourself the documentation using the puppet strings generate command. See the documentation for Puppet Strings for more information.


This module's development is tracked on GitLab. Please submit issues and merge requests on the shared-puppet-modules-group/tor project page.