opuppet/module-tinc
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-tinc/manifests/instance.pp

169 lines
4.4 KiB
Puppet
Raw Permalink Blame History

# create a tinc vpn net
define tinc::instance(
$ensure = 'present',
$connect_on_boot = true,
$tinc_interface = 'eth0',
$tinc_address = undef,
$tinc_address_to_export = undef,
$port = '655',
$port_to_export = '655',
$compression = '10',
$mode = 'switch',
$options = {},
$tinc_up_content = undef,
$tinc_down_content = undef,
){
include ::tinc
# needed in template tinc.conf.erb
$fqdn_tinc = regsubst($::fqdn,'[._-]+','','G')
$tinc_config = "/etc/tinc/${name}/tinc.conf"
# register net for bootup?
$boot_ensure = $ensure ? {
'present' => $connect_on_boot ? {
true => 'present',
default => 'absent'
},
default => 'absent'
}
# which service do we have to manage?
if $tinc::uses_systemd {
$service_name = "tincd@${name}"
service{$service_name: }
if $ensure == 'present' {
# if we don't want to start
# on boot, we don't need to
# manage that part of the service
if $boot_ensure == 'present' {
Service[$service_name]{
ensure => running,
enable => true,
}
}
} else {
Service[$service_name]{
ensure => stopped,
enable => false,
before => File["/etc/tinc/${name}"],
}
}
} else {
$service_name = 'tinc'
# only relevant for non-systemd systems
concat::fragment{"tinc_net_${name}":
ensure => $boot_ensure,
content => "${name}\n",
target => '/etc/tinc/nets.boot',
notify => Service[$service_name],
}
}
file{"/etc/tinc/${name}":
require => Package['tinc'],
owner => root,
group => 0,
mode => '0600';
}
if $ensure == 'present' {
File["/etc/tinc/${name}"]{
ensure => directory,
notify => Service[$service_name],
}
concat{$tinc_config:
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
}
file{"/etc/tinc/${name}/hosts":
ensure => directory,
recurse => true,
purge => true,
force => true,
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
}
if $tinc_address {
$host_address = $tinc_address
} else {
$int_name_escaped = regsubst($tinc_interface,'\.','_','G')
$host_address = getvar("::ipaddress_${int_name_escaped}")
}
if $tinc_address_to_export {
$export_addr = $tinc_address_to_export
} else {
$export_addr = $host_address
}
# get the keys
# [ priv, pub ]
$tinc_keys = tinc_keygen($name,"${tinc::key_source_path}/${name}/${::fqdn}")
file{
"/etc/tinc/${name}/rsa_key.priv":
content => $tinc_keys[0],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
"/etc/tinc/${name}/rsa_key.pub":
content => $tinc_keys[1],
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0600';
}
# export this host and collect all the other hosts
@@tinc::host{"${fqdn_tinc}@${name}":
port => $port_to_export,
compression => $compression,
address => $export_addr,
public_key => $tinc_keys[1],
tag => "tinc::host_for_${name}",
}
Tinc::Host<<| tag == "tinc::host_for_${name}" |>>
concat::fragment{"tinc_conf_header_${name}":
target => $tinc_config,
content => template('tinc/tinc.conf-header.erb'),
order => '100',
}
@@tinc::connect_to{"${name}_connect_to_${fqdn_tinc}":
to => $fqdn_tinc,
to_fqdn => $::fqdn,
target => $tinc_config,
tag => "tinc_${name}_auto",
}
Tinc::Connect_to<<| tag == "tinc_${name}_auto" |>>
file { "/etc/tinc/${name}/tinc-up":
content => $tinc_up_content,
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0700';
}
file { "/etc/tinc/${name}/tinc-down":
content => $tinc_down_content,
notify => Service[$service_name],
owner => root,
group => 0,
mode => '0700';
}
} else {
File["/etc/tinc/${name}"]{
ensure => absent,
recurse => true,
purge => true,
force => true
}
}
}
Reference in a new issue View git blame Copy permalink