Commits

Etienne Perot committed 57256d3

Add pacman and Tor configurations

  • Participants
  • Parent commits 2b4c413

Comments (0)

Files changed (14)

 * Limit systemd journal to a more reasonable size (50MB)
 * Enable readahead replay and data collection
 * Add my favorite fonts
+* Set up `pacman`
 * Install basic console packages (`screen`, `most`, `htop`, etc)
 * Configure SSH and populate its aliases
 * Set up Monkeysphere (keys and SSH config), with automatic identity loading
     * Set up symlinks to encfs synchronized drive to synchronize things that
       Firefox Sync cannot synchronize by itself
     * Set up fancy newtab/home pages
-* Install Tor browser bundle
+* Install Tor and the Tor browser bundle
+* Configure some applications to use Tor for networking
 
 Usage
 -----

File modules/base/files/networking/tor/torrc

+# ----- Main options -----
+DataDirectory /var/lib/tor
+RunAsDaemon 1
+AvoidDiskWrites 1
+User tor
+
+# ----- DNS/Transparent proxy options -----
+AutomapHostsOnResolve 1
+AutomapHostsSuffixes .onion
+VirtualAddrNetwork 127.42.0.0/16
+AllowDotExit 0
+
+# ----- Ports -----
+
+# - DNSPort: 5353
+DNSPort 127.0.0.1:5353
+
+# - SOCKS ports with varying levels of isolation
+# ---- Low isolation: 9050 - 9054
+# -------- Low isolation port 1: 9050
+SocksPort 127.0.0.1:9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
+# -------- Low isolation port 2: 9051
+SocksPort 127.0.0.1:9051 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
+# -------- Low isolation port 3: 9052
+SocksPort 127.0.0.1:9052 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
+# -------- Low isolation port 4: 9053
+SocksPort 127.0.0.1:9053 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
+# -------- Low isolation port 5: 9054
+SocksPort 127.0.0.1:9054 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
+
+# ---- Port-based isolation: 9055 - 9056
+# -------- Port-based isolation port 1: 9055
+SocksPort 127.0.0.1:9055 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort
+# -------- Port-based isolation port 2: 9056
+SocksPort 127.0.0.1:9056 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort
+
+# ---- Complete isolation: 9057
+SocksPort 127.0.0.1:9057 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestAddr IsolateDestPort
+
+# - TransPort: 9058
+TransPort 127.0.0.1:9058

File modules/base/files/networking/tor/torsocks.d/9050.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9050

File modules/base/files/networking/tor/torsocks.d/9051.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9051

File modules/base/files/networking/tor/torsocks.d/9052.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9052

File modules/base/files/networking/tor/torsocks.d/9053.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9053

File modules/base/files/networking/tor/torsocks.d/9054.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9054

File modules/base/files/networking/tor/torsocks.d/9055.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9055

File modules/base/files/networking/tor/torsocks.d/9056.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9056

File modules/base/files/networking/tor/torsocks.d/9057.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9057

File modules/base/files/packaging/pacman.d/pupfiles-options.conf

+CheckSpace
+ILoveCandy
+VerbosePkgLists
+UseDelta

File modules/base/manifests/networking.pp

 class base::networking {
+	include base::networking::tor
 	package {'dnsutils':} # dig
 	package {'net-tools':} # netstat
 	package {'openbsd-netcat':} # netcat

File modules/base/manifests/networking/tor.pp

+class base::networking::tor {
+	package {'tor':}
+	file {'/etc/tor/torrc':
+		source => 'puppet:///modules/base/networking/tor/torrc',
+		require => Package['tor']
+	}
+	systemd_service {'tor':
+		require => Package['tor']
+	}
+	package {'torsocks':}
+	file {'/etc/torsocks.d':
+		ensure => directory,
+		owner => 'root',
+		group => 'root',
+		mode => 0644,
+		source => 'puppet:///modules/base/networking/tor/torsocks.d',
+		recurse => true,
+		require => Package['torsocks']
+	}
+}

File modules/base/manifests/packaging.pp

 	include base::packaging::pkgfile
 	include base::packaging::multilib
 	include base::packaging::armh
+	file {'/etc/pacman.d/pupfiles-options.conf':
+		source => 'puppet:///modules/base/packaging/pacman.d/pupfiles-options.conf',
+		require => Package['pacman']
+	}
+	ini_setting {'/etc/pacman.conf/options/include/pupfiles-options':
+		path => '/etc/pacman.conf',
+		section => 'options',
+		setting => 'Include',
+		value => '/etc/pacman.d/pupfiles-options.conf',
+		require => File['/etc/pacman.d/pupfiles-options.conf']
+	}
+	bin_wrapper::torify {'pacman':
+		torsocks_profile => '/etc/torsocks.d/9051.conf'
+	}
+	bin_wrapper::torify {'pacman-key':
+		torsocks_profile => '/etc/torsocks.d/9051.conf'
+	}
+	bin_wrapper::torify {'yaourt':
+		torsocks_profile => '/etc/torsocks.d/9051.conf'
+	}
 }