torrc: don't add DirPort when set to 0

fixes a bug that affects exit relays
using tor_dedicatedExitIP and DirPort 0.

fixes #236

also add a kitchen test case for it.
known issue: new kitchen test fails on Ubuntu/FreeBSD due to
undefined ansible_system #237

.kitchen.yml

@@ -99,6 +99,17 @@ suites:
       - ["private_network", {ip: "198.51.100.14"}]
     provisioner:
       playbook: "test/integration/default/6publicIPs-dedicatedExitIP-2instPerIP-exit-node.yml"
+  - name: t-exit-dirport0-6publicIPs-dedicatedExitIP-2instPerIP
+    driver:
+      network:
+      - ["private_network", {ip: "192.0.2.10"}]
+      - ["private_network", {ip: "198.51.100.10"}]
+      - ["private_network", {ip: "198.51.100.11"}]
+      - ["private_network", {ip: "198.51.100.12"}]
+      - ["private_network", {ip: "198.51.100.13"}]
+      - ["private_network", {ip: "198.51.100.14"}]
+    provisioner:
+      playbook: "test/integration/default/dirport0-6publicIPs-dedicatedExitIP-2instPerIP-exit-node.yml"
   - name: t-exit-6publicIPs-dedicatedExitIP-singleInstPerIP
     driver:
       network:

templates/torrc

@@ -58,9 +58,11 @@ ExitRelay 1
 {% if item.0.ipv6 != "" and item.0.ipv6 != "False" and tor_IPv6 == True and tor_IPv6Exit == True %}
 IPv6Exit 1
 {% if tor_dedicatedExitIP != True %}
+{% if item.1.dirport != 0 %}
 DirPort [{{ item.0.ipv6 }}]:{{ item.1.dirport }} NoAdvertise
 {% endif %}
 {% endif %}
+{% endif %}
 {% if tor_ExitNoticePage == True and tor_config.DirPortFrontPage is not defined %}
 DirPortFrontPage {{ tor_ConfDir }}/tor-exit-notice.html
 {% endif %}
@@ -69,22 +71,30 @@ DirPortFrontPage {{ tor_ConfDir }}/tor-exit-notice.html
 {% if tor_available_public_ipv4s|length >= tor_maxPublicIPs*2 %}
 {% if tor_ports|length == 2 %}
 OutboundBindAddressExit {{ tor_available_public_ipv4s[(loop_idx/2)|round(0,'floor')|int + tor_maxPublicIPs]}}
+{% if item.1.dirport != 0 %}
 DirPort {{ tor_available_public_ipv4s[(loop_idx/2)|round(0,'floor')|int + tor_maxPublicIPs]}}:{{ item.1.dirport }} NoAdvertise
+{% endif %}
 {% elif tor_ports|length == 1 %}
 OutboundBindAddressExit {{ tor_available_public_ipv4s[loop_idx + tor_maxPublicIPs]}}
+{% if item.1.dirport != 0 %}
 DirPort {{ tor_available_public_ipv4s[loop_idx + tor_maxPublicIPs]}}:{{ item.1.dirport }} NoAdvertise
 {% endif %}
 {% endif %}
+{% endif %}
 {% if tor_available_public_ipv6s|length >= tor_maxPublicIPs*2 and tor_IPv6 == True and tor_IPv6Exit == True %}
 {% if tor_ports|length == 2 %}
 OutboundBindAddressExit [{{ tor_available_public_ipv6s[(loop_idx/2)|round(0,'floor')|int + tor_maxPublicIPs]}}]
+{% if item.1.dirport != 0 %}
 DirPort [{{ tor_available_public_ipv6s[(loop_idx/2)|round(0,'floor')|int + tor_maxPublicIPs]}}]:{{ item.1.dirport }} NoAdvertise
+{% endif %}
 {% elif tor_ports|length == 1 %}
 OutboundBindAddressExit [{{ tor_available_public_ipv6s[loop_idx + tor_maxPublicIPs]}}]
+{% if item.1.dirport != 0 %}
 DirPort [{{ tor_available_public_ipv6s[loop_idx + tor_maxPublicIPs]}}]:{{ item.1.dirport }} NoAdvertise
 {% endif %}
 {% endif %}
 {% endif %}
+{% endif %}
 
 {% if tor_ExitPolicy_file is defined and (lookup('csvfile', inventory_hostname~'-'~item.0.ipv4~'_'~item.1.orport~' file='~tor_ExitPolicy_file~' delimiter=;') != [])  %}
 ExitPolicy {{ lookup('csvfile', inventory_hostname~'-'~item.0.ipv4~'_'~item.1.orport~' file='~tor_ExitPolicy_file~' delimiter=;') }}

test/integration/default/dirport0-6publicIPs-dedicatedExitIP-2instPerIP-exit-node.yml

@@ -0,0 +1,19 @@
+---
+- hosts: all
+  vars:
+    tor_maxPublicIPs: 3
+    tor_dedicatedExitIP: True
+    tor_ExitRelay: True
+    tor_apt_update_cache: no
+    tor_ContactInfo: "ansible-relayor test-kitchen (you should never see this on a public relay) https://github.com/nusenu/ansible-relayor"
+    tor_ExitRelay: True
+    tor_ports:
+      - orport: 9000
+        dirport: 0
+      - orport: 9100
+        dirport: 0
+    tor_config:
+      DisableNetwork: 1
+      PublishServerDescriptor: 0
+  roles:
+    - "{{ playbook_dir | regex_replace('test/integration/default$') }}"