Add ed25519_signing_cert and ed25519_signing_secret_key support

2019-04-19 18:09:43 +03:00 · 2019-04-19 18:09:43 +03:00 · 858ace95f3
commit 858ace95f3
parent d93d59cb57
3 changed files with 108 additions and 79 deletions
--- a/pillar-example.sls
+++ b/pillar-example.sls
@ -16,6 +16,16 @@ tor:

  fingerprint: 'Unnamed 88888888888888888888888888888888888888888888'
  
+  # base64
+  ed25519_signing_cert: |
+    wewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe2
+    wewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe
+  
+  # base64
+  ed25519_signing_secret_key: |
+    ysKFJqwewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe
+    wewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe
+
  # base64
  ed25519_master_id_public_key: |
    sOKsdsdsdsdsdsdsdsdsdsdsU5x9SDWcVn
--- a/tor/config.sls
+++ b/tor/config.sls
@ -34,24 +34,109 @@ deploy_tor_torsocks:
    - watch_in:
      - service: install_tor

-{% set fingerprint_path = map.torrc.DataDirectory + '/fingerprint' %}

-{% if not salt['file.contains'](fingerprint_path, salt['pillar.get']('tor:fingerprint', False) ) %}
+{% if salt['pillar.get']('tor:ed25519_signing_cert', False) %}

-{% if salt['pillar.get']('tor:fingerprint', False) %}
-deploy_tor_fingerprint:
+deploy_tor_signing_cert:
+  file.decode:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_cert
+    - contents_pillar: tor:ed25519_signing_cert
+    - encoding_type: base64
+    - watch_in:
+      - service: install_tor
+
+set_owner_tor_signing_cert:
  file.managed:
-    - name: {{ map.torrc.DataDirectory }}/fingerprint
-    - contents_pillar: tor:fingerprint
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_cert
    - user: debian-tor
    - group: debian-tor
    - mode: 600
    - reguire:
      - file: deploy_tor_torrc
+      - file: deploy_tor_signing_cert
    - watch_in:
      - service: install_tor
+
 {% endif %}

+
+{% if salt['pillar.get']('tor:ed25519_signing_secret_key', False) %}
+
+deploy_tor_signing_secret_key:
+  file.decode:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_secret_key
+    - contents_pillar: tor:ed25519_signing_secret_key
+    - encoding_type: base64
+    - watch_in:
+      - service: install_tor
+
+set_owner_tor_signing_secret_key:
+  file.managed:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_secret_key
+    - user: debian-tor
+    - group: debian-tor
+    - mode: 600
+    - reguire:
+      - file: deploy_tor_torrc
+      - file: deploy_tor_signing_secret_key
+    - watch_in:
+      - service: install_tor
+
+{% endif %}
+
+
+{% if salt['pillar.get']('tor:ed25519_master_id_secret_key', False) %}
+
+deploy_tor_master_id_secret_key:
+  file.decode:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key
+    - contents_pillar: tor:ed25519_master_id_secret_key
+    - encoding_type: base64
+    - watch_in:
+      - service: install_tor
+
+set_owner_tor_master_id_secret_key:
+  file.managed:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key
+    - user: debian-tor
+    - group: debian-tor
+    - mode: 600
+    - reguire:
+      - file: deploy_tor_torrc
+      - file: deploy_tor_master_id_secret_key
+    - watch_in:
+      - service: install_tor
+
+{% endif %}
+
+
+
+{% if salt['pillar.get']('tor:ed25519_master_id_public_key', False) %}
+
+deploy_tor_master_id_public_key:
+  file.decode:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key
+    - contents_pillar: tor:ed25519_master_id_public_key
+    - encoding_type: base64
+    - watch_in:
+      - service: install_tor
+
+set_owner_tor_master_id_public_key:
+  file.managed:
+    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key
+    - user: debian-tor
+    - group: debian-tor
+    - mode: 600
+    - reguire:
+      - file: deploy_tor_torrc
+      - file: deploy_tor_master_id_public_key
+    - watch_in:
+      - service: install_tor
+
+{% endif %}
+
+
+
 {% if salt['pillar.get']('tor:secret_id_key', False) %}
 deploy_tor_secret_id_key:
  file.managed:
@ -66,31 +151,13 @@ deploy_tor_secret_id_key:
      - service: install_tor
 {% endif %}

-{% if salt['pillar.get']('tor:ed25519_master_id_public_key', False) %}

-send_tor_master_id_public_key:
+
+{% if salt['pillar.get']('tor:fingerprint', False) %}
+deploy_tor_fingerprint:
  file.managed:
-    - name: /tmp/ed25519_master_id_public_key.base64
-    - contents_pillar: tor:ed25519_master_id_public_key
-    - user: root
-    - group: root
-    - mode: 600
-    - reguire:
-      - file: deploy_tor_torrc
-    - require_in:
-      - cmd: decode_tor_master_id_public_key
-
-decode_tor_master_id_public_key:
-  cmd.run:
-    - name: "base64 -d /tmp/ed25519_master_id_public_key.base64 > {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key"
-    - reguire:
-      - file: send_tor_master_id_public_key
-    - require_in:
-      - file: set_ownner_tor_master_id_public_key
-
-set_ownner_tor_master_id_public_key:
-  file.managed:
-    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key
+    - name: {{ map.torrc.DataDirectory }}/fingerprint
+    - contents_pillar: tor:fingerprint
    - user: debian-tor
    - group: debian-tor
    - mode: 600
@ -98,54 +165,6 @@ set_ownner_tor_master_id_public_key:
      - file: deploy_tor_torrc
    - watch_in:
      - service: install_tor
-    - reguire_in:
-      - file: clean_temp_tor_master_id_public_key
-
-clean_temp_tor_master_id_public_key:
-  file.absent:
-    - name: /tmp/ed25519_master_id_public_key.base64
-
 {% endif %}

-{% if salt['pillar.get']('tor:ed25519_master_id_secret_key', False) %}

-send_tor_master_id_secret_key:
-  file.managed:
-    - name: /tmp/ed25519_master_id_secret_key.base64
-    - contents_pillar: tor:ed25519_master_id_secret_key
-    - user: root
-    - group: root
-    - mode: 600
-    - reguire:
-      - file: deploy_tor_torrc
-    - require_in:
-      - cmd: decode_tor_master_id_secret_key
-
-decode_tor_master_id_secret_key:
-  cmd.run:
-    - name: "base64 -d /tmp/ed25519_master_id_secret_key.base64 > {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key"
-    - reguire:
-      - file: send_tor_master_id_secret_key
-    - require_in:
-      - file: set_ownner_tor_master_id_secret_key
-
-set_ownner_tor_master_id_secret_key:
-  file.managed:
-    - name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key
-    - user: debian-tor
-    - group: debian-tor
-    - mode: 600
-    - reguire:
-      - file: deploy_tor_torrc
-    - watch_in:
-      - service: install_tor
-    - reguire_in:
-      - file: clean_temp_tor_master_id_secret_key
-
-clean_temp_tor_master_id_secret_key:
-  file.absent:
-    - name: /tmp/ed25519_master_id_secret_key.base64
-
-{% endif %}
-
-{% endif %}
--- a/tor/repo.sls
+++ b/tor/repo.sls
@ -4,7 +4,7 @@
 {% if osfamily == 'Debian' %}
 {% set codename = salt['grains.get']('lsb_distrib_codename') %}

-add_apt_https_support:
+add_apt_https_support_for_tor:
  pkg.installed:
    - name: {{ map.https_support_pkg }}
    - require_in:
@ -16,7 +16,7 @@ install_tor_repo:
    - file: /etc/apt/sources.list.d/tor.list
    - key_url: {{ map.repo_key_url }}
    - require:
-      - pkg: add_apt_https_support
+      - pkg: add_apt_https_support_for_tor


 {% endif %}