saltstack-formulas/tor-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ed25519_signing_cert and ed25519_signing_secret_key support

Browse Source
This commit is contained in:
McPcholkin 2019-04-19 18:09:43 +03:00
parent d93d59cb57
commit 858ace95f3
3 changed files with 108 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pillar-example.sls
View File

@ -16,6 +16,16 @@ tor:
fingerprint: 'Unnamed 88888888888888888888888888888888888888888888' fingerprint: 'Unnamed 88888888888888888888888888888888888888888888'
# base64
ed25519_signing_cert: |
wewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe2
wewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe
# base64
ed25519_signing_secret_key: |
ysKFJqwewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe
wewerwerfwerfwefwefwefwefwefwefwefwefwefwefwwefwefwe
# base64 # base64
ed25519_master_id_public_key: | ed25519_master_id_public_key: |
sOKsdsdsdsdsdsdsdsdsdsdsU5x9SDWcVn sOKsdsdsdsdsdsdsdsdsdsdsU5x9SDWcVn

173
tor/config.sls
View File

@ -34,24 +34,109 @@ deploy_tor_torsocks:
- watch_in: - watch_in:
- service: install_tor - service: install_tor
{% set fingerprint_path = map.torrc.DataDirectory + '/fingerprint' %}
{% if not salt['file.contains'](fingerprint_path, salt['pillar.get']('tor:fingerprint', False) ) %} {% if salt['pillar.get']('tor:ed25519_signing_cert', False) %}
{% if salt['pillar.get']('tor:fingerprint', False) %} deploy_tor_signing_cert:
deploy_tor_fingerprint: file.decode:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_cert
- contents_pillar: tor:ed25519_signing_cert
- encoding_type: base64
- watch_in:
- service: install_tor
set_owner_tor_signing_cert:
file.managed: file.managed:
- name: {{ map.torrc.DataDirectory }}/fingerprint - name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_cert
- contents_pillar: tor:fingerprint
- user: debian-tor - user: debian-tor
- group: debian-tor - group: debian-tor
- mode: 600 - mode: 600
- reguire: - reguire:
- file: deploy_tor_torrc - file: deploy_tor_torrc
- file: deploy_tor_signing_cert
- watch_in: - watch_in:
- service: install_tor - service: install_tor
{% endif %} {% endif %}
{% if salt['pillar.get']('tor:ed25519_signing_secret_key', False) %}
deploy_tor_signing_secret_key:
file.decode:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_secret_key
- contents_pillar: tor:ed25519_signing_secret_key
- encoding_type: base64
- watch_in:
- service: install_tor
set_owner_tor_signing_secret_key:
file.managed:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_signing_secret_key
- user: debian-tor
- group: debian-tor
- mode: 600
- reguire:
- file: deploy_tor_torrc
- file: deploy_tor_signing_secret_key
- watch_in:
- service: install_tor
{% endif %}
{% if salt['pillar.get']('tor:ed25519_master_id_secret_key', False) %}
deploy_tor_master_id_secret_key:
file.decode:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key
- contents_pillar: tor:ed25519_master_id_secret_key
- encoding_type: base64
- watch_in:
- service: install_tor
set_owner_tor_master_id_secret_key:
file.managed:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key
- user: debian-tor
- group: debian-tor
- mode: 600
- reguire:
- file: deploy_tor_torrc
- file: deploy_tor_master_id_secret_key
- watch_in:
- service: install_tor
{% endif %}
{% if salt['pillar.get']('tor:ed25519_master_id_public_key', False) %}
deploy_tor_master_id_public_key:
file.decode:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key
- contents_pillar: tor:ed25519_master_id_public_key
- encoding_type: base64
- watch_in:
- service: install_tor
set_owner_tor_master_id_public_key:
file.managed:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key
- user: debian-tor
- group: debian-tor
- mode: 600
- reguire:
- file: deploy_tor_torrc
- file: deploy_tor_master_id_public_key
- watch_in:
- service: install_tor
{% endif %}
{% if salt['pillar.get']('tor:secret_id_key', False) %} {% if salt['pillar.get']('tor:secret_id_key', False) %}
deploy_tor_secret_id_key: deploy_tor_secret_id_key:
file.managed: file.managed:
@ -66,31 +151,13 @@ deploy_tor_secret_id_key:
- service: install_tor - service: install_tor
{% endif %} {% endif %}
{% if salt['pillar.get']('tor:ed25519_master_id_public_key', False) %}
send_tor_master_id_public_key:
{% if salt['pillar.get']('tor:fingerprint', False) %}
deploy_tor_fingerprint:
file.managed: file.managed:
- name: /tmp/ed25519_master_id_public_key.base64 - name: {{ map.torrc.DataDirectory }}/fingerprint
- contents_pillar: tor:ed25519_master_id_public_key - contents_pillar: tor:fingerprint
- user: root
- group: root
- mode: 600
- reguire:
- file: deploy_tor_torrc
- require_in:
- cmd: decode_tor_master_id_public_key
decode_tor_master_id_public_key:
cmd.run:
- name: "base64 -d /tmp/ed25519_master_id_public_key.base64 > {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key"
- reguire:
- file: send_tor_master_id_public_key
- require_in:
- file: set_ownner_tor_master_id_public_key
set_ownner_tor_master_id_public_key:
file.managed:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_public_key
- user: debian-tor - user: debian-tor
- group: debian-tor - group: debian-tor
- mode: 600 - mode: 600
@ -98,54 +165,6 @@ set_ownner_tor_master_id_public_key:
- file: deploy_tor_torrc - file: deploy_tor_torrc
- watch_in: - watch_in:
- service: install_tor - service: install_tor
- reguire_in:
- file: clean_temp_tor_master_id_public_key
clean_temp_tor_master_id_public_key:
file.absent:
- name: /tmp/ed25519_master_id_public_key.base64
{% endif %} {% endif %}
{% if salt['pillar.get']('tor:ed25519_master_id_secret_key', False) %}
send_tor_master_id_secret_key:
file.managed:
- name: /tmp/ed25519_master_id_secret_key.base64
- contents_pillar: tor:ed25519_master_id_secret_key
- user: root
- group: root
- mode: 600
- reguire:
- file: deploy_tor_torrc
- require_in:
- cmd: decode_tor_master_id_secret_key
decode_tor_master_id_secret_key:
cmd.run:
- name: "base64 -d /tmp/ed25519_master_id_secret_key.base64 > {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key"
- reguire:
- file: send_tor_master_id_secret_key
- require_in:
- file: set_ownner_tor_master_id_secret_key
set_ownner_tor_master_id_secret_key:
file.managed:
- name: {{ map.torrc.DataDirectory }}/keys/ed25519_master_id_secret_key
- user: debian-tor
- group: debian-tor
- mode: 600
- reguire:
- file: deploy_tor_torrc
- watch_in:
- service: install_tor
- reguire_in:
- file: clean_temp_tor_master_id_secret_key
clean_temp_tor_master_id_secret_key:
file.absent:
- name: /tmp/ed25519_master_id_secret_key.base64
{% endif %}
{% endif %}

4
tor/repo.sls
View File

@ -4,7 +4,7 @@
{% if osfamily == 'Debian' %} {% if osfamily == 'Debian' %}
{% set codename = salt['grains.get']('lsb_distrib_codename') %} {% set codename = salt['grains.get']('lsb_distrib_codename') %}
add_apt_https_support: add_apt_https_support_for_tor:
pkg.installed: pkg.installed:
- name: {{ map.https_support_pkg }} - name: {{ map.https_support_pkg }}
- require_in: - require_in:
@ -16,7 +16,7 @@ install_tor_repo:
- file: /etc/apt/sources.list.d/tor.list - file: /etc/apt/sources.list.d/tor.list
- key_url: {{ map.repo_key_url }} - key_url: {{ map.repo_key_url }}
- require: - require:
- pkg: add_apt_https_support - pkg: add_apt_https_support_for_tor
{% endif %} {% endif %}