2 files changed, 41 insertions, 7 deletions

diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index 7cf6c2b0..471d6195 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -29,6 +29,10 @@ backportSuite :: DebianSuite -> Maybe String
 backportSuite (Stable s) = Just (s ++ "-backports")
 backportSuite _ = Nothing
 
+stableUpdatesSuite :: DebianSuite -> Maybe String
+stableUpdatesSuite (Stable s) = Just (s ++ "-updates")
+stableUpdatesSuite _ = Nothing
+
 debLine :: String -> Url -> [Section] -> Line
 debLine suite mirror sections = unwords $
 	["deb", mirror, suite] ++ sections
@@ -74,9 +78,9 @@ securityUpdates suite
 -- Since the CDN is sometimes unreliable, also adds backup lines using
 -- kernel.org.
 stdSourcesList :: Property
-stdSourcesList = withOS ("standard sources.list") $ \o -> 
+stdSourcesList = withOS ("standard sources.list") $ \o ->
 	case o of
-		(Just (System (Debian suite) _)) -> 
+		(Just (System (Debian suite) _)) ->
 			ensureProperty $ stdSourcesListFor suite
 		_ -> error "os is not declared to be Debian"
 
@@ -135,7 +139,7 @@ installedBackport ps = trivial $ withOS desc $ \o -> case o of
 	Nothing -> error "cannot install backports; os not declared"
 	(Just (System (Debian suite) _)) -> case backportSuite suite of
 		Nothing -> notsupported o
-		Just bs -> ensureProperty $ runApt $ 
+		Just bs -> ensureProperty $ runApt $
 			["install", "-t", bs, "-y"] ++ ps
 	_ -> notsupported o
   where
@@ -218,7 +222,7 @@ unattendedUpgrades = RevertableProperty enable disable
 		v
 			| enabled = "true"
 			| otherwise = "false"
-	
+
 	configure = withOS "unattended upgrades configured" $ \o ->
 		case o of
 			-- the package defaults to only upgrading stable
@@ -272,4 +276,4 @@ trustsKey k = RevertableProperty trust untrust
 -- space.
 cacheCleaned :: Property
 cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"]
-	`describe` "apt cache cleaned" 
+	`describe` "apt cache cleaned"
diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs
index 2384a7d2..c23f060a 100644
--- a/src/Propellor/Property/Tor.hs
+++ b/src/Propellor/Property/Tor.hs
@@ -4,6 +4,11 @@ import Propellor
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Service as Service
+import Utility.FileMode
+
+import System.Posix.Files
+
+type HiddenServiceName = String
 
 isBridge :: Property
 isBridge = setup `requires` Apt.installed ["tor"]
@@ -16,7 +21,7 @@ isBridge = setup `requires` Apt.installed ["tor"]
 		, "Exitpolicy reject *:*"
 		] `onChange` restarted
 
-hiddenServiceAvailable :: HostName -> Int -> Property
+hiddenServiceAvailable :: HiddenServiceName -> Int -> Property
 hiddenServiceAvailable hn port = hiddenServiceHostName prop
   where
 	prop = mainConfig `File.containsLines`
@@ -31,7 +36,7 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop
 		warningMessage $ unlines ["hidden service hostname:", h]
 		return r
 
-hiddenService :: HostName -> Int -> Property
+hiddenService :: HiddenServiceName -> Int -> Property
 hiddenService hn port = mainConfig `File.containsLines`
 	[ unlines ["HiddenServiceDir", varLib </> hn]
 	, unlines ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
@@ -39,6 +44,28 @@ hiddenService hn port = mainConfig `File.containsLines`
 	`describe` unlines ["hidden service available:", hn, show port]
 	`onChange` restarted
 
+hiddenServiceData :: HiddenServiceName -> Context -> Property
+hiddenServiceData hn context = combineProperties desc
+	[ installonion "hostname"
+	, installonion "private_key"
+	]
+  where
+	desc = unlines ["hidden service data available in", varLib </> hn]
+	installonion f = withPrivData (PrivFile $ varLib </> hn </> f) context $ \getcontent ->
+		property desc $ getcontent $ install $ varLib </> hn </> f
+	install f content = ifM (liftIO $ doesFileExist f)
+		( noChange
+		, ensureProperties
+			[ property desc $ makeChange $ do
+				createDirectoryIfMissing True (takeDirectory f)
+				writeFileProtected f content
+			, File.mode (takeDirectory f) $ combineModes
+				[ownerReadMode, ownerWriteMode, ownerExecuteMode]
+			, File.ownerGroup (takeDirectory f) user user
+			, File.ownerGroup f user user
+			]
+		)
+
 restarted :: Property
 restarted = Service.restarted "tor"
 
@@ -50,3 +77,6 @@ varLib = "/var/lib/tor"
 
 varRun :: FilePath
 varRun = "/var/run/tor"
+
+user :: UserName
+user = "debian-tor"