123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 |
- # create a tinc vpn switch
- define tinc::switch(
- $ensure = 'present',
- $connect_on_boot = true,
- $tinc_interface = 'eth0',
- $tinc_address = undef,
- $port = '655',
- $tinc_address_to_export = undef,
- $port_to_export = '655',
- $tinc_internal_interface = 'eth1',
- $tinc_internal_ip = 'absent',
- $tinc_internal_netmask = 'absent',
- $tinc_bridge_interface = 'absent',
- $compression = '10',
- $options = {},
- $shorewall_zone = 'absent'
- ){
- tinc::instance{$name:
- ensure => $ensure,
- connect_on_boot => $connect_on_boot,
- tinc_interface => $tinc_interface,
- tinc_address => $tinc_address,
- tinc_address_to_export => $tinc_address_to_export,
- port => $port,
- port_to_export => $port_to_export,
- compression => $compression,
- mode => 'switch',
- options => $options,
- }
- if $ensure == 'present' {
- include ::tinc
- require bridge_utils
- $real_tinc_bridge_interface = $tinc_bridge_interface ? {
- 'absent' => "br${name}",
- default => $tinc_bridge_interface
- }
- if $tinc_internal_ip == 'absent' {
- $tinc_br_ifaddr = "::ipaddress_${real_tinc_bridge_interface}"
- $tinc_br_ip = inline_template('<%= scope.lookupvar(@tinc_br_ifaddr) %>')
- case $tinc_br_ip {
- '',undef: {
- $tinc_orig_ifaddr = "::ipaddress_${tinc_internal_interface}"
- $real_tinc_internal_ip = inline_template('<%= scope.lookupvar(@tinc_orig_ifaddr) %>')
- }
- default: { $real_tinc_internal_ip = $tinc_br_ip }
- }
- } else {
- $real_tinc_internal_ip = $tinc_internal_ip
- }
- if $tinc_internal_netmask == 'absent' {
- $tinc_br_netmask_fact = "::netmask_${real_tinc_bridge_interface}"
- $tinc_br_netmask = inline_template('<%= n=scope.lookupvar(@tinc_br_netmask_fact); n.nil? ? n : n.split(".").map { |e| e.to_i.to_s(2).rjust(8, "0") }.join.count("1").to_s %>')
- case $tinc_br_netmask {
- '',undef: {
- $tinc_orig_netmask = "::netmask_${tinc_internal_interface}"
- $real_tinc_internal_netmask = inline_template('<%= n=scope.lookupvar(@tinc_orig_netmask); n.nil? ? n : n.split(".").map { |e| e.to_i.to_s(2).rjust(8, "0") }.join.count("1").to_s %>')
- }
- default: { $real_tinc_internal_netmask = $tinc_br_netmask }
- }
- } else {
- $real_tinc_internal_netmask = $tinc_internal_netmask
- }
- Tinc::Instance[$name]{
- tinc_up_content => template('tinc/switch/tinc-up.erb'),
- tinc_down_content => template('tinc/switch/tinc-down.erb'),
- }
- if $tinc::use_shorewall {
- $zone = $shorewall_zone ? {
- 'absent' => 'loc',
- default => $shorewall_zone
- }
- shorewall::interface { $real_tinc_bridge_interface:
- zone => $zone,
- rfc1918 => true,
- options => 'routeback,logmartians';
- }
- }
- } else {
- File["/etc/tinc/${name}"]{
- ensure => absent,
- recurse => true,
- purge => true,
- force => true
- }
- }
- }
|