The default include sets up Tor as a basic non-exit relay listening on port 9001
include 'tor'You can specify the default ORPort
class {'tor':
orport => 443,
}You can specify your own contact details with 'nickname' and 'contact' parameters
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
}If you want it to advertise directory services, specify also the DirPort parameter (defaults to 0)
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
dirport => 'auto',
}You can also use the the official Tor APT repository so to have the most recent stable version, but you need puppetlabs/apt module for that to work.
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
enable_apt_repo => true,
}If you need to override any configuration value, you can always provide them as an array (custom_config parameter)
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
enable_apt_repo => true,
custom_config => [
'AccountingMax 1TB',
'MaxAdvertisedBandwidth 1MB',
'...',
],
}To remove it safely
class {'tor':
ensure => absent,
}If you want it to be an exit relay, you have a few default options.
You can use reduced exit policies as suggested here
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
exit_relay => 'reduced',
}You can provide your own custom list of exit policies
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
exit_relay => 'custom',
exit_custom_rules => [
'accept *:443',
'accept *:80',
'accept ...',
'reject *:*'
]
}Finally, you can remove any Exit Policy filter and make it a 'wide-open' relay
class {'tor':
nickname => 'whatever',
contact => '0xFFFFFF Whatever <whatever@example.com>',
exit_relay => 'wide-open',
}NOTE: any other value of exit_relay will set it as a non exit relay (i.e., ExitPolicy reject *:*)