124 lines
3.5 KiB
Puppet
124 lines
3.5 KiB
Puppet
define tinc::vpn_net(
|
|
$ensure = present,
|
|
$connect_to_hosts = [],
|
|
$connect_on_boot = true,
|
|
$hosts_source = 'absent',
|
|
$hosts_source_is_prefix = false,
|
|
$key_source_prefix = 'absent',
|
|
$tinc_interface = 'absent',
|
|
$tinc_internal_interface = 'absent',
|
|
$tinc_internal_ip = 'absent',
|
|
$tinc_bridge_interface = 'absent'
|
|
){
|
|
include ::tinc
|
|
|
|
# needed in template tinc.conf.erb
|
|
$fqdn_tinc = regsubst("${fqdn}",'[._-]+','','G')
|
|
$connect_to_hosts_tinc = regsubst("${connect_to_hosts}",'[._-]+','','G')
|
|
|
|
file{"/etc/tinc/${name}":
|
|
require => Package['tinc'],
|
|
notify => Service['tinc'],
|
|
owner => root, group => 0, mode => 0600;
|
|
}
|
|
|
|
line{"tinc_boot_net_${name}":
|
|
ensure => $ensure ? {
|
|
'present' => $connect_on_boot ? {
|
|
true => 'present',
|
|
default => 'absent'
|
|
},
|
|
default => 'absent'
|
|
},
|
|
line => $name,
|
|
file => '/etc/tinc/nets.boot',
|
|
require => File['/etc/tinc/nets.boot'],
|
|
notify => Service['tinc'],
|
|
}
|
|
|
|
if $ensure == 'present' {
|
|
File["/etc/tinc/${name}"]{
|
|
ensure => directory,
|
|
}
|
|
file{"/etc/tinc/${name}/hosts":
|
|
source => 'puppet:///modules/common/empty',
|
|
ensure => directory,
|
|
recurse => true,
|
|
purge => true,
|
|
force => true,
|
|
require => Package['tinc'],
|
|
notify => Service['tinc'],
|
|
owner => root, group => 0, mode => 0600;
|
|
}
|
|
|
|
file { "/etc/tinc/${name}/tinc.conf":
|
|
content => template('tinc/tinc.conf.erb'),
|
|
notify => Service[tinc],
|
|
owner => root, group => 0, mode => 0600;
|
|
}
|
|
|
|
file{"/etc/tinc/${name}/rsa_key.priv":
|
|
source => $key_source_prefix ? {
|
|
'absent' => "puppet:///modules/site-tinc/keys/${name}/${fqdn}/rsa_key.priv",
|
|
default => "${key_source_prefix}/${name}/${fqdn}/rsa_key.priv",
|
|
},
|
|
notify => Service[tinc],
|
|
owner => root, group => 0, mode => 0600;
|
|
}
|
|
file{"/etc/tinc/${name}/rsa_key.pub":
|
|
source => $key_source_prefix ? {
|
|
'absent' => "puppet:///modules/site-tinc/keys/${name}/${fqdn}/rsa_key.pub",
|
|
default => "${key_source_prefix}/${name}/${fqdn}/rsa_key.pub",
|
|
},
|
|
notify => Service[tinc],
|
|
owner => root, group => 0, mode => 0600;
|
|
}
|
|
|
|
|
|
# always include myself in the hosts dir
|
|
tinc::vpn_net::host{$fqdn:
|
|
source => $hosts_source,
|
|
source_is_prefix => $hosts_source_is_prefix,
|
|
vpn_net => $name
|
|
}
|
|
# include all the hosts we should connect to
|
|
tinc::vpn_net::host{$connect_to_hosts:
|
|
source => $hosts_source,
|
|
source_is_prefix => $hosts_source_is_prefix,
|
|
vpn_net => $name
|
|
}
|
|
|
|
$real_tinc_bridge_interface = $tinc_bridge_interface ? {
|
|
'absent' => "br${name}",
|
|
default => $tinc_bridge_interface
|
|
}
|
|
$real_tinc_internal_interface = $tinc_internal_interface ? {
|
|
'absent' => 'eth1',
|
|
default => $tinc_internal_interface
|
|
}
|
|
$real_tinc_internal_ip = $tinc_internal_ip ? {
|
|
# 'absent' => $ip, ????
|
|
default => $tinc_internal_ip
|
|
}
|
|
file { "/etc/tinc/${name}/tinc-up":
|
|
content => template('tinc/tinc-up.erb'),
|
|
require => Package['bridge-utils'],
|
|
notify => Service['tinc'],
|
|
owner => root, group => 0, mode => 0700;
|
|
}
|
|
file { "/etc/tinc/${name}/tinc-down":
|
|
content => template('tinc/tinc-down.erb'),
|
|
require => Package['bridge-utils'],
|
|
notify => Service['tinc'],
|
|
owner => root, group => 0, mode => 0700;
|
|
}
|
|
|
|
} else {
|
|
File["/etc/tinc/${name}"]{
|
|
ensure => absent,
|
|
recurse => true,
|
|
purge => true,
|
|
force => true
|
|
}
|
|
}
|
|
}
|